Hacker News new | comments | show | ask | jobs | submit login
One Year of PostmarketOS: Mainline Calling (postmarketos.org)
123 points by ollieparanoid 71 days ago | hide | past | web | favorite | 29 comments

This is a totally amazing project and I totally applaud their effort. Linux got it's big boost on x86 back in the 90s/2000s because the PC is an actual architecture. You're guaranteed so many standards on a BIOS or UEFI based PC.

The Fail0ver guys have a great talk about porting Linux to a PS4 and how it's an example of an x86_64 that is totally NOT a PC in any meaningful way.

Android is designed for devices where you solder random pins to random chips and hack a bunch of shit and blobs together to get it to boot. You can't install a fresh Android like you can Windows, and I think it's really held back Android as a long term, stable operating system.

Microsoft at least mandated UEFI+ARM, but their boot loaders are still locked even though their mobile platform is dead (come on Microsoft, you just bought Github. Throw as a bone and unlock your bootloaders or publish a key for them!). No mobile device uses Device Trees.

It would be great if you could take most popular old android devices and just run Linux on them, use them as a small Raspberry Pi like device. I think that's what Postmarket is doing to start with, but it looks like they're even progressing to getting phones really usable as phones in the future .. which is pretty damn exciting.

The android phones based on the 3.4+ kernels generally do use device trees but those are incompatible with the mainline ones since they depend on the large amount of patches in those kernels for the platform support.

Also didn't the uefi keys for the microsoft phones get leaked?

I do prefer regular Linux userlands to Android. However, with Project Treble (essentially a HAL), it's possible to produce ROMs that can be used on many devices thus replicating the experience mainline Linux gives (where the image is decoupled from particular hardware).

There are already some proofs of concept:


We would not even need the mainline kernel to decouple images from particular hardware. In postmarketOS we only have a hand full of device specific packages (ideally only one per device), and one of them is the downstream kernel for non-mainlined devices. All other binary packages can be shared between all devices of the same CPU architecture (in Alpine terms usually "armhf" or "aarch64" for mobile phones and tablets). Just like Linux distributions do it.

The big benefit of the mainline kernel is, that it is the only way to get all the (security) fixes. Greg Kroah-Hartman (Linux kernel who maintains the stable releases) wrote in Februrary:

> As proof of this, I demoed at the Kernel Recipes talk referenced above how trivial it was to crash all of the latest flagship Android phones on the market with a tiny userspace program. The fix for this issue was released 6 months prior in the LTS kernel that the devices were based on, however none of the devices had upgraded or fixed their kernels for this problem. As of this writing (5 months later) only two devices have fixed their kernel and are now not vulnerable to that specific bug.

Source: http://kroah.com/log/blog/2018/02/05/linux-kernel-release-mo...

This is the type of shit that gets me livid. It's crazy, how did we get here??? I don't think it's through malicious intent, but rather from digging in the dark so to speak and forceful proding for first to market or more simply, incompetent competitive market dynamics. The engineering teams that needed to make these devices didn't have a clear understanding of the kernels model, how it's all connected, where the edges are, how to make low cost additions. They got shoved forward to the edge, with someone shouting "deliver in 2 months or it's all over." So instead of learning how to make quality additions to the kenral, instead of building a more complete understanding, how the code was all connected, they just hacked some shit together to ship on time.

For all the good benefits of a competitive market system, the externalities such as the fracturing software systems is fustrating.

> how did we get here?

Planned obsolescence.

For people curious about all the GitHub links: we are probably switching to gitlab soon. This has been in discussion since October and recent events with Microsoft tipped the scales for us. Besides the issue of trusting Microsoft or not, GitHub does not have a convenient way to backup the issues and pull request descriptions and all the comments.

There is github-backup but it doesn't do restores:


We looked into that as well, and besides missing restore functionality, the problem is that it needs to access GitHub's rate limited API to crawl through one issue after another. In gitlab there is one API call to prepare a full backup, and another one to download it. At least that's what the docs say, we have not tried it out yet.

https://docs.gitlab.com/ee/api/project_import_export.html https://docs.gitlab.com/ee/user/project/settings/import_expo...

I'm almost sure the Gitlab GitHub import feature does that.

Not paranoid at all.

Username checks out ;)

But seriously: I can only imagine how many hours each individual has put in writing all these messages on github. Some pull requests and issues read like full blog posts, and oftentimes we reference them in the source code. So it would really be a shame if they got lost.

People are giving so much of their data into third party hands these days without ever thinking about it. We want to be in control of our own data, and while hosting a gitlab instance by ourselves is not feasible for us at this point, having a good backup strategy would already be a big improvement in that direction.

Is GH GDPR compliant?

PostmarketOS is an amazing project that I wish I had the time to contribute to.

I'd love to resurrect my old Nexus 7 (2012) tablet with something more lightweight than the current monstrosity that Android has become. Right now the main thing holding me back from doing that is the lack of LVM support. Either Plasma Mobile or even SwayWM (when it gets gesture support) would be great for a lightweight open device for browsing the web and reading papers.

In case you should have time at some point, there is already a proof of concept with LVM made by drebrez. It is basically working after the installation, but all the use cases that are not straight forward (such as re-installing postmarketOS, what happens to the LVM partitions then?) need to be sorted out before this can be integrated into the master branch.


It'll be a few weeks before I officially have time as I'm currently interning doing maths/physics research. I choose my own hours but I'm rather terrible at time management, so it's best if I avoid side projects at the moment.

That being said, there's a fair chance that I'll give installing that proof of concept a shot next time I'm stuck on a problem/procrastinating.

They mention "sustainable" a lot. What is that supposed to mean in this context? If it's supposed to be a headline goal of the project, it would be good to offer a definition for it.

In this context, it usually means reducing waste and consumption by prolonging the useful life of hardware. By providing an updated user land (and, in some cases, a mainline kernel) after vendors lose interest, users aren't forced to choose between buying new hardware and software obsolescence and/or security issues.

In the software sense, sustainable software is software that can be maintained. That means in practice not to have thousands of forks of the same piece of software (like it is done with the Linux kernel in Android). Instead, sharing as much of the same codebase and binary packages as possible across all devices just like it's done in a typical Linux distribution.

I think its about extending the lifecycle of the hardware. By extending and expanding software support for smartphones, they can potentially have a much longer useful life.

DROID 4 making the list is impressive, and there's a decent chance I may want to try it out someday with postmarketOS on it. AFAIK, it was basically the last modern phone with a keyboard slider, and I have one lying around somewhere.

The droid 4 is a great device and has quite a lot of mainline work done, The only downside is the quite complicated way to get images on it since the bootloader is locked.

I'll have to take a look at what I could do with it if I went through that hassle. Having a physical keyboard makes it pretty generally useful with Linux software in general, I'd presume.

I wonder how feasible would be a mainline kernel for Openmoko Neo Freerunner...

There is some stuff for the S3C2442 SoC in the mainline kernel, I guess it's possible but there are people who way more about that in the postmarketOS Matrix/IRC channel.

postmarket is so cool. I need to try again to get it running on my nexus 7. Had a problem with pmbootstrap the first time I tried

Does the Nexus5 baseband have DMA?

Yeah, basically all phone modems communicate with the main processor through DMA (which the kernel translates in a network interface and a serial port for control). This is still a big security hole in these devices since the firmware on the baseband is closed.

Thanks. Closed and remotely flashable. I suppose at the board design level this could be worked around by presenting the modem with it's own DMA controller and memory mapping the interface appropriately?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact