I've got to say, some of the comments here are pretty funny.
> "The sideloading restriction is easily solved by installing GrapheneOS"
> "Unless they block ADB, I wouldn't say it's accurate to claim they're "blocking sideloading"".
Not to pick on these folks but it's like we on HN have forgotten that ordinary people use phones too. For some of us, it's not a limitation as long as we can solder a JTAG debugger to some test pads on the PCB and flash our own firmware, but for most users that's just about as possible as replacing the OS.
There was some Ubuntu (or Linux) forum where I had asked a question and I wanted an app or something (I can't recall now) which was easier to use and do repeatedly. Most of the people were replying with stuff like "why can't you just do <something that involves lots of CLI and more than an hour ro so>" or on the lines of it.
I, someone extremely new to Linux (hell, new to computers), was bewildered. Then a commenter replied with something that helped me and exactly what I needed. He added a note directed towards others which went something like - the battle for Linux as THE desktop OS was sabotaged by its most ardent practitioners.
> the battle for Linux as THE desktop OS was sabotaged by its most ardent practitioners.
This definitely happened with Arch. For some reason they killed the noob guide (which I helped maintain). It was a great guide that helped people go from noob to kinda knowing linux.
You can't have wizards without first having noobs.
Why gatekeep people from enjoying the same thing you enjoy?
Well, I guess all that gave us EndeavourOS and Manjaro. But still, we need more places for people to learn that nitty gritty stuff.
Hell, I'd love to learn more about the hardware hacking the OP is talking about. Love to learn about those GPU hardware modifications people do. I know it's hacker news, but I'd actually love to learn about that hacker stuff. If these companies are going to continue to fight this hard to prevent us from owning the things we buy, it sounds like an important thing to learn. Or else we're soon going to have robot butlers that are just sending lidar maps and high resolution photos of our homes back to these companies. We don't need elitest pricks, we need wizards teaching noobs
Regarding gatekeeping, there was one webforum I used to visit when I was a kid, which I think approached this in an interesting way. Most of the boards were available to the public, general users could post in them (other than the one that announced rules of course), but there was a subforum which could only be accessed by those who had demonstrated some minimum level of competency. Specifically this was a forum about programs for bots for a for-kids MMO (said MMO didn’t really have PVP that depended or gear or levels or anything, or a way of trading items or anything like that, so there wasn’t any player economy. So I think these cheats were pretty harmless. Well, except for the people making bots move in arrangements to make offensive symbols.). The process was, one could submit a program one had made that did something interesting, and they would judge whether it was sufficient to be allowed in to the subforum.
I think this had the benefits of:
• allowing people who don’t want to bother with newbies to not have to, if they stay in the subforum
• still having the places for “people who are skilled and willing to work with/help newbies” and “people who are skilled but don’t want to deal with newbies much” be in a sense the same place, while also having the place for the latter be the same as a place for newbies.
• provides an incentive for newbies to become skilled.
_____
Of course, this method doesn’t work if no one is willing to engage with the newbies. But I think it’s probably fine/reasonable to keep outsiders away from a few things provided that there is a reasonable path in.
Though, I’m not advocating that the approach that forum used be implemented everywhere. I just think it is something that a community could reasonably choose, depending on their priorities.
The forum was primarily about the “Penguin Client Library” (or “Penguin Client System”, I think they went back and forth about the name?), which allowed writing PHP scripts to interact with the game servers.
Why PHP? I think maybe it was originally so people could use it to make web forms where people could put in their username and password and it would e.g. give them whatever item, but that kind of cheat was blocked very quickly, and I think it just remained in PHP for historical reasons, so instead you had a bunch of people running PHP on their local machine to run a bot doing normal game actions (but combined in unusual ways). Or maybe it was just the language the devs were most comfortable with, idk.
Something I know from a past role is that teaching is demanding, and for any broad audience you've got to consider the range of different thought processes that you may need to provide your knowledge in different ways. As someone trying to increase my linux skills (and assess the best one for potentially migrating/supporting my parents) it doesn't help that a lot of linux documentation comes across as barebones, or very concise about the one way it's meant to be done with a certain distro (plus potentially outdated on an earlier version), and a general lack of explanations.
As example toy projects I'm trying to test out dnf-automatic because I'd prefer not to have the admin work of manually keeping on top of routine updates, but there's little feedback (although so far that's better than pacman on Arch which specifically expects atdmin), or learning why a distro has set up swap/zram/zswap the way they have, what the limits are on that config, how to measure what my system uses and if/how to adjust it. There's little guidance within the system to get you up to that level, and to open another can of worms the terminal-first approach in linux's DNA usually doesn't present anything but the bare essentials for whatever tool you're running, but any extra/wasteful information shown could nudge you where the next step is.
But rewarding. What makes it less rewarding online is we don't see the benefits. We don't hear thanks. Which we should say more often
> a lot of linux documentation comes across as barebones
One thing I try to encourage is writing documentation. People are extremely resilient to this and I'm not sure why. It has a lot of benefits. I forget what I did, it helps remind me.
But people often claim no one else will read it or it's obvious. I think we've all dealt with the frustration of dealing with undocumented code. Seen how much time it takes because of the lack of documentation. Why doesn't this encourage writing documentation?
When docs are scarce and you have access, add a little. It can be built over time. Some is better than none.
The other thing I do is write notes. I put a lot of them in my dotfiles actually. This means I keep them just text (or link for images) and these can get carried around with me. I hand them out frequently and am always happy to have others contribute or share theirs but honestly I don't know a single other person that does this. But I find it extremely helpful. I reference them all the time. Granted, they're written for me but I think more people should.
Oh boy, I had many people telling me "please teach me how to use Linux [but I do not want to read any documentation!]". It gives me PTSD whenever I see people talk about documentation. I write documentation for myself and others who give a crap. I have been downvoted here for just simply stating that I wish people were less reluctant to read documentation, so y'know.
Yeah I think you've hit on the answer of why people don't write docs: they don't want to read docs...
But docs are kinda a necessary "evil". It would be great if we could instantly download information into our brain. Instead, we have to slowly download information into our brain (and it gets faster the more you do it).
People feel too rushed. But does the rushing get us anywhere faster? It's like rushing around in your car. You feel like your going faster, but if you time yourself or watch other cars that aren't rushing, you'll observe they still are ending up at the same stoplights you are. The speed only increases your anxiety and risk of accident. It feels faster, but it really isn't in 90% of cases.
Personally, I'd rather get to my destination more calm and safe. Might cost 1-2% in time, but most of the time I'll be better at my destination if I'm relaxed. Only rush when seconds matter.
With docs are useful and you shouldn't just jump to the parts you need. The surrounding context is a force multiplier. It helps you get into the mind of the writer. It helps you guess how things get put together. It helps you understand the larger picture. All of that is helps. You don't need to read a doc front to back, but just extracting one-liners is not helpful.
> Why gatekeep people from enjoying the same thing you enjoy?
That's an easy one to answer: they will eventually demand that Foo changes and remove things they do not like. It has happened to all media, it has happened to all software, you can be damn sure it will happen to something as modular as a Linux distribution.
This seems to falsely assume that technical users are more aligned with whatever the status quo is, and non-technical users are the ones who are looking to change things. In reality, technical users become technical users because they want to make changes, and 'casual' users just use whatever app/OS/etc is given to them, as-is.
Having bad or no support for your software isn't some good way to keep it 'pure', it's just keeping it less useful/relevant. Linux is OSS: fork it if you don't like something new, but don't hurt the ecosystem.
Deliberately hamstringing software or documentation so that others will stay away and not make changes is literally antithetical to OSS as a philosophy.
> This seems to falsely assume that technical users are more aligned with whatever the status quo is, and non-technical users are the ones who are looking to change things. In reality, technical users become technical users because they want to make changes, and 'casual' users just use whatever app/OS/etc is given to them, as-is.
Neither of this is true. There are plenty non-technical users that will be suggesting changes, there are plenty of technical users where they don't want things to change.
> Having bad or no support for your software isn't some good way to keep it 'pure', it's just keeping it less useful/relevant.
You are conflating "bad or no support" with "gate-keeping". Gate-keeping is about keeping riff raff out, but allowing those that are interesting to a path to being involved.
With respect to Linux distros. Linux is like a "kit". Different people offer you different "kits" called distros. Some of these kits may be given to you pre-assembled (Ubuntu/Fedora/Debian), other will require partial assembly (Arch) and some will require full assembly (Gentoo/LFS).
Arch/Void/Gentoo flavours of Linux don't advertise itself a user friendly distro like Ubuntu/Mint/Fedora. *It is expected you read the documentation and understand the command line*.
Thus why people were suggesting they should use the CLI tool. If a user doesn't want this, they should use something else.
Having a "noob" version of installation instructions for something like Arch/Gentoo will have the effect of allowing someone to fumble about and maybe achieve getting something functional, but they won't actually understand what they are actually doing and this will cause them problems in the future as they won't understand how to fix issues when they arise.
> Linux is OSS: fork it if you don't like something new, but don't hurt the ecosystem.
It is extremely difficult for even for large companies to run their own fork of large open source projects. Sure you can fork a smaller piece of software and maintain your own version, but anything significant you are unlikely to be able to do that. So you are forced either to use the changes you may not like, or you use something different, or you are are like the anti-systemd crowd essentially running a protest distro.
Also all the big forks in the software ecosystem is when two important factions have disagreed fundamentally on the direction of the project. We are not talking about individual users or developers, we are talking about the top tier developers/maintainers. A part-time/bedroom coder is unlikely to have any significant effect, even if they did it is often lead to burnout of these developers.
> Deliberately hamstringing software or documentation so that others will stay away and not make changes is literally antithetical to OSS as a philosophy.
Ignoring the fact that you are misstating the issue. It isn't antithetical to the philosophy at all. People decide their own level of involvement in any group activity. If you aren't willing to "pay your dues", then it maybe better for you to not be involved.
You will BTW see this to varying extents in Churches, Cricket Clubs and even your place of employment.
e.g. If you go to Church you have to accept certain tenants about the faith or at least respect them while you are there. I've been invited to Churches in my local area, by very nice people that I would like to get to know, but I can't believe in Christ, so I don't go.
> non-technical users that will be suggesting changes
Suggesting is not making. Non-technical users will not be making changes.
> You are conflating "bad or no support" with "gate-keeping".
If the support is intentionally removed with the goal of keeping out people, then it's both. That was the premise accepted by both of the comments above mine, hence my comment working from that premise.
> Having a "noob" version of installation instructions for something like Arch/Gentoo will have the effect of allowing someone to fumble about and maybe achieve getting something functional, but they won't actually understand what they are actually doing and this will cause them problems in the future as they won't understand how to fix issues when they arise.
Everyone is a noob at some point, so getting rid of documentation is only a means to prevent someone from learning. There is no cost to anyone if someone installs Arch without being an expert in the CLI.
> It is extremely difficult for even for large companies to run their own fork of large open source projects.
Agreed. And if there aren't enough people who are willing to support a fork to manage one, there aren't enough people to justify preventing a change that keeps the current version as it is (which is what in this case, that fork would be).
I.e. if there aren't enough people who support the current version, to maintain an unchanged version as a fork, there aren't enough people who support the current version to justify not changing it in the first place.
> If you aren't willing to "pay your dues", then it maybe better for you to not be involved.
Where are you getting this from? The whole conversation was newcomers making changes. Code contributions (i.e. changes) are explicitly the "dues" that OSS devs 'pay'.
> If you go to Church you have to accept certain tenants about the faith or at least respect them while you are there.
If enough of the congregation feels it needs to change, it will (or it will die out). Modern versions of religions look nothing like they did hundreds of years ago, and not all the changes happened due to schisms/ forks. Everything changes, or it dies.
> There is no cost to anyone if someone installs Arch without being an expert in the CLI.
Actually there is. But the cost is in the future when we have fewer wizards ;)
(Just had to be a little snarky lol. I know you agree)
Part of being a "Senior" in any field is helping those below you. Just think back to all the people that helped us get to where we are today! Yeah, we put in a lot of work ourselves, but it would be insane to have such an ego as to believe we did it all alone. There is no self-made man. No one can pull themselves up by their bootstraps. Nor are there giants' shoulder's to stand upon. Those are just a bunch of normal people standing on one another's shoulders wrapped in a trench coat.
> If the support is intentionally removed with the goal of keeping out people, then it's both.
No it isn't. Stating it is doesn't make it so.
If I expect you to follow a particular procedure and not support another (which is deemed initially friendly) that is perfectly valid. If it keeps people out that wouldn't otherwise be able to follow it, that is a positive, not negative.
It can gatekeep and be authoritative.
> That was the premise accepted by both of the comments above mine, hence my comment working from that premise.
And the premise is incorrect. Thus my comment.
There are also other reasons. Like having two version of the documentation causes confusion in itself.
> Everyone is a noob at some point, so getting rid of documentation is only a means to prevent someone from learning.
Not if the "noob" documentation obscures knowledge by letting people skip important parts of understanding the process.
> There is no cost to anyone if someone installs Arch without being an expert in the CLI.
Yes there is. That person will quiz people in discord, forums, voice chats, reddit etc when they will invariably be presented with an issue that they cannot resolve. Similarly that why people distro-hop.
RTFM response actually trains people to solve their own problems and is the correct way, by first following the process and then only asking when the process doesn't work.
> Where are you getting this from? The whole conversation was newcomers making changes. Code contributions (i.e. changes) are explicitly the "dues" that OSS devs 'pay'.
I was talking about the benefits of gate-keeping in general. I never said anything about specific about code contributions.
BTW, these people will affect code contributions. Much of the Linux desktop is a clone of other systems (typically Windows) to appease users that expect that UI. This actually dominated the conversation for about 15 years in linux.
If we are talking about the newbies. They have to prove they can follow the documentation provided i.e. RTFM.
> If enough of the congregation feels it needs to change, it will (or it will die out). Modern versions of religions look nothing like they did hundreds of years ago, and not all the changes happened due to schisms/ forks. Everything changes, or it dies.
Every group is lead by a minority. The minority in every group, set the agenda, not the majority. That is fact of life, if you think otherwise you are mistaken. Even revolts are usually led by people who are part of disgruntled minority. Every one of those changes would have been made either by someone important in the Church or the state (as the state and the church was typically tied).
Every single one of those changes were made by elites or governments at the time. Not the majority of the congregation. BTW many of the Churches in England and Europe didn't change that much, that why loads of these people migrated in the first place to the US.
BTW many young converts are going to the Orthodox Church because they see it as the most "OG" version of the Church, because some people crave what they believe to be the authentic experience.
I don't think anything you said is explicitly wrong, but I think there is a lot more nuance and that's where the conversation is breaking down.
Such as "RTFM". You're right. People do need to learn to train themselves. That's the most important skill. But the major problem is that noobs are at the beginning. They don't know where to look. They don't know what questions to ask.
The struggle is important, but it can also be too much at times. A senior shouldn't do everything for the junior, but neither should they let them struggle too much. The trick is in the balance. Let them struggle, but pull them back if they stray too far.
If you don't reign them in, then most of them just go far off course. Most of them just get lost and never return. That's not a good situation for anyone. Most wizards come from them not getting too lost while going on this confusing journey. It's more that we just ended up in similar places. But a lot of luck was involved with that. We know the journey itself is important, but you can't tell me that there weren't times that you tripped and fell and they didn't do anything to help you get where you are now (other than learning resilience). We can make things better.
So don't tell a noob to RTFM, they don't even know what the manual is! Point them to the manual, point them to the right section. Say "hey, give this a shot. Let us know how it goes. If you're still stuck we'll probably need to know what <xyz> is". Your "xyz" should always be a hint as to what your guess to the solution is. Gets them thinking about a certain thing they might not have. This still puts everything on them, lets them struggle, but helps prevent them from getting lost. That's not "RTFM" that's "HTM" (Here's the manual)
Really, I'm calling people dumb for gatekeeping the things they enjoy. Things change regardless.
With Linux, you can have your distorts. Because Linux people tend to understand that you don't build "products" but environments. Places to build from. To build in. It's not always but it's a good idea. You can't make a product for everyone, but you can make an environment for everyone. It's why a computer or a phone is so universal but iOS or Android isn't
> You can't have wizards without first having noobs.
But maybe some wizards feel miserable when they are forced to interact 95% of the time with noobs, instead of other wizards? Maybe they want a circle for themselves, as a basic human need?
If you don't want to interact, you don't have to comment or engage.
> Maybe they want a circle for themselves, as a basic human need?
Fwiw, I'm a big fan of having private spaces and niches. It helps to filter this out. I think it is a mistake we make in our community designs, that everything needs to be public or whole cloth (e.g. Reddit doesn't allow subdivisions within the community). I do like that HN puts a threshold on the downvote, but I'd even like a lower threshold on the upvote. Allows people to wade into the community.
But yeah, I think there is a problem now that the majority of communities have no ability to self filter and self form hierarchies. Without this, noob voices tend to drown out experts and frankly, noobs begin to believe they are experts. I'm sure we've all seen the typical CS stereotype of "read first line of wikipedia article, assume I know the rest" type of person...
Oh I am so pissed about the noob guide thing. I have intentionally removed my post about my bad interactions with the Arch community from my website, but if you're curious it's in the history: https://github.com/VegaDeftwing/OpGuidesHugoSrc/commit/dcc07...
The TL;DR: Arch gets harder year over year as the number of ways to setup/options for each piece of your system grows. Hell, even picking a bootloader among 10 options is confusing. A guide that just at least says "This is common for X, this for Y, the others are interesting and may be worth trying. If you don't want to investigate now, use X" Is DESPRATELY needed.
I tried to have that on my site, and a pretty high level arch forum admin came buy and told me to delete my website and made a PR just deleting the page. It was honestly one of the most rude and hateful interactions I've ever had online.
> Hell, I'd love to learn more about the hardware hacking the OP is talking about. Love to learn about those GPU hardware modifications people do. I know it's hacker news, but I'd actually love to learn about that hacker stuff.
This, I feel like ever since the fall of Twitter, a true hackerspace has been missing for awhile.
You can probably find an archive somewhere but it's utility is probably low. It did need constant maintenance. Which was fine. There were enough of us.
In fact, I even got more people to contribute. I used to say the best way to learn Linux is to install arch. To come back to me after your third failure. It's rough, but you learn a ton and accelerate really fast. Telling people to expect failure helps. They know it's not them being dumb and they won't ruin their computer. Plus, they have a safety net and I promise I will help, but the real lesson is the struggle.
Are you referring to the Installation Guide that had everything on one page? The guide now consists of many links, it is no longer on one page which is kind of annoying (still helpful, but there is more friction when using links/lynx).
I do not remember the "Noob guide" otherwise, but I do remember the old Installation Guide which was great as it had everything on one page!
No, it was a bit different. Basically the install guide cut down with more direct suggestions for typical setups. I believe this is it[0] and I also found this reddit post from 9 years ago talking about the migration[1]. Today, that link will redirect to the standard installation guide.
So I think it indeed was the Beginner's Guide, or even the old version of Installation Guide that I really liked, it had all the things you need to get it up and running. Now everything is in its own wiki page and it is really annoying when I just want to use links in one or two tty and do the installing from tty1.
Yeah I've had less time to play around with some stuff so Endeavour is a good fit. Only had one graphics issue with my Nvidia card in 3 years. It was the bad combination of a kernel and driver update (Arch, so both beta). Not a hard fix compared to things I've faced in the past. Been spending more time learning Systemd, dracut, and btrfs (I really like btrfs btw).
There used to be two guides. They kinda merged them, so the install guide got better but the noob guide got worse. Here's the comparison...
Yet telling someone to open regedit, find some deeply-buried branch, create a new binary key, rename it to SetFocusRefreshTimeout and set its value to 0xFFFF is... desktop usability.
It's not, there is nothing essential a regular desktop user needs to edit in the registry directly. For better or worse, Windows has standard framework for things like GUI widgets, settings storage, installation paths. It might support decades of those standards, but I'm pretty sure you know that Linux kernel and Linux the distro are very different, and much more numerous, and logically do things differently.
> It's not, there is nothing essential a regular desktop user needs to edit in the registry directly.
I think that this reads better "there is nothing that Microsoft wants regular users to touch that they need to edit in the registry directly." The distinction between the two doesn't really matter as long as the user's interests are reasonably aligned with Microsoft's, but the modern Microsoft-the-ad-company approach to Windows means that this is not at all true.
>the battle for Linux as THE desktop OS was sabotaged by its most ardent practitioners.
Don't believe that for a second. Industry de-facto standards are a result of power dynamics, and the actual users of the thing wield orders of magnitude less power than they project. If a corporation like MS or Google wanted Linux desktop to happen, no amount of gatekeepers could actually hold the gates.
The reason why Windows is the de-facto standard is because Microsoft put a lot of behind-the-scenes work into making it a de-facto standard. I am meaning them sabotaging everything else, treating the status quo with the famous EEE, many business deals with governments to use it, put it in school curricula, having manufacturers preinstall it to PCs, and bend every piece of connected tech to Windows' direction - hardware drivers, computer games, specialty software, even the internet.
That is how Windows got its desktop users, and how Linux and others didn't really.
> Most of the people were replying with stuff like "why can't you just do <something that involves lots of CLI and more than an hour ro so>" or on the lines of it.
More than an hour? That's very strange, enough that I wonder if you had the right impression of things.
Usually the reason to go with command line is that even though it might be bewildering to look at, slamming in the command only takes a moment and you don't need to do any button-hunting.
It's a tradeoff, is what I'm saying. But you seem to be describing a situation where it's significantly worse in every way. Why would a bunch of people all be on that bad plan?
That may be. But the CLI guys have had the last laugh, no? An LLM can work through a terminal with decades of stability much better than it can poke around constantly changing product UIs.
What's needed is a Dropbox analogue for Linux -- something that doesn't do anything that isn't already possible, but that makes things that are possible accessible to non-specialists.
It looked like SteamOS was going to be a contender, but apparently not.
This is impossible by design. Decades ago there were some distributions that had this as a goal (e.g. Mandrake, Suse), they included an application similar to the Windows Control Panel to manage everything. But such applications can never reach into all the corners, unless the distribution is severely locked down. The example of this extreme is... macOS. And still, there are some cases where dropping into the command line is the better or even the only option.
Back on Linuxland, the userbase realized this about two decades ago, when Ubuntu launched. Having a nice default experience was considered better than having easy tweakability, because Ubuntu could also be configured to the fullest extent in the classic Linux way of reaching into the guts of the system and rearranging things to taste. Not that I would ever recommend tweaking Ubuntu too much, but it can be done.
What about the other end? Most people who like fiddling with Linux by reaching into its internals have settled on distributions such as Arch, where this way of managing the system is expected and thus the distribution works to ensure this experience is as easy and predictable as it can be, by providing a good happy path experience for common scenarios, and providing top-notch documentation for common and uncommon customization options, or minority hardware platforms and devices.
The control panel doesn't need to reach all corners.
Just enough corners to cover day-to-day usability so that new users would be able to help themselves if they get stumped.
That set of corners has been pretty much covered by Windows 95 when it comes to the GUI.
For tweakability, command-line interface isn't unfriendly — the commands are.
People love talking to ChatGPT. This tells you how friendly typing interface is.
I'm not saying that natural language processing should necessarily be a feature of the interface (although it could make a lot of things much smoother), but FFS, an interactive dialogue-based CLI is a much friendlier thing than "figure out the right incantation" paradigm.
One reason that people often overlook is that it's much easier (and much less error prone for the user) to give an instruction that uses the cli instead of a GUI tool, e.g. if someone would ask how to add a new user who's in the usb group on Linux, I would always tell the person `adduser --ingroup usb [username] ` instead of giving the GUI instructions which are longer and depend on what desktop the person uses.
That problem plagues every OS. Fortunately, my 14 year old canon networked printer/scanner/fax works in fedora 42 without any configuration at all. As long as it sees it on the network. Scans too! I was surprised about the scanning lol.
The brother wifi laser printer I have works on everything without any installation at all. Windows, mac, linux, my phones.
People in general are very bad at knowing what the average experience is. We almost all have a predisposition to perceive our experience as being approximately normal, or if not, not too far away from normal. This is especially exaggerated anywhere experts of a domain congregate. They adjust to a significantly biased frame of reference. And that results in opinions that don't fall anywhere within the galaxy of what's reasonable for the vast majority of users of a given thing.
Do ordinary people side load at all? Assuming most people use the phone to do something else, and not for the sake of using the phone, after you get the apps you want/need, ordinary people are likely to just do the same thing/consume the same apps over and over.
If I haven't prohibited him, I am pretty sure my 11 years old son would have installed dozens of pirated games and apps of dubious provenance on his phone.
But I am pretty sure that like any other teenagers since the beginning of time he obeys me, and has only rooted his phone for educational purposes.
When I was his age I had an old Android phone, but I couldn't play LAN with my friends because I couldn't sideload nor buy the game due to parental controls. I borrowed an extra phone from my friend and sideloaded the game there and we could play.
A lot of my non-techy friends have a sideloaded copy of spotify/youtube to get premium features for free. I think they just blindly follow some guide they find on tiktok.
I installed fdroid on a friends phone and they use it install newpipe and keep it up to date, without having a tech savy friend around to download the apk relase from github.
It's crazy how we act like phones are dramatically different than other computers. An average computer user can go to a website, click "download" and then we think the average phone user can't do the exact same thing? It's the same people! They might be used to downloading from one location but it would be laughable to think they couldn't do the normal thing too
(To clarify, I mean apps. Things like GrapheneOS you're going to run into the same issues as expecting my grandma to install Linux. Might be doable but it isn't quite there yet)
I appreciate you sharing, but right now this is a bit too much for the average person.
I don't think it is too much for a motivated average person, but right now people give up pretty easily and people are a bit scared of it. Maybe it is a self-fulfilling prophecy though.
A majority do not, but the article characterizes it more positively:
Sideloading is a fairly popular practice. Our research indicates that 18.3% of mobile users globally engage in sideloading. In some regions, such as the Asia Pacific, the impact is as high as 43%.
A lot of Chinese apps still do. Mostly cause I guess they don't allow Google play store in China (? I think it's blocked, can't quite remember for sure)
Yes, usually when somebody calls them, pretends to be from the security department of their bank, and asks them to install an app to "catch the hacker who just stole $2000 from your account in the act."
In countries where Android is popular (not the US), this is an extremely common scam vector.
Too bad Steam doesn't have an app for actual mobile games. I wonder if there is an agreement between them and Google. I heard there was one with Blizzard from the Epic vs Apple/Google case.
And, worse, it isn't even true, right? As Google keeps adding more and more DRM tech to Android, along with APIs that let apps ensure they are running on "legitimate" software, installing GrapheneOS isn't even a viable option going forward unless you are effectively exiting the entire ecosystem anyway.
Apps have to choose to block using a non-stock OS and only a tiny minority of them do it. GrapheneOS bypasses it for many of them and we intend to get it fully resolved. Regulatory action is in progress for this in Europe already and it will be solved. GrapheneOS users can currently use nearly all Android apps with the exception of a subset of banking/financial apps and a tiny number of other apps. Google trying to crack down further will greatly increase the already incoming consequences in multiple countries for the existing Play Integrity API.
Making it difficult for ordinary people to sideload apps that access their SMS or accessibility features (e.g. screen recording, controlling the phone) is the point.
I think what people on HN really forget is that the average person isn’t equipped to tell the difference between a legit source sideloaded app or a Trojan horse app that some TikTok video instructed them to install.
> Making it difficult for ordinary people to sideload apps that access their SMS or accessibility features (e.g. screen recording, controlling the phone) is the point.
I wonder if they could solve that with delays. E.g. you can sideload, but the process is deliberately delayed to take two full days and require carefully reading warning screens and correctly answering questions about the warnings, then getting time to think, multiple times.
Google changing defaults is a permanent change for some large percentage of their userbase. A subset of those can still figure out how to download and run an APK file but have no further recourse against monopolistic behavior.
Maybe those people do need to be protected from scams. Social engineers have complete control over the user, so any control given to the user is owned by the scammer. Seems like the same problem as pig butchering, a technology or process solution can't save someone too stupid to save.
Thinking about less controversial options for Google, they could track if any side-loaded apps have the dangerous permissions, and provide a global true/false status to other apps that request it. So Wallet / whatever would disable features if any "outside" apps were in a position to exploit the user. And Android could offer a button that cleans up the "problem" apps, setting the global status back to false.
And official Android-based OS bring advantages too. For example, Samsung has lot of proprietary and useful features, and GrapheneOS you cannot use Google Pay (one major feature of a phone).
The primary reason why I haven't bought a Pixel and switched to GrapheneOS is because Samsung's OneUI is just so far ahead of the curve. They innovate new software features years before anyone else does.
And something that Apple has been doing generally from Android (while trying really hard to catch up) - feature after feature and shamelessly releasing it as the next biggest revolutionary thing since the moon landing, or an invention shadowed only that of the wheel and fire.
In fact last few years of Apple's phone advancement has been nothing along with some features which has been Android for years. Or maybe that's not "copying", that's bringing "at par" which is of course different?
That being said, it is a reasonable compromise that, as long as people know that beforehand, losing Google Pay as the price to loosen Google's grip on your data, location and preferences is an acceptable one [price].
Apologies. I misread. Yeah, it sucks that Google Pay doesn't work on GrapheneOS.
Though Google Pay is also probably the least private of the major tech-company payment platforms (the others being Apple Pay, Samsung Pay, and Garmin Pay). It is, I think, the only one that actually requires an open network connection on the phone to work. The others all generate one-time codes that get sent through the payment machine's network for verification by Apple/Samsung/Garmin on the backend (i.e. you can tap an Apple Watch to pay with all its radios off, but you can't do that with Google Pay).
From what I gather, Garmin Pay can work with GrapheneOS if you have one of their smartwatches. And Privacy.com works, but not with tap-to-pay.
As an aside - I think the Paypal app in Germany offers HCE tap-to-pay, and In the UK/Europe 'Curve' is a Google pay replacement that runs fine on GrapheneOS (and they have first-party support for huawei phones that don't even ship Google play services anymore)
"Ordinary people" aren't sideloading apps one way or another. In fact this will help 99% of them, since for them sideloading is mostly used for malware and phishing.
And who's going to put GrapheneOS on an ordinary person's phone in the first place?
The Web installer [0] is not really approachable to a normal Android user. The instructions are dense, loaded up with warnings about dozens of edge cases that are discussed in jargon that would intimidate even relatively tech-savvy users:
What's USB passthrough? Did I install my browser through Flatpak or Snap? How would I know? Did I need to understand the paragraph explaining in detail how carrier models lock users in? There's a bunch of stuff in there about Linux... do I need Linux? What's a sha256 hash and do I need to care?
It's not that this is impossible for non-IT-folks to grasp, but there's no chance that my parents are installing this on their phone.
It would be great if it were easier to setup but tech that works for normal users if someone gets in working for them is still useful. The first time I used Linux a guy at a meet up set up dual-booting and showed me the basics. Now I'm doing it for others.
You're right, but ironically the web installer is the most user-friendly way of installing Android. The GOS page simply documents technical aspects in great detail, but the actual process is no different from the stock web installer from Google[1]. It could easily be wrapped in a similar wizard-like UI without the technical jargon. The reason it's not is because the intended audience who would consider installing GOS is expected to be tech savvy, and they appreciate the details.
FWIW, GOS is an excellent project, but I don't think it's a good fit for non-technical users. But there's nothing stopping someone from creating a distribution of it with a preconfigured Google Play sandbox, some sane defaults and applications, to provide technical support, and to streamline the installation process, or even sell devices with it preinstalled. As long as that entity is trustworthy, it would be a good alternative for people who want to leave the Google/Samsung/etc. ecosystem, but don't have the technical knowledge or want to bother with installing and configuring GOS themselves.
Our web installer is more safer and easier to use than Google's web installer which doesn't include important checks or information. Making a fancy wizard interface instead of having it as buttons integrated into a page is more aesthetically pleasing, but doesn't make it easier. The reason we include a bunch of information is to provide all the necessary information to work around every common issue people run into instead of them needing help.
If the web install guide only had to cover installing from macOS, ChromeOS and Android, it would be significantly simpler. Most of the complexity in the install guide is to work around issues with desktop Linux distributions.
Your installer might be safer and easier, but objectively to the average person the technical jargon is intimidating. So if most of that information is for Linux, then simply moving it to a separate page would make the installer itself more user-friendly.
I have never installed OpenWRT on an home router -- too afraid to brick it, to deal with somewhat manual updates [I think].
I bought a GL.iNet. Totally normie, automatic updates. And then, "Hey look, this is... OpenWRT with a GUI!"
There are some [mobile] brands going on similar direction [albeit one that doesn't seem right to me]. Volla & Fairphone. They provide alternatives. I don't like them [the software options available for them], but alternatives exist, working out of the box.
If the web install guide only had to cover installing from macOS, ChromeOS and Android, it would be significantly simpler. Most of the complexity in the install guide is to work around issues with desktop Linux distributions. People do not need to read or understand the details about desktop Linux if they aren't using it. Similarly, people don't need to read or understand the details about installing a driver on Windows if they don't use Windows.
> There's a bunch of stuff in there about Linux... do I need Linux?
It's very clear about which browsers and platforms are officially supported at the top. Your complaint is essentially that we have not split up the guide based on install platform. That does make it more intimating, but doesn't have much impact on how easy it is to follow it.
> What's USB passthrough?
This is part of a paragraph telling people to avoid installing it from an OS in a virtual machine. This could be written in any guide about using a USB device. It's not specific to the web installer.
> Did I install my browser through Flatpak or Snap? How would I know? Did I need to understand the paragraph explaining in detail how carrier models lock users in? There's a bunch of stuff in there about Linux... do I need Linux? What's a sha256 hash and do I need to care?
People do not need to know about things only relevant to desktop Linux if they donj't use desktop Linux. Including instructions to work around desktop Linux problems doesn't make it harder for other people to install it. They simpler don't follow those parts of the guide because they don't use those things. It might make it less intimating to have it split up based on install platform but we haven't done that yet since we don't really want to have 5 or more web install pages instead of a single unified one. Another option would be selecting a platform with a drop-down menu and changing the guide based on it, but that's overly complex to maintain.
> It's not that this is impossible for non-IT-folks to grasp, but there's no chance that my parents are installing this on their phone.
Our experience shows that the vast majority of people can install it. The main reason someone couldn't is if English is their second language and they aren't capable of reading the instructions.
You're essentially asking for us to split out non-ChromeOS desktop Linux instructions from the guide due to how much of a mess working around it adds to the guide. That is something we could do along with splitting away Windows since it's also more complicated due to not having a USB driver. We don't think this would make it significantly easier to follow, but it would make it look easier. It is easy to follow the guide, especially on macOS, ChromeOS or Android. It's less easy on non-ChromeOS desktop Linux due to various issues with the overall platform, and the same for Windows to a lesser extent (installing a driver).
The reason the guide covers so much is because it covers all the common ways people have issues with their desktop OS or browser which impact following the guide. We added more information to the guide until people stopped needing help with installing it. People no longer typically need any help with it since we covered everything that comes up. Removing the information about troubleshooting and issues with platforms people use would make it harder and less accessible, not more. It's a good thing to have very detailed instructions covering all the edge cases and common issues.
I am legitimately glad for devs of graphene os and for it graphene working in your case but it is not functional if a user needs banking orr streaming apps, or any number of other impacted apps such as mcdonald's or pokemon go.... that is after installing the optional play services, reducing the privacy benefits of graphene.
I own no firsthand experience but read many users require app 2FA to make card payments.
The solution must be social-legislative. The London smog and terrifying auto deaths at 30 KPH were solved but not by niche enthusiast projects.
The vast majority of Android apps work on GrapheneOS. There are tap-to-pay apps including PayPal, Curve Pay and many European banking apps which work on GrapheneOS.
> that is after installing the optional play services, reducing the privacy benefits of graphene.
The only way to use Google Play services on GrapheneOS is via sandboxed Google Play. Sandboxed Google Play are regular apps with zero special access or privileges. They cannot do anything more than any other regular user installed apps. They do not have any access to user data, app data or more control over the device than other apps. They only have what other apps explicitly choose to implement through Google services, which apps can do without Google Play services too. Apps do not need Google Play to use Google services, and Google services are far from the most privacy invasive third party services used by lots of mainstream apps. Privacy from invasive apps is provided through features like our Contact Scopes, Storage Scopes, Sensors toggle, etc. Avoiding 1 particular set of services depended on by privacy invasive apps wouldn't solve that. Users need to carefully choose what to share with apps/services and take advantage of the provided privacy model improvements such as those features if they care about this but still want to use those apps.
> The solution must be social-legislative.
The solution to the anti-competitive Play Integrity API has to be regulatory/legislative but providing privacy and security almost entirely depends on technical improvements rather than laws/regulations which will be largely ignored and cannot solve an international issue without borders.
> niche enthusiast projects
GrapheneOS is a production quality OS made by a non-profit organization. It has a team of full time developers paid to work on it. It's very easy to install, can be purchased preinstalled on devices and has compatibility with the vast majority of Android apps. For most people, they don't have to make any major sacrifice to use it. Using a different app for tap-to-pay or using regular credit cards for it instead isn't really a big deal. There are only a few non-financial apps impacted. Several financial apps have recently explicitly permitted using GrapheneOS via hardware attestation and Block (Cash App, Square, etc.) is in the process of doing so.
My phone is play store free, my SO's isn't. I agree having the play store isn't great for privacy but for the purpose of this thread it isn't relevant.
> but it is not functional if a user needs banking orr streaming apps
Huh? Banking apps not working on GOS are a rather rare exception (which I have not run into ever and I use several), and streaming apps work just fine. I "only" use Netflix & Amazon Prime but other people attest[0] to Disney+, Paramount, Max, and SkyGo working, too – even without Google services.
GrapheneOS is sold preinstalled on devices. People do not have to install it themselves. It's also far easier to install than a desktop OS via https://grapheneos.org/install/web.
The post from Purism is highly inaccurate and is inventing issues which are not real issues along with presenting a product which massive reduces security and app compatibility as somehow solving those things. Dropping mainstream app compatibility and support for the main open source app ecosystem entirely hardly solves a tiny number of apps enforcing using the stock OS.
They ordinary people would be the ones that need this level of protection, since a scammer would talk them into sideloading malware if the device permits it.
It's important to note that the infamous Dropbox comment was not just misguided. It was wrong.
The proof is that multiple competitor products have been launched since, and all of them have had sync issues at some point, with different degrees of severity ranging from sync delays, through data conflicts, up to loss of data in all synced devices. To this day, I still trust Dropbox more than its competition. This includes custom rsync scripts.
No, Murena sells devices with /e/OS which is fork of LineageOS which drastically rolls back privacy and security compared to it. LineageOS itself rolls those back compared to the Android Open Source Project but not nearly as much as /e/OS. LineageOS would be a better choice for privacy, security, app compatibility and usability than Purism's product.
GrapheneOS and /e/OS are very different operating systems. GrapheneOS is a hardened OS with massive privacy/security improvements and a far different appropach to mainstream app compatibility. GrapheneOS can be purchased preloaded on devices including from companies like NitroKey, so that is not something that's a difference between them. GrapheneOS is based on AOSP directly, not LineageOS.
https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://grapheneos.org/features provides an overview of what GrapheneOS provides. It doesn't cover all of the features but it covers a lot of them.
/e/OS lags very far behind on shipping Android privacy/security backports, lags a year or more behind on shipping standard privacy/security patches and does not keep the standard Android privacy/security model or features intact. Like LineageOS, /e/OS mainly supports devices without proper non-stock OS support and without firmware/driver patches. For the few devices they support which do provide those updates, they are much worse than LineageOS at shipping them to users. They don't use standard hardware-based security features even when they're made available to an alternate OS. /e/OS is not a safe option because going months or even years without critical browser engine and OS updates is a serious problem. It is not an academic or theoretical issue. They are failing to patch critical issues and some of those are known to be exploited in the wild.
You can run nearly all Play Store apps on GrapheneOS, but not /e/OS with the much more limited and less secure microG approach. https://bsky.app/profile/grapheneos.org/post/3lamcjfv5r22s explains the difference in approach. Of course, their approach certainly provides dramatically more mobile app compatibility than using the desktop Linux stack on mobile as is being proposed in the original post.
> "The sideloading restriction is easily solved by installing GrapheneOS"
> "Unless they block ADB, I wouldn't say it's accurate to claim they're "blocking sideloading"".
Not to pick on these folks but it's like we on HN have forgotten that ordinary people use phones too. For some of us, it's not a limitation as long as we can solder a JTAG debugger to some test pads on the PCB and flash our own firmware, but for most users that's just about as possible as replacing the OS.