Comment by xnx
1 month ago
I'm glad they'll be focusing on a single OS across more devices, but I'm very concerned there will be no workaround for installing "untrusted" apps. Without ultimate user control of the device, they'll just be ad/influence appliances.
Worse, surveillance appliances. Highly likely we'll see mandatory client-side scanning apps in EU soon, and possibly Digital ID stuff in the UK.
Great opportunity for mandatory remote attestation and mandatory software.
That's definitely where things are heading I think. All of Google's changes point to getting ready for this.
The big tech companies are boiling the frog, trying to get us used to Linux just being an "app" we run on our licensed, not managed by us devices.
Google will point to the linux terminal app on Android and go "see, it's OK that we're making these sideloading changes - you can just run Linux (in a VM, on a device you don't have root on). WSL also gets us used to the idea that Linux is just an app.
Get ready for people to not see between the lines, adopt it, and then the rug will get pulled. We'll see hardware OEMs that lock boot loaders, no more alternative OS for you, or if you do manage to install another OS, you won't get to access any internet services because you won't pass the device attestation checks.
Yes. There is a potential future a year or two from now where your system will be required to prove firmware-upward that it is unmodified, and that you're licensed (and perhaps over-18 too), to access a huge percentage of websites.
All it will take is Cloudflare et al. offering it as a free option for every CDN customer and who wouldn't turn it on? Especially if the alternative is having to handle ID verification yourself, right?
Brazil already has a law on the books requiring online services and "terminal operating systems" to do age verification in a government approved manner.
Qualcomm Arm PCs support hardware nested virtualization for pKVM L0 and KVM L1 hypervisor, similar to Pixel devices. This could enable Debian Linux in a VM, currently available on Pixel as "Linux Terminal" for developers, with all Debian Arm packages and root access in the VM.
"Terminal app can now run full graphical Linux apps in the latest Android Canary", https://news.ycombinator.com/item?id=43985513
> This could enable Debian Linux in a VM,
This is like making sex in public. It is doable, but dangerous.
News for hackers: Google Pixel Developer Terminal VM on Android and GrapheneOS provides 50K+ open-source software packages signed by the Debian package maintainers who are trusted as the upstream "root distro" for Ubuntu, Devuan and other Linux distributions. Use of individual Debian Linux software packages on Android phones does not depend on App Store identity registration, financial payment or Google Play Services telemetry.
Thanks to SoC CPU/memory virtualization at the VM boundary, there is stronger isolation between Debian software packages and the rest of the device, than between any two Android software packages distributed by App Store, which are executing within a single VM context. This protects the device from side effects of Debian Linux software in the Developer Terminal VM.
This is more safe and more secure than status quo.
> doable, but dangerous
Incorrect. It is more isolated, less dangerous, more secure, more flexible for developers and increases functionality to users.
So?
Technical capability often has little to do with how the product works.
I really miss the days where companies sold tools and consumers could use them in flexible and creative ways that would never have been considered by the manufacturer.
1 reply →
Example, the way NDK is supposed to be used on Android, as means to implement native methods for Java/Kotlin, or plain games, with a specific list of supported APIs and nothing else.
Anything outside of what is allowed, may work or crash and burn.
They decided it'd be more efficient to make one thing worse than two at the same time.