Free Software Hasn't Won
Posted3 months agoActive3 months ago
dorotac.euTechstoryHigh profile
heatedmixed
Debate
85/100
Free SoftwareOpen SourceSoftware Freedom
Key topics
Free Software
Open Source
Software Freedom
The article 'Free software hasn't won' sparks a debate on the definition of 'winning' for free software, with commenters discussing its current state, limitations, and the challenges it faces in achieving widespread adoption.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
9m
Peak period
80
0-6h
Avg / period
20
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Oct 12, 2025 at 5:51 PM EDT
3 months ago
Step 01 - 02First comment
Oct 12, 2025 at 6:00 PM EDT
9m after posting
Step 02 - 03Peak activity
80 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 15, 2025 at 4:53 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45562286Type: storyLast synced: 11/20/2025, 8:14:16 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Like you cant make a 100% open hardware mobile phone. Theres lots of near enough cases. But that Qualcomm chip is proprietary for the phone bit. So they exaggerate by going back to an old, open source rotary phone.
I remember him doing some interviews in the 90s, and he would put his coat over the camera, if it wasn't using FOSS. This sort of zealot mindset will always be on the fringes of society and eventually abandoned for something more liberal (which is what we've seen in the last decade or so).
I've also found this really weird. Like, we have Linux kernels on most cloud instances, and most data center servers, and most academic and research computing systems, and probably lately on most embedded microprocessors that are big enough to run it. (And various ecosystems for computing infrastructure and software development are mainly using free software userspace and tools.) Meanwhile, almost all user-facing software that almost all people interact with almost all of the time is proprietary. Why would someone say it's "won"? Thinking really small?
We have open standards and even open/free software for anything that companies aren't making money out of. FOSS by itself cannot make money. In places where software matters the most or, if the software hides the trade secrets the most or, if it is the main money maker, creating FOSS is economically infeasible.
For FOSS to win, we need to change the economic and legal system. Current capitalist system in many West-aligned countries is actively hostile against sharing in any kind, except the ones that profit the biggest players in their non-critical areas. In a market where the first one to market gets to buy all competitors, in a market the one that has the biggest secrecy wins and gets all the money from investors like Y-Combinator, there cannot be any truly FOSS software-only products. They need to do rug pulls to support the exponential growth. Startup culture is fundamentally anti-FOSS. It is pro-FOSS in only consuming. Even a startup releasing some middleware can be interpreted as mishandling investment.
We need to make sure our governments support FOSS infrastructure and FOSS user-facing software. They need to be equal employers and competitors to Big Tech or they need to directly support smaller competitors for decades. Otherwise, I am afraid, FOSS cannot win.
I tend to see this kind of absolutist, binary tone a lot from people deeply involved in FOSS... and sometimes I think maybe that mindset is necessary to push the movement forward, but it also feels detached from how much open software has already changed reality.
Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
That's fair, but I think it misses the distinction between who owns the infra and what the infra is built on. Yes, SaaS is often closed to end users, but the reason those companies could even exist at scale is because the underlying layers (OS, databases, frameworks, orchestration, etc.) are open.
You're right that control shifted from users to cloud vendors, but that's a business model problem, not a failure of open software. If anything, FOSS won so decisively on the supply side that it enabled an entire generation of companies to build closed services faster and cheaper than ever before.
FOSS killed the profit margin in just making software. That shifted profits to hosting it, and in so doing shifted the industry to a more closed model than it had before.
In other words the net effect over time on the system from FOSS was to close things more. It had the opposite of the intended effect. We incentivized closed.
The result had been horribly dystopian. Before we had PCs that ran closed source but still local software and had our own data. Now we have cloud they runs opaque software we can’t even run ourselves and our data is not ours and is subject to mass surveillance. (By “our” I mean most people. Tech savvy people can opt out with some effort.)
This is super common. It’s hard to predict the actual incentive structure that something will create, and it is incentives not intentions that determine outcomes. Large scale socioeconomic systems are mindless gradient descent machines that chase profits of various kinds the way a plant grows toward sunlight.
What those adopters are not doing is opening their own source code as FOSS or contributing back to FOSS. That means that there isn't a path to future success.
The XNU kernel is only partially open-sourced. And it has a very non-open development model - development happens behind closed doors, no process to accept outside contributions, chuck a source code dump over the fence some time after each binary release.
It is better than nothing, but is more “technically open source” than “open source in spirit”. A lot of Darwin code can’t even be compiled outside of Apple because the open source code includes closed source headers.
It wasn’t always like this… in the early days of OS X, you could download an ISO of open source Darwin, install it on your PPC Mac, and it was actually a useable Unix-like OS (missing Apple’s GUI, but it offered X11 as an alternative). Then Apple lost interest-and got scared their (relative) openness was making life easier for jailbreakers and Hackintoshes-and nowadays you aren’t getting a usable open source Darwin without a huge amount of work to reconstruct and substitute the missing bits (which I know some people are working on, but no idea how much success they’ve had)
Mostly agree re: your entire post, but, re: OSS above, does not matter, you don't owe an open development model to anyone.
Free software was conceptualized at the dawn of the personal computing era. As it is defined, it could never prevent isolating users from the software by isolating them from the hardware, because it was assumed that the software would run on the hardware that the user interacted with directly. You could build an SaaS product on entirely copyleft software without breaching any licenses. It's only specific kinds of free software that require giving users the source code. And even then, they don't require the service provider to implement any changes. If Google Docs was free software, Google isn't going to integrate your patch if it doesn't want to.
>Very few people use much open source software directly. With a few notable exceptions it’s only used by developers and IT pros.
>I suppose the Darwin kernel in Apple OSes and Linux in Android kind of count but people really don’t interact with those directly in a tangible way. They are way deep down under the hood from a user POV.
I mean, what does it even mean to "interact directly" with something, at that point? If I'm using Firefox on Android to watch a YouTube video, is that direct enough or not? Firefox, like the kernel, is just a facilitator for a task I'm interested in. Hell, arguably, so is YouTube. Then it follows that almost no one actually "interacts directly" with software; people interact directly with their task, and software is ultimate just a tool that's more or less practical to accomplish it.
I run graphene on my phone and this new restricted security patch limit by google is nothing short of a shit show.
I wonder if switching to a Jolla C2 [0] is a reasonable alternative.
[0] https://commerce.jolla.com/products/jolla-community-phone
> Things programmers care about directly, like the OS and the kernel, are quite well covered. Whatever we need, there's an open version
What devs can build without much oversight or business pressure usually works well open sourced.
Almost everything else (hardware, non technical "productivity" software, services) doesn't, and that's most of our life. We live in a world that's still massively closed source.
I wouldn't call someone absolutist for wanting printers, coffee machines, laptops, TVs, cars, "smart" lights to be more open than closed.
Of course we'd all prefer open printers and cars, but those domains aren't mainly limited by software ideology; they're limited by regulation, liability, and econ. The fact that programmers can build entire OSs, compilers, and global infra as open projects is already astonishing.
So yes, the world is still full of closed systems... but that doesn't mean FOSS lost. It means it's reached the layer where the obstacles are social, legal, and physical, not technical. IMO that's a harder, slower battle, not evidence that the earlier ones were meaningless.
It is a failure. Things have been moving away from openness. A frontier would move toward it.
https://en.wikipedia.org/wiki/Openmoko
The very fact "right to repair" had to be coined, proclaimed and we're fighting for it is a regression from the early days when repairing a radio wouldn't be violating some clause.
Of course, the openness was more accidental or pragmatic than really intended, and we saw companies slowly put up the barriers as they found technical and legal ways to do it (like forbidding plugging third party phones to the network for instance). If it's a frontier, IMHO it would be more akin to the battlefields front lines than anything else.
Put another way, the battle has always been social and legal.
It's true that malware authors are much better funded and more aggressive than they were a few decades ago, so we have some long threads talking about how there is an element of the paternalism here that's protecting people from some pretty malicious stuff, which could also cause a lot of harm. However, seeing this paternalism as the basic normal way that software is used shows that we've lost a lot.
John Deere has built a great tractor that the company itself prevents you from repairing without their involvement.
The only beneficiary of open source there is John Deere.
right now we want it because we want the side-effect the the tinkerability, the data transfer, the cost-optimizaton (host it where it's cheap, or modify it if it's not cheap enough)
but users want their problem solved, they are extremely happy about an imperfect solution (deeply flawed delegation of the problem and responsibilities), they are willing to pay a lot for it, and their time-value discounting coefficients are atrocious. they want it now, and don't really care about tomorrow. (or next month when the free trial expires, when their credit card gets charged, when the price increases when their blessed business bamboozler becomes bankrupt - or worse a ruthless monopolist)
FOSS is an education problem, quite isomorphic to the problem of democracy (and climate change and other slow burn issues)
...
and of course it's a political problem too
but where's the coalition of friends of FOSS who pledge to spend/buy/support development of the missing components? where's my FOSS printer? where's my movement that encourages me to buy a shittier phone knowing it will help spin up the flywheel of FOSS?
... and where are the faithful pragmatists that don't get sidetracked by their own toenails?
The issue is that for a lot of things, there is exactly zero foss options. The problem is not, and the article doesn't imply, that there should be a 100% foss, so that foss finally "wins".
You can't control any of them fully. Most you can't root.
Perhaps you don't care about OTA TVs in the first place, but that's a different point.
https://sfconservancy.org/copyleft-compliance/vizio.html https://plasma-bigscreen.org/
It absolutely does.
Corporations are pushing remote attestation now. They can detect if we "tampered" with our devices now. They discriminate against us for it. Installed your own open source software? All services denied. Can't even log into your own bank account.
We're marginalized. Second class citizens. There is no choice, it's either corporate owned computers or nothing. What good is free software if we can't run it?
For everything else continue to use and improve the open offerings.
In the meantime, keep fighting and supporting organizations to get laws pushed to ensure open devices can access essential services. (Administrations change, whats dire now may be hope tomorrow).
I've come to realize that a lot of closed digital services are just fluff and not needed. So I try to accept that I dont need them. Its a journey.
Personally I’m ok with the bank being on the hook and their app checking there isn’t malware loaded on the OS. I have my raspberry pi and steam deck for full modding without intermingling it with extremely sensitive computing.
Users would also lose them far more than they lose their phones.
Remote attestation doesn't check that there isn't malware; it checks that the OS is approved by one of a short list of corporations. Passing that check is correlated with a reduced risk of certain types of malware being present, but is not quite the same as checking for malware.
define "malware".
/s
For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.
Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.
Preserving such mindshare into the future might enable us to show people why they should care about free software and perhaps finally obviate how much malfeasance the perpetrators of closed platforms can do contrasted to the remaining open platforms on pcs (assuming people don't just completely abandon pcs...). This may also help push and convince law makers into legislating in favor of free software and open platforms.
Thus FOSS has plenty of time (decades to centuries) to learn from for-profit tech's mistakes
People don't even do that. They don't even search for software on f-droid first and try the UI. Nope they go to play store and search software which is going to advocate for closed software because ads/review buying...
You really have to expect something from the general populus as well imo. Maybe they don't know about f-droid but people say to me its not about knowledge but rather caring, they don't care and I don't know wtf to say to that.
It's a very weird chicken and egg problem.
https://nlnet.nl/mobifree/eligibility/
>‘decentralized app stores’, a technology that uses the F-Droid app store architecture, for organizations or other entities that wish to distribute their apps to a select user population (e.g. employees), plus an app distribution system that makes it simple and cost-effective for developers to distribute their applications to multiple app stores.
For mixed approaches, I like to think about why Google et al haven't beaten Apple at the appstore game (outside China)
You mention chicken and egg which suggests that there's a 2-sided-market type of problem to try to solve here even if one isn't well-versed in marketing
Basically that people expect a lot from open source yet they want it right now but nobody mentions anything about donating to them or they will donate to it once the software gets a lot of features but the software will only get it if you donate to them in the first place imo otherwise the whole situation would feel entitled.
There is no reason to expect good UI/UX from open source when at scale, the society doesn't fund open source with donations at all. They are severely underfunded but I don't know what people want from them. Nobody cares about it. Oof.
This is a chicken and egg problem that open source can get really good if people donate to the creators but they will only donate (I doubt that actually as well now) once it gets good but ... it will only get good once they donate.
Open source is stuck in this chicken and egg problem. I was thinking about how the creators of deltarune/ undertale if they were open source, I just checked and undertale has made 114 million $ in sales and its price is 10$ which might be worth it...
10$ isn't that bad and people still pirate it, I think this model can be decent for games which is why people don't open source games. Imagine the amount of money that could've lost if lets say undertale was open source. I am pretty damn sure that nobody would've donated 114 million $ to them if it was open source.
Just some thoughts. I have mixed opinion now. Its a chicken and egg problem and actively hurts the devs financially in the process as well and people don't want anything to do with open source aside from us people who already know about it. Like wtf. We are taking a cut for a ideology and uh I am just a bit speechless. Its messed up & my question is: can we change it? I genuinely didn't want to be pessimistic but I don't think that there is much of a way, is there? I want to find some hope to cling upon but I genuinely can't find any hope. Everyone I talk to is so down right pessimist or nihilist or doesn't care about open source for a fix that I feel like I am in the wrong for looking for ways to change and now I genuinely doubt if change is even possible.
https://nlnet.nl/donating/
They should get more wellknown
Judging by the lack of upvotes and nondisclosure of how much they get, my guess is that 99% of people have for some reason conflicted feelings about funding opensource even from taxes
I'm not saying that Ubuntu/Gnome was everything Linux had to offer (I myself was on Arch and i3wm at the time), but that period was certainly when the largest percentage of people around me were enthusiastically adopting the Linux desktop.
And that's the complexity of this era of computing. We just got finished convincing people that it made sense that they should have the right to run whatever software they wanted on hardware they owned... And then immediately the technology shifted so that most things no longer get done using exclusively hardware that you own. The RMS four freedoms approach is only chipping away at the larger problem: capitalism (I mean that literally in that the problem is that the machines that do the work, the capital, are owned by a tiny ownership class).
If some piece of software I'm running is the only reason for you to refuse the connection, then you should be obligated.
It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
This is especially important when I just want to run my own OS and not have people go out of their way to deliberately break things because of that.
In general, the obligation has been soft: "If everything adheres to the protocols, it will interoperate" is how we got the Internet. And the Internet was generally useful and so self-incentivized making software work with it with minimal stumbling blocks; nobody was gating FTP clients on only working with Oracle-branded FTP servers because then you couldn't access all the other FTP servers.
But that's not the only model, and I don't see an obvious argument for why should enters into it here. How does that "should" work? Is there legal compulsion? On what moral or philosophical grounds?
> It's slightly similar to how protected class laws work. You can block me for no reason, but not that reason.
Yes, and instituting those laws was a messy uphill battle over immutable properties of human beings. That is a far philosophical cry from "No thank you; I'd like to use all that Apple cloud tech without buying an Apple computer please." I suppose, unless we break the back of capitalism as a societal structuring model, in which case... Yep. We can make whatever laws we want if we throw out the current system.
This threatens to destroy everything the word "hacker" stands for. Everything this site is about. Gone.
I can't even get people on Hacker News to care about this. It's over.
It's just very unclear that the force of law is the right tool for the job to address that problem.
(Also, people on Hacker News can care about a lot of things simultaneously. One of them can be that adding the government's cudgel to the problem may very well make it worse; do we really want the government having to well-define things like "protocol" and "communication" to craft that law?)
Remote hardware attestation is cryptograhic proof of corporate ownership of the machine.
They're using cryptography against us. Everyone here knows how devastating cryptography is. Cryptography is subversive. It can defeat police, judges, governments, militaries, spies.
I'm actually worried that the force of law might turn out to be not nearly enough.
> do we really want the government having to well-define things like "protocol" and "communication" to craft that law?
Just ban corporations from using remote attestation to discriminate against us. If they try something else, ban it too. Don't even ban the technology, it's useful to us when used with our own keys. Just stop this abuse and discrimination.
Whelllp, there goes my OneTouch login on my MacBook. :(
Obligated how? Like through violence? What happened to freedom of association?
In my view, it's more important to have freedom of software choice than to have the very narrow freedom of association based on what software someone else chooses.
Because again I'm fine with you rejecting me for just about any other reason. But that one? No, I think we should all have to interoperate.
Another way to look at it is that I should be able to keep what software I use private.
Also the important part is applying this rule to companies with 7+ figures of revenue. Not so much to actual people.
In general I'd caution against trying to use legalisation to solve problems like this because they usually introduce more problems. At the very least I'd expect banks to no longer carry liability for fraud, so perhaps one intended consequence of this is that if you get defrauded the bank no longer protects you. That would suck imo.
Perhaps they could make it so you waive all protections by using unauthorised software. That would probably require changes to existing legislation, and then of course people would complain that the banks have too much power etc...
Respectfully to you but not to banks, fuck that. You can use your computer under your control to access a bank and it's fine. You don't have to give up fraud protection. Phone apps should be the same way.
How is it that accessing my bank account with KMyMoney is fine, but banks don't even allow me to access my smartphone's root account without blocking me?
You should be.
Your device will not attest to this if you install your own operating system, if you root your phone, if you do anything that they don't like, anything at all.
You install your bank's app and try to use it. The bank's servers ask for the attestation. You will not have one. They decide you cannot be trusted and deny you service.
Even if you can program your own keys into your device, nobody is gonna trust those keys. Why would your bank trust your own keys? They'll trust Google's keys, Apple's keys, the government's keys. You? You don't get to participate.
The corporations and governments want to own your computer. They demand cryptographic proof that your device is owned by them and that they have complete control. If you don't provide it, you're banned and ostracized from everything.
Suddenly it's mandatory because the device is a phone?
For the website, it's also easy, even with PSD2 you can just get a physical TAN generator.
My point was that you can't do it *without hardware attestation*. You can choose between 1. a smartphone with hardware attestation, or 2. a physical TAN generator with hardware attestation.
Maybe some bank would allow you to use some third party two factor authentication device to log in sometimes, but most (if not all) would require you to use their "app".
It used to be that Linux users like me were exempt but at some point they added Linux support. Now there's a goddamn AUR package for this thing.
https://aur.archlinux.org/packages/warsaw
https://aur.archlinux.org/packages/warsaw-bin
> Banking security tool developed by GAS Tecnologia
Yeah. Banking security tool. Who the fuck even knows what it does? It sure as hell isn't me. That thing is not going anywhere near my system.
What is the particular threat model of a rooted phone?
…switch banks.
It's hard to describe just how deeply entrenched institutions like banks are. Normal people see all of this stuff and they do not even react at all. It's all just mindless bureaucracy that they have to put up with. Nothing can be done about it. Can't be helped, so they just accept it.
So it's not wise to treat banks like normal corporations which compete with each other on the open market. They are directly legally and financially incentivized to do everything we are fighting against.
For example, our banks still require us to install "security modules" on our computers in order to log into our accounts. Once upon a time I tried to reverse engineer one of those things to see why they made the computer so unusably slow. I caught it intercepting every single network connection. Told me all I needed to know.
At some point society has to simply determine that it's immoral and make it illegal. It doesn't matter how much money they lose to fraud of whatever, just write it off as a business expense or something.
I take the same position on countries - it’s why I no longer live in Africa, where I grew up. And why I soon won’t be living in the US any more. Life is too short to waste it having other people’s mistakes inflicted on you.
You have my applause. But that certainly looks like you are in for a lot of moving around, going forward. I guess it is not an option for everyone.
For many of those that don't, that's a choice. Keep in mind that emigrating doesn't necessarily mean adhering to all the bureaucratic procedures involved, all the time.
I lived in my home country and then Botswana for nearly 30 years. I've been in the US for over 30 years. I don't anticipate many more moves.
Yes, we're awkwardly cornered - hardware used to be open or easily reverse-engineered. Now it isn't. The solution is to demonstrate the demand for open hardware. No one is going to walk away from money that can be made even if the market is smaller.
This movement was strong enough that the incumbents themselves offered Linux-friendly hardware. We continue to see momentum in the mobile space as well with /e/OS, Fairphone, etc. GrapheneOS is pursuing alternatives to Pixel.
Be brave!
Unfortunately the tech industry has shown us that isn't true. For example, look at the iPhone mini - I forget the exact sales numbers others have cited, but it sold very well. There is clearly a solid market there, even if it is smaller. But Apple isn't willing to chase it, and nor are the various Android OEMs. The same may well prove true for open hardware.
They are, it returns next year as iPhone Fold for $2K.
When exactly was that? The 1980s?
Linux hardware support is better now than its ever been.
How do I install GNU/Linux distribution on a latest Galaxy S25 or iPhone or Google Pixel or Apple Watch or... (these are likely top-selling general compute devices in the world)?
Yes, on Windows PCs, Linux usually works better than Windows itself (except for the very newest stuff for a short while). But I think you missed the point of the GP.
I'm not sure I follow. Corporations are free to impose requirements for access to their platforms. FOSS didn't start by demanding that MS release the source code for Windows and Office. It started with developers writing their own alternatives. What helped was the open and standardized nature of the IBM/PC stack that made it all possible. Without it, FOSS would have died before birth.
Yeah? They shouldn't be. Any attempt to deny us service on the basis of the software we use should be classified as discrimination. It should be a crime of the same caliber as racial discrimination.
It is the only thing that allows us the chance to resist their surveillance capitalism. Being surveilled and having algorithms extract value out of us is exploitation which absolutely goes against basic human dignity. It also creates the potential for information leaks which are safety risks.
Think about it. The only thing that separates corporate software from literal malware is a huge terms of service document filled with legal boilerplate that nobody actually reads. Everybody theoretically "agrees" to this stuff.
I would argue that Gmail (or at least some kind of email service) is actually a necessity for modern life -- and if "access" includes sending emails to @gmail.com without being black-holed into the spam folder then I would argue it is one of the most essential digital rights these days. For most of the public, no access to Gmail would make it impossible to get a job, use most online services, or communicate with most people. Arguably this is a right more people exercise every day than some fundamental human rights (like the right to a fair trial -- most people are never a party to a criminal trial).
Facebook is somewhat less relevant than it was a decade or two ago, but if you include all of the services under the Facebook umbrella (Instagram and WhatsApp) then I think there is an argument it is would also inch close to that line. I remember it being incredibly difficult to attend events and interact socially with classmates without having a Facebook account when I was in university ~10 years ago.
(All of that being said, I don't necessarily think this is the key issue here.)
but this doesn't work in real world are they??? I mean look at apple, the iOS is locked down device and consumer know what they buy into
and its user also fine with it
Consumers don't know anything about what's being done to them. Even on Hacker News I get accused of being a paranoid schizophrenic "tinfoil hat" user when I point out the fact we have trillion dollar corporations building digital fiefdoms with users as the serfs. You think non-technologists can grasp this? You have far more optimism and faith in humanity than me if you truly believe that.
I understand where your coming from but the words of choice make it maybe more hyperbole
also stop acting like most user is idiot tbh they just dont care enough for this shit
they do care if the situation get worse, and until then if said corporation is "refuse" to
serve customer like they used to be people can retaliate
That is the definition of idiot. A person who's so alienated they don't participate in these public matters.
> they do care if the situation get worse
By the point normal people start caring, the system will be so thoroughly entrenched that violent revolution will be the only option avaliable to them.
I wouldn't call you names, but this does sound rather extreme. It also sounds rather imprecise. Is this a metaphor, or a hyperbole, or do you actually mean this literally? If so, in what way I, an iOS user, going to be an Apple serf?
Universal, but unmentionable and with no consequences in practice?
You have to own a phone to participate in society these days. I need one to even log onto my laptop for work. Eventually I'm sure some form of digital ID / biometric information will be required for verifying my online identity.
It's a slippery slope, and we're sliding into the abyss.
To wit, hardware that I bought is not "their platform", but many corporations sure like to pretend it is.
It's already not illegal to reverse engineer hardware you have bought (for the purpose of maintaining it or compatibility), regardless of how much IP lawyers like to pretend otherwise. (And even if it were illegal, I would contend that reverse engineering is a fundamental right that laws cannot rob you of.)
Open source software lost in this domain fair and absolutely square. Desktop linux has been an extremely accessible and decent option desktops and laptops for, what, three decades; it lost in the open market. I'm typing this comment on arch linux, but even so: It failed to become a force sizable enough to fight back against the tide of corporate-owned attested consumer hardware. Android has been an option for nearly two decades. Its reasonably successful, globally. Google is now toggling the doomsday switch everyone knew they had, to force all applications to go through the Google Mothership. Samsung could fight back; they won't. Motorola could fight back; they won't. The market could revolt; it won't.
Software being open source is not enough to change the tide on what the market wants. Should service providers be forced (e.g. by regulation) to support consumer hardware stacks they prefer not to? By what mechanism do you propose we stop a bank from saying "we'll only support connections from iOS devices", if not the democratic market force of ensuring enough of their customers demand access from devices running free and open source software? You get there by building products people want. Anything else is succumbing to the same authoritarian forces that you're hoping free software will stop, by forcing service providers to behave against their own interests.
If that was unpopular, here's where it gets really unpopular: I don't see a doomsday-level problem with a world where, in addition to whatever awesome FOSS hardware I might have, I also have an iPhone 12 ($130 on swappa) as my "attested device" to do "attested stuff" with, like store my drivers license, banking, whatever. To me, this is... fine. Not ideal; but fine. We should fight like hell to score wins where we can, like in right to repair, parts availability, ensuring old devices are kept up to date for as long as possible (Apple is pretty good at this); but if I have to carry an old iPhone in my backpack to access my bank because they refuse to support my hypothetical GnuPhone 5, the world isn't going to end.
We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
But even as you say, as you're using Arch as your desktop computer, things may be fine now, but they're only going to get worse.
Should we all have to carry two laptops because anything running a free software core is just utterly unusable due to remote attestation?
> We need nerds who care about this to stop typing on hackernews and go start a phone hardware company. That's it.
Didn't you just spend most of your comment talking about how the market forces don't care anyway? Would good is starting up a phone hardware company that will ultimately go bust due to total apathy of the general consumer?
Yes.
Well, sort of. They don't actually have to do anything. Nobody wants to force them to work for us, that's slavery.
Just don't get in our way when we start writing and using our own software. That's the "support" we want. Just stay out of our way. Leave us alone, without actively discriminating against us for it.
Or tricks like Nintendo designing their hardware only boot games which show the Nintendo logo on the screen, so that they can shut down any third-party games for trademark infringement.
[0] https://www.eff.org/pages/unintended-consequences-fifteen-ye...
https://www.eff.org/deeplinks/2019/06/felony-contempt-busine...
The trademark security system you mentioned produced such wonderful case law. Not only was it found that this "infringement" was fair use, judges decided that it was the trademark holders themselves who were at fault for creating this stupid system where competitors had to infringe their trademarks in order to create perfectly legal interoperable software.
https://en.wikipedia.org/wiki/Sega_v._Accolade
> Accolade's decompilation of the Sega software constituted fair use.
> the use of the software was non-exploitative, despite being commercial
> the trademark infringement, being required by the TMSS for a Genesis game to run on the system, was inadvertently triggered by a fair use act and the fault of Sega for causing false labeling
That's what the world was like before the DMCA. Corporations would invent all this "clever" nonsense and they'd get destroyed in court. Not anymore.
Similar to all the accessibility requirements, of course. Do you think the society / government should force banks to provide services to blind or deaf people? Or should we just let the market decide?
My bank has stopped issuing physical TOTP tokens years ago, and I am holding on to one from 2006: when that one dies, I won't be able to use their e-banking web site if I do not have an Android or iOS locked-down phone.
Not, that does not mean making it a protected class. But instead, guaranteeing access through open protocols and open platforms should be sufficient.
I also hope legislation, like CRA/NIS2 in EU and different e-waste regulations combined, will push manufacturers to consider FOSS approach as a get-out-of-jail card too.
We need nerds who care about this to stop complaining about minor things in existing GNU/Linux phones and other similar devices on the market and go buy them. These hardware companies have been there for years already.
It's hard to build a profitable and sustainable business only basing on the minority that doesn't mind it being "too thick", "too slow", "not high-res enough" or "unable to run modern PC games" (all of these are real things I heard from people here, no kidding). And I assure you that if you really care, you'll easily find a way to live with a (swappable) battery that lasts 20 hours.
All of the current Linux phones have major showstopper issues, and saying we're complaining about them being "unable to run modern PC games" is a strawman. The simple fact of the matter is there are no decent mobile Linux options available.
The most endemic problem right now is "Linux" phones that use crummy forked vendor kernels and Halium. For all intents and purposes, these devices are trapped in time and can't meaningfully get software updates for major system components. The 2 decent Halium-free options, the Pinephone and the Librem 5, both still use downstream kernels, and the Pinephone's kernel is maintained by 1 person in their spare time. I think it's apparent that this is not sustainable, and one can't reasonably expect megi to maintain this device forever.
As sad as it makes me feel to say this, I don't foresee these problems improving for a long time. As of now, I remain stuck with a Moto E6 from 2019 (Android 9.0) as it seems to be the final device ever produced with a replaceable battery, headphone jack, SD card slot, and screws instead of glue.
Most open source projects, except few popular ones, are maintained by 1 person in their spare time.
If you wait around to be purist on this issue all day, nothing will ever change. Something like e.g FuriLabs is good for growing the ecosystem and getting people actually exposed to something other than iOS/Android.
I'm typing this on a device that doesn't rely on Halium and which actually actually works, without being confined to what distro maintainers happened to manage to hack up or reimplement, so it's not like there are no alternatives.
I do have a replaceable battery, headphone jack, SD card slot and screws. I do some Web browsing, reliable calls/SMS, playing music for hours. It's starting to get a bit slow and old over the years, but I still see no reason to switch to any less user-respectful device.
What I worry about is whether there will be an upgrade path within the next decade. So far there was the Liberux campaign, and it failed. I already had to use an Android device as a secondary phone for 2-3 years before I got my Librem 5 because the N900 eventually aged too much to be usable for the Web and there was nothing on the market that could properly replace it. I don't want to need to do that again.
PinePhone is a low-end device with no support other than what you get from the community. It was a good option for those who couldn't afford anything else and wanted to invest their time and skills instead of money, but there are no miracles. The community of people who did actually care turned out to be small enough that you can still find some low-hanging fruits to work on today - and that's the thing I wanted to point out. I see lots of people who talk about how much they want Linux phones, but it's a tiny subset that actually acts like it. They won't fall from the sky - not when the sales of existing devices can't finance developing their successors.
I tried to use a Freerunner as a phone for well over 2 years before I gave up and just bought another nokia. As far as I'm aware, it was never really usable as a phone, partly due to the power management never really working properly (there was a point where we finally got power management and a battery life of >4hrs, but the phone often wouldn't wake to ring when somebody called). When using several of the available distros I was frequently mocked by my friends for using the "echophone", due to their own voice being echoed back at them, making it extremely disconcerting to talk to.
I tried a bunch of different distros. And I spent hours and hours and hours trying to tweak settings and test to eliminate the echo. qtmoko was the best distro IIRC, but it had its own issues.
To say that "they sure were usable by a determined person" severely overstates the usability of the freerunner IMO - I'll be extremely curious to hear about the software stack that you characterise as "usable", particularly with regard to the ability to make and receive calls and the ability to have the phone on standby for more than about 4 hours away from a charger.
Freerunner was the roughest of these devices, but that was more than 15 years ago. Things have changed meanwhile ;)
Interesting to hear, I never managed to get anything like that many hours out of mine - as I say I never managed a full day because it wouldn't wake from sleep to ring. And I spent a LOT of time trying to eliminate the echo but never quite managed it (though I think it might have been gone in qtmoko, it's been a long time so hard to remember exactly).
Still I'm glad to hear that it was usable for someone, I guess.
> Things have changed meanwhile ;)
I wish. But my experience with the pinephone was somehow even worse.
Still, Freerunner, while usable, required plenty of patience. My current experiences with Librem 5 are so much better - but whenever I play with a PinePhone it does somewhat remind me of my old Freerunner (which still works, BTW!).
I don't understand what you're talking about. SXMo (https://sxmo.org/) is fast on Pinephone. Even Phosh is pretty usable. Firefox with NoScript is more than good enough to browse web sites with pictures.
Also, Librem 5 is much faster than Pinephone, and I've been using it as a daily driver for quite some time already.
Or a device which can just take a X server running on the same port of sorts but I have found that sure you can do something like it, but its gonna be of inferior / subpar than a phone but definitely possible.
I spent over two years persisting, trying to get the Freerunner to a state where it was usable as a phone. Openmoko were more interested in rewriting from scratch and making sure it had pretty animations than things that some might consider more important, like working power management and phone calls.
For a long time I called the Freerunner "the worst phone ever made"...
...but then I bought a Pinephone. Which couldn't even play mp3s without stuttering - something even the freerunner could manage over a decade earlier. Don't get me started on the "quirkiness" of trying to use it to make and receive calls. Also the keyboard attachment I bought with it never worked. I tried multiple distros and whatnot, but I didn't get to spend a huge amount of time experimenting, because less than a month after I started to try actually using it, I dropped it, and it was so fragile that the screen was destroyed, despite me having bought a screen protector for it.
I've looked at a lot of these devices over the years and been tempted many times. I was very put off by the freerunner experience. The pinephone experience was actually almost impressive that it managed to be somehow worse.
I've just been scanning the postmarketos wiki looking at how that works with a few different devices. The number of devices that have some feature like calls / gps / camera / etc "partially working" is dismaying, particularly for open devices like the pinephone and librem.
Personally I switched to using lineageos on phones a long time ago. It's not ideal but at least it's usable as a phone.
But the mobile phones specifically turned from phones into trusted terminal which institutions like banks and governments use to let users control large amounts of money and responsibility. And the first rule of a secure device is to be limited. In particular, the device should limit the ability of its owner to fake its identity, or do unauthorized things with networking, camera, etc.
This junction of a general portable computer and a secure terminal is very unfortunate, because it exerts a very real pressure on the general computing part. Malicious users exist, hence more and more locking, attestation, etc, so that the other side could trust the mobile phone as a secure terminal.
It would be great to have a mobile computer where you can run whatever you please, because it's nobody's business. And additionally there'd be a security attachment that runs software which is limited, vetted, signed, completely locked-up and tamper-proof on the hardware level (also open-source), which sides of the communication would trust. Think about a Yubikey, or a TPM, but larger and more capable. The cellular modem and a SIM card are other examples, even though they may be not as severely hardened. They are still quite severely limited, and this is good.
If I were to offer an open-source phone (and, frankly, any mobile phone), I would consider following this principle. Much like the cellular modem, it would carry a locked up and certified security block, which would not be user-alterable. It would be also quite limited, unable to snoop into the rest of the phone. The rest of the phone would be a general-purpose computer with few limitations. Anything that would want to run on it securely would connect to the unforgeable interface of the security module, and do encryption / decryption / signing / secure storage that other parties, local and remote, would be able to verify and thus trust.
One can dream.
SIM card is a good example. Technically, that's trivially solvable with a PKI infrastructure (a malicious user can't trivially and successfully misrepresent as google.com): operator runs their CA, and by signing your certificate, they attest that you are the owner of a particular phone number. No malicious user can mess with that (other than attacking the CA).
What they can do is attack end-user devices through different cheaper means (social engineering, malicious apps, exploits...), and extract individuals' private keys, thus allowing them to misrepresent as that individual. A SIM card protects against this by not making private key accessible in the first place.
This is exactly what locked devices do: they protect customers from not knowing how to properly (including securely) use their devices.
This is what we need to focus on as technologists: if we know how to securely use our devices, how do we opt out of others "protecting" us, and take full responsibility and liability for security lapses?
There are two reasons I think it's viable now:
1. It's possible to wire an agentic system management service into the OS to handle a lot of the routine stuff, so non-technical users will be able to just talk to their computer and it'll be fine tuned to be good at fixing system issues, installing/removing software, managing windows, etc. I developed a scheduling inversion of control executor for enterprise agent control that I've looked into adapting for this use case.
2. The steam deck has proven a new model. Game friendly and a simplified UI is enough to carry Linux. New Arch rices like Omarchy are pushing the envelope of usability. I've been ricing desktops since enlightenment on slackware 96, so I'm pretty familiar with this world.
Regarding form factor, I'm not a huge fan of phones, too many tradeoffs. I think with strong AI voice systems, the optimal setup is buds + tablet. That's a better setup for mobile linux anyhow, and it makes the hardware almost a non-issue.
The same mechanism that stops a bank from saying, "sure you can withdraw more than $10,000 from your account and we won't ask any questions about what you plan to do with it" - explicit financial regulation with real penalties attached to it, that banks systematically adhere to. I'm not necessarily a fan of all legal regulations around banks or other financial product providers - this is a huge reason I'm interested in truly decentralized cryptocurrency systems - but given that the regulated fiat financial system does exist and is widely used, we might as well demand that these regulations include provisions that the bank has to let people running free smartphone OSs connect to their systems too.
I think this is the wrong conclusion. It’s rather the opposite: when there’s money to be made (applications, device drivers), businesses have came in and managed to dominate it with proprietary versions (music, video, etc).
When they don’t, it’s because of strategic business interests: you’re probably going to want to make your programming language open source in order to gain developer interests, but the applications you make on top of that closed source.
287 more comments available on Hacker News