I hope for that too

This is why I use foot in its client-server mode. It allows basically instant startup because the server is already running in the background (even on my Core 2 Duo Thinkpad).

Most Linux users never use anything CLI

Indeed but I’m not talking about “most users”.

Why would Linux phone users use CLI?

You want to automate something with a script or want to create some workaround for something.

But (what I said is that) all of that you can get in various Linux distros too

Sure, but these distros aren’t the go-to choice of tinkerers. As I said for the normal Ubuntu user LineageOS is completely fine. “Proper” Linux phone’s target audience are Arch, Gentoo, Void,… users.

the basic difference for devs is Google/Android SDK

For devs sure but “tinkerers” aren’t always devs. They can just start as someone who just “pokes” into their system and eventually dives deeper, or stays forever at the “fix a thing here and there” level. In my opinion you don’t get this granular spectrum of skill. You either are an Android developer (be it Android app or Android system developer) or Android user. Maybe that isn’t true but the original topic was “why Linux phones when AOSP forks exist” and I think “tinkerers” might think this way about Android.

I honestly did not give much thought to the difficulty of pulling such attack off. With “not sophisticated” I just meant that it’s not complex to grasp. “You just have to pretend to be a different person”. I guess yeah that is pretty difficult.

Yeah I mean it’s often said that any second factor is better than just password so it’s probably not a big deal. My issue is mostly that it’s an attack vector that could easily be eliminated. For example if banks allowed third party 2FA apps. I think I’ve read somewhere, that some banks even only allow hardware keys for business accounts which is honestly absurd.

I stated why OP is painting a misleading picture about xbps-src in my other reply but I guess the only thing you missed is xi. xi is tool that allows you install both source and binary packages. So it’s kinda like yay with the caveat, that there is no central place for user submitted packages.

xbps-src is both a tool to build official packages from source and a way to install Void’s “official AUR packages”. Meaning packages that are maintained by Void/Arch devs but for whatever reason do not belong to the main repository. That’s the only way it’s comparable to the AUR.

But saying that xbps-src is like the AUR is very misleading because it lacks the “U” part. Official AUR packages are only a small part of the AUR.

The difference between Android and “proper” Linux? You said it:

Android is a semi-immutable (heavily modified and basically owned by Google) distro that runs app in sandboxes.

That is not what “tinkerers” want. They want access to the system. I have not tried it but can you even run an android app from the command line? I guess you can somehow but that just brings me to my other point. You kinda have to be an Android dev to tinker with Android, while on “proper” Linux the learning experience is more granular.

edit: indeed running Android apps from CLI is not very tinker-friendly:

https://stackoverflow.com/questions/6613889/how-to-start-an-android-application-from-the-command-line

It’s nothing sophisticated. You just steal someone’s phone number by calling their phone service provider pretending to be them. I don’t know how serious this threat is but for this reason SMS is not considered secure in the “security circles”.

https://www.howtogeek.com/358352/criminals-can-steal-your-phone-number-heres-how-to-stop-them/

https://www.fcc.gov/consumers/guides/cell-phone-fraud

The issue is that the banking app is often the only way to get 2 factor authentication. The other way is to use SMS but that can be hijacked by social engineering attacks so it cannot be considered secure.

I worded my comment badly. I was not talking about supply chain attacks, rather the ability to tinker on “proper” Linux which you don’t get on Android.

The “know it better” is, I think, a big argument, that’s imo often a bit overlooked. Android does not have that much “tinkers” as “proper” Linux has. For the average Gnome DE @ Ubuntu user, Android forks are fine. But if you’re the kind of person, who optimizes their Arch system with cool scripts from Github, you won’t get the same experience on LineageOS. I know Termux is a thing but that feels more like a workaround.

Edit: Had to reword the comment, because people thought I was talking about malware and supply chain attacks.

Edit2 to clarify my point: I think big downside of Android is that if you want to tinker with it, you basically have to be an android developer. With “proper” Linux the barrier to entry is smaller and the learning experience is more granular. Hence why we think “we know ‘proper’ Linux better”.

It does not matter how powerful the phone is as long as the drivers suck. The original Pinephone would have been fine if it had proper standby mode. If this makes it to production, it’s going to be ewaste. Judging by the fact that they don’t mention software challenges and only focus on privacy/foss buzzwords and le epic HW specs.

What CPU do you have? Have you enabled hardware accelerated virtualization in the BIOS? Did you do any tweaking when running the VM? I had a Windows 10 VM on a 2013 laptop, so what you are describing might just be bad configuration.

Enabling virtualization in the BIOS is required for usable performance. Tweaks are optional but I highly recommend them because out of the box Windows VM feels pretty sluggish mainly because of bad graphics configuration. For that I use Quickemu which is a script that automatically sets up your VM for optimal performance. (Works for MacOS VMs too but I have not tried it) Finally you can try debloating your Windows 10 installation with Chris Titus’ Winutil, which btw also includes some useful Windows tools like a GUI for package manager.

CLA is basically a requirement for any larger scale open source project. It would be mental to add a “this single edited line is licensed under X license” to every tiny commit. Microsoft’s CLA does not tranfer rights btw, it just licenses your contribution to M$ under “basically BSD 0 clause license” terms.

I guess sure they could do a ragpull but it does not make much sense. Reasons:

1. they have open sourced it themselves

2. It’s made by M$ for M$. They don’t have competition in the Windows space, so there is no point to hide the code.

Also what would be the worst thing that could happen if they did that? You would either use a fork, because WSL2 is basically feature complete at this points, or you would be have to use a proprietary app on a proprietary OS. Imo the licensing of WSL specifically is the least of Windows’ issues.

Haven’t seen the video, I’m only commenting based on the summary in the comments.

It’s good that flatpak is switching to OCI containers. Hopefully that will end the flatpak’s dependency hell. This week I was looking at flatpak as a way to publish my app and found the user experience (user is the app publisher in this context) quite bad. Could be skill issue obviously.

I thought I could just look into a database of flatpak runtimes, pick the one with the software I need, add additional packages and be done with it. Unfortunately it is not that simple. First of all as far as I know, there is no “database” like archlinux.org/packages. You have to download the runtime and then search /usr/include/ or /usr/bin/ to check if particular piece of software exists in it. Adding additional packages is also quite difficult. There are these runtime extensions which are like “baby runtimes” for special software like ffmpeg, java, etc. They kinda suffer from issues similar to the issues of the runtimes. And unlike in regular distros where you can get a package for almost anything, here you don’t have the luxury and have to bundle that not so popular dependency.

I hope that with OCI I will be able to just provide the binary, a link to the base image and a list of dependencies to install and be done with it.

Fair enough. I guess I imagined someone hosting all the selfhosted web apps that get posted to this forum, when most people likely just host only the few they need on the go, so it isn’t really that burdensome.

Edit: Forgot to add: I always though that it could be useful to just set up Apache Guacamole, so that instead of the hosted services, my family members could just use remote desktop apps but I never got around to it.

Yep my thoughts. New selfhosters think the hard part of selfhosting is command line but that’s “kinda” like thinking that the hard part of math is writing numbers on paper. Terminal is just the medium, not the complex part. Navigating filesystem and editing files is easier on the desktop but changing permissions and managing services would be be extremely difficult for a newbie without using the terminal because (almost) every online tutorial uses terminal. OP would have to learn how to translate the terminal command to its desktop counterpart at which point they might as well use the terminal.

OP also has an XY problem. They asked for a system which does not require terminal usage but they should have actually asked for an easy to set up system. People are recommending things like Yunohost though, so it’s fine in the end.

It’s nice there’s a front end for all these tools but I kinda don’t get why is everything “hosted”. This could have just been a desktop app. I guess it can be useful when you want to convert something on your phone but to me it just seems like unnecessary server maintenance burden.

As I said there are many alternative coreutils (BSD utils, toybox) for the embrace extend extinguish. I just don’t see a model situation because that seems to me like embracing, extending and extinguishing a programming language. Nobody does that because it is not financially viable.

It’s not required to do work, if you want to use GPL licensed software for commercial applications. You need to share your source code, if you modified the GPLed code. But most people don’t modify the coreutils’ code. Are coreutils getting so much work done on them? To me it does not seem like it when this new uutils project managed to dwarf them in performance in some benchmarks.

Anyways I think I’ve read somewhere that the project author is open to change the license, if the contributors want to. I guess someone could open a discussion about it. The issue is that it cannot be people from this comment section because they cannot engage in an adult discussion. I do think it’s worth considering the advantages of changing the license to GPL, mainly that users will be forced to share their potential bug fixes. But people have to cut their Canonical conspiracy crap, which just does not make any sense and only makes it harder to convince the uutils author.

Well the dev said that he does not care about the license. He wanted to create a coreutils alternative with better concurency using Rust as a pet project. He had even stated that he was not interested in the MIT vs GPL drama, yet people here were acting like children over it.

People think it’s some kind of Canonical evil master plan, yet it’s just some random dude slapping a license on his cool new code, without really thinking about it. Also this conspiracy does not make sense at so many levels. For one Canonical would shoot themselves into their foot if they created their own proprietary coreutils, because admins would not want to deal with non-portable scripts. Also there are already the BSD utils, so if they wanted to create their own fork, they would have already done that by now. They won’t because they prefer free labor from FOSS devs.