How to repurpose your old phone into a web server

s/mainstream/mainline/

But yes, this is definitely an issue. I've been playing with a 2013-era Samsung device that came with a 3.0 kernel. It can run pmos with said kernel but there are multiple root LPE vulns. I've been looking into getting it to run a mainline kernel just for fun, but it's not going to be easy.

Is Arch ARM officially supported by the same team? If not, what might be the reason?

Most phones can have battery removed somewhat destructively, but without affecting the rest of the phone.

Generally, as long as you keep the phone plugged in, the battery should be safe virtually indefinitely - the battery management on board will keep it in a state where its a constant charge which means the chemistry will be stable.

You could try to fake a battery instead: https://yaky.dev/2022-09-06-smartphone-without-battery/

(This is for a removable battery, but should be close for built-in ones too, I suppose)

Place the "server" into a shoebox. Place another shoebox on top, filled with sand. Tape together and hide behind a furniture.

They don't boot without it, but you can make it think that there's a battery by connecting power directly to the battery pins [1].

[1] https://www.youtube.com/watch?v=7f8SliNGeDM&pp=ygUYZ3JlYXRzY...

Red Magic can be set to not use the battery when the power cable is plugged in. (it is to avoid heating issues and not degrade the battery)

In theory, you can replace the battery with a chunky enough capacitor (to get past the power-on surge) and a power source at the right voltage attached right where the battery would go. The soldering points are way too tiny for my amateur soldering skills, though.

> I grabbed a few power point timer switches, and set them to only over up the charger for a hour a day. Never had another battery puffing failure - at last not in the next 2 or 3 years before I left.

[0] https://news.ycombinator.com/item?id=45021233

Check out this method: https://www.youtube.com/watch?v=7f8SliNGeDM

hopefully "bypass charging" becomes more of a thing in the future. a few of the latest pixel phones use it but the only other time ive seen it is on tablets aimed at gaming

I don't think people generally turn off their phones so it would be interesting to learn exactly what the difference was.

Interesting, I wonder if using a regular sff pc fan might work if you don't need the touchscreen.

Just thermal paste to the battery hah

That makes sense. Most phone users aren't technical. Like -- at all.

If you can think about how deep into technicalities the most average person you know gets, then you can also understand that ~half of everyone is even less technical than that.

There's nothing wrong with this. That's just the way that it is. (We can accept this or be frustrated. Acceptance is more useful.)

As a workaround, I find that searching by part number provides a good filter.

Maybe I want a very particular Moto G Power to use for whatever. I don't search for any permutation of "Motorola G Power" at all, because that description doesn't help me.

Instead, I just find the part number (maybe something like "XT2041-7") and search for that instead.

This excludes a lot of listings straight away, and that's fine: I don't want to stumble through listings from people who don't know what they have. I only want to buy what I want to buy, and what I want is an XT2041-7.

Ebay bro, play 2020 was $25 last time i got one. dont mess with fb sellers

"unused android phone with unlocked bootloader that is supported by postmarkOS"

(or maybe be able to use recovery zip that requires effort after every reboot)

"Simple root"

You don't need root if you webserver is listening on a port over 1024.

Termux plus some webserver like nginx is all you need.

Now to make it reboot resistant is another story.

Hell, even simpler. Termux + Caddy + cloudflared with a domain you own. Serving in 15 min.

Can't you just run a Linux VM on Android these days?

Asking from ignorance here.

Assuming you are using an old phone with termux to serve de webpage. What could be an attack vector?

The phone will be running Android 7.1

ISPs don't care, actually. They care about operational problems, but you serving a constant stream of web traffic is probably not going to matter to them; web traffic for even a pretty successful blog is going to be a tiny volume compared to you streaming 4k movies from Netflix.

ISPs will have rules (maximum data volume per month) and restrictions (ISP equipment auto-drops all sending/receiving packets on port 25, 80, 443, or 456), but within those limits the ISPs do not care as long as you cause no problems for them.

Also, one of the easiest ways to expose e.g. port 80 of your in-house server is to just have your local server do an SSH port-forward to a remote server like a cheap VPS. Note that by default it'll bind to a localhost port on the remote, so on the remote you'd need to have an HTTP server reverse proxying to the remote localhost:8080, or you need to enable `GatewayPorts: yes` in sshd on the remote. Assuming you turn on GatewayPorts on remote.example.com, here's how you could expose port 80 of localhost:

    # Run this on in-your-house-computer to allow folks on public internet to visit
    # remote.example.com:80 but have the traffic served by in-your-house-computer:80
    ssh -R :80:localhost:80 username@remote.example.com

You can make the above connection permanent by setting up `autossh` on in-your-house-computer.

A CloudFlare tunnel?

https://developers.cloudflare.com/cloudflare-one/networks/co...

Although, you may also go with a 5$ virtual host (e.g. Linode Nanode 1 GB) and wireguard to build your own tunnel (or just the 5$ virtual host to run your server)

> don't ISPs detect these and ban

No. No ISP who desperately tries to grow marketshare at all costs and lock their customers into a year-long contract will intentionally ban users. I'm not even sure where this misconception comes from, it's not like ISPs led a massive PR campaign warning people of the dangers of running a server.

The only way you will get banned is if you cause disproportionate strain on their network, which means you'd need to exceed the usage of the typical gamer (downloading games worth hundreds of gigs regularly), streamer (streaming 4k video for hours at a time), cloud backup customer (uploading gigabytes regularly), Windows user (in its default configuration Windows can use P2P to share updates), torrenter (sustained full-duplex bandwidth usage), and unlucky idiot with a compromised device spewing DoS traffic at line-rate.

Saturate the pipe consistently for several days by hosting video? Yeah sure you could get a warning and eventually disconnected, assuming they don't already have traffic shaping solutions in place to just silently throttle you to an acceptable level and leave it up to you to move your homebrew YouTube clone elsewhere when you realize it's too slow.

Hosting a website which will have a few mbps worth of traffic with the occasional spike? That's a rounding error compared to your normal legitimate usage, so totally fine.

The reason most consumer ISPs have a clause against running servers (not even defining what counts as a server) is to preempt a potential business starting a data center off a collection of consumer connections and then bitching about it or demanding compensation when it goes down or they get cut off. Nobody cares about a technical user playing around and hosting a blog at home.

Many ISP don't care.

Some may block port 80 and 443 "For Security", but you can sometimes contact the support and they'll open it, even if you're not a business.

I have a webserver running at home and use the free dynamic dns from noip.com.

In my experience (in Germany and Switzerland) ISPs don’t care, but they will rotate everybody’s IP once or twice a year.

Friends from other countries, India for example, have had different experiences though, where IPs were on a much more frequent rotation and required scripted solutions.

It used to be easier to get a web server up and running in the past. I remember the 1990s fondly.

Not sure what changed, but things got more complex - and more expensive, too.

Other folks have given general answers, but I'm wondering, what ISP do you have, and where?

(I'm lucky to have Sonic, in the SF Bay Area. A local ISP that actively campaigned for net neutrality and has 1Gps symmetric as the standard basic fiber plan. Pretty sure they're not shutting down anybody's servers.)

> don't ISPs detect these and ban

No? I mean, I'm sure there are ISPs out there that do it, but that's a ridiculous thing to do.

A Wireguard tunnel via a free tier or dirt cheap VPS, or a VPN provider that lets you forward ports like Proton

Why would your ISP ban you?

Of course it runs NetBSD

[dead]

How do I use your box to host my web server?

maybe because phones have a battery (built in UPS) so they will keep running if the power goes out. its only useful if you have a router that can be powered by an external battery pack i supoose