I really hope they figure out a good solution for this problem. One way I distinguish between a "real" computer and a toy or appliance is whether you can use the device to write software for it. With Termux, you can write Linux-style programs on the Android device itself or even build full Android apks.
One of the other awesome things about Termux is that you can use it to setup a pretty complete ARM Linux environment on an Android device in a few steps: https://wiki.termux.com/wiki/PRoot
But you pay 750$ for a 3GB quad core phone; I've got these specs on a 300€ OnePlus One five (six?) years ago.
Sure, replaceable battery and open hardware are a _very_ good thing, but the value/$ of these phones are horrendous. That's not to defend OnePlus or any other manufacturer, but when I can get a high end Samsung or Xiaomi device with 4 times the specs at every corner for the same price or less and simply install Lineage on it.
I definitely support the effort and I love that they finally got the design modern, but those prices are hard to swallow, even for someone pretty privacy-focused.
They're serving a niche market, which will always come at a cost. Your Samsung, Xiaomi, ASUS, OnePlus or even Google device will not be running a mainline Linux kernel with wholly open drivers (ala x86) unless you get very, very lucky with your hardware choice (even the pmOS folks admit as much). You don't want to be stuck running a downstream LineageOS kernel with random patches and userspace binary blobs; it's a recipe for your device getting harder and harder to support and being dropped altogether, even by the ROM-development community.
> Your Samsung, Xiaomi, ASUS, OnePlus or even Google device will not be running a mainline Linux kernel with wholly open drivers (ala x86) unless you get very, very lucky with your hardware choice.
Only half true. There is a lot of activity on linux-arm-msm, and mainlining is much easier than it would have been a few years ago. Snapdragon 845 has great support (3d accel, modem, all that) and if your specific phone isn’t ported yet, you just need a hundred lines or so of board-specific config.
Personally I’ve been mainlining my Xiaomi Redmi Note 8T, with an SDM665, a phone released Nov ‘19. It’s only taken a work week or so to boot pmos and get a shell over usb, the drivers are already all there. It would be a lot faster if this weren’t my first time ever doing kernel dev.
Yeah, it’s a lot of engineering effort, but it’s well within the scope of an evening-hacker community project.
Yes, of course you can have a "lucky" platform that ends up getting more support from hobbyists and OEM's alike. The SD845 gets used (in an overclocked version) for ARM laptops, that's why there's a lot of interest in having it work "properly" and even be usable as a comparatively "free" platform. Most Snapdragon chips do not get the same level of support.
As I said in my reply, I have been porting my phone which has a 665, an SoC released 2 years after the 845, and it's a pretty smooth process. Each SoC has a different topology and vendor quirks, but they use the same few drivers and interconnects (glink, rpm, smd, etc). Many of the drivers I am using are for components more recent than the 845, upstreamed by Linaro and Qcom folks.
These phones are primarily about user-freedom, privacy and my ability to do whatever I want with a device that I've purchased, without restrictions imposed by the OEM.
Also, honest question; What do you actually 'use' the latest specs for? These Android/iOS phones are basically all about media consumption, something that has been sufficiently performant for years. You have great hardware, but no software to take real advantage of it.
On the other hand, the Linux phones can do so much more on the software side that if they do become successful enough for a second/third... generation with more powerful hardware, it would be much more noticeable than a paper spec bump.
> What do you actually 'use' the latest specs for?
Increasingly inefficient consumer software!
If everyone else were stuck on old hardware it might stop being a problem, but when you're lagging behind everyone else's hardware you're going to notice it.
> Also, honest question; What do you actually 'use' the latest specs for?
Browsing, chatting, navigating and some smaller task. Don't get me wrong, the hardware specs aren't _bad_ and 3G are okay now, but this phone costs as much as all three smartphones I've owned combined and I don't think this will be enough 5+ years in the future, which would by my expected lifespan of this device. Adding to that are the singular speaker and, by todays standard, rather weak camera offering.
Again, don't get me wrong: I'd love to buy one of those and support their (absolutely great!) cause. It's simply hard to justify the investment, when 700$ are a lot to me.
AT&T and Verizon, two of the largest mobile data conglomerates in the US, have stated their intentions to shut down 3G service in favor of 5G by February 2021 and December 2020 respectively.
I think that quote refers to the 3 gigabytes of RAM of the Librem 5 that was mentioned higher up in the chain, not the 3G wireless technology:
> But you pay 750$ for a 3GB quad core phone
Both Librem 5 and the Pinephone support LTE, although no 5G.
You are entirely right that phones which don't support LTE will have major usability regressions very soon so when you buy an older model phone you should really watch out to buy LTE capable ones.
Basically I'm using Firefox, K9 for email, WhatsApp and Telegram to chat with friends, OSMAnd to plan and record bicycle tracks. Phone and camera. Plus mandatory banking apps or I won't be able to do home banking.
If I buy a Linux phone I'd have to keep using my Android phone probably as my primary device. And I've been using Ubuntu laptops as my only working devices since 2009 so I'd love to use an Ubuntu phone. Unfortunately it lacks at least half of the apps I need.
The one app among those you list that will always need a stock Android install is your home banking app. Everything else is either open (including Telegram) or will most likely be runnable in Anbox, which is a high priority for all Linux-on-mobile projects.
> The initial proof-of-concept was done on an Ubuntu Touch based device. Since then Anbox has evolved quite a bit, making desktop devices its main development focus. However, recent experiments show that Anbox still runs fine (with a few tweaks and lifted confinement because of older kernel versions) on mobile devices based on Ubuntu Touch.
and the link to Ubuntu Touch is
> 410: Page deleted. Ubuntu for mobile is no longer supported
as we all know. I guess other companies could be working to make Anbox run on their hardware but I'm not expecting anything in a short time. However I could use Anbox on my desktop for a few apps.
I have more than one bank. Work and personal and separation of risk. Of course they have a web interface but almost all of them also need their app for two factor authentication and authorization. The EU directive of about one year ago.
Only one of them lets me still use a hardware key but they won't replace it when it will run out of battery.
I wouldn't be surprised if OP had truly mandatory banking apps.
I use Revolut, which has no web interface.
My main bank does have a web interface, but because they've made a complete mess of implementing PSD2, they also require you to use their app on a non-rooted device to confirm any web login.
Any Android phone can do so much more on the software side.
One just needs to treat them as Java based OS that happens to allow native code for high performance 3D graphics, real time audio and integration of C and C++ libraries.
Can they? You cannot reasonably run any mainstream compilers, editors etc. on Android phones. Nor can you develop Android apps on them, (without something like Termux), nor do a gazillion other things you can do on your PC. They're at best crippled pocket computers, whereas something like the PinePhone runs mainline Linux and can run KDE Plasma/GNOME etc.
Does Android have more simple podcast apps and the like? Sure. But Android's well over a decade old, while mainline Linux on phones is just getting started.
This topic is about Termux, an app that aims to provide a Linux environment on Android.
I can treat it as a "Java-based OS", but then I don't get the benefits of real Linux so am not sure what the advantage is.
My dumb phone was also "a Java based OS", iOS is just an "ObjC/Swift based OS" etc. The only thing this mindset does is to ignore the restrictions by giving into them and am honestly not sure why would one do that.
> Just because one cannot use GNU/Linux command line it doesn't make it less usable.
Sure it does, this very topic is about an app that does precisely that. If one doesn't need that, they didn't need Termux and thus of course this whole topic does not apply to them.
Except Linux kernel on Android is heavily modified, nowadays it even has a microkernel like architecture thanks Project Treble and Modular System Components, where only ISO C, ISO C++ standard libraries and the Android Native APIs are guaranteed to exist across devices.
Android 12 could be released with Windows, NuttX, BSD, Fuchsia kernel and hardly anyone that has kept using Java or NDK official APIs would hardly notice other than OEMs.
Anyone looking at it as Linux is only fooling themselves.
GNU/Linux has lost its mobile OS/desktop opportunity. Every major company will just pick the Linux kernel, tailor it at their own will and place their beloved userland on top.
And on the servers I give it like 10 years more for it to be made mostly irrelevant for managed runtimes being deployed on cloud environments running on type 1 hypervisors.
> Android 12 could be released with Windows, NuttX, BSD, Fuchsia kernel and hardly anyone that has kept using Java or NDK official APIs would hardly notice other than OEMs.
Agreed. However this whole conversation concerns Termux, an app that made it possible to run some "desktop-grade" GNU/Linux tools on Android. This is despite the fact that the kernel itself is far from mainline, which however is rather unfortunate.
> GNU/Linux has lost its mobile OS/desktop opportunity.
People keep saying this, but depending on how you look at things, it both never had it and never lost it.
never had it.) because OEMs were only ever preinstalling PCs with Windows and thus Linux was always at a massive, massive disadvantage. Changing the OS is for the majority of users an unthinkable obstacle and am not even sure the majority of them are aware it is something that could be done.
Keeping the above it mind,
it never lost it.) because for the users that were willing/able to overcome the first obstacle, Linux was and remains a feasible desktop OS for at least 15 years. I know, I've been Linux-only everywhere for longer than that. It's never going to be #1 on the desktop, but it doesn't need to be. If we were to measure everything that way, all music genres besides Pop and Hip-Hop are basically useless because they never reach the top of radio music charts.
> Well, mainstream music is usually timeless, while less known genres just fade away when the generation that brought them up is gone.
Hardly true. It's just they don't have the massive marketing machine of radio mainstream behind them, so they tend to have their dedicated fanbase and that's that.
> GNU/Linux had its opportunity with OpenMoko, Maemo, netbooks, Steam machines.
> OpenMoko & Maemo were fine Linux phones and many still swear by them to this day, but you seem to discount the power of marketing. Is not that your casual users knew about Maemo and just didn't like it. They don't even know it exists. Technical merit only gets you so far.
Also, given the above, there's nothing that is different about the current situation that is preventing the PinePhone/Librem 5 to claim that niche. I don't know why you have a hard cutoff for the opportunity there as being 'missed' and now nothing can be done.
> Termux can provide a similar experience via Java/Kotlin, ISO C and ISO C++ implementations instead of relying in Linux specific calls.
That's a metric ton of more work than I imagine the team has time for.
Termux can do a lot of things. but with a hostile upstream venodor it's going to take a lot more effort than it would take to switch to a Linux phone for a better experience, at least in this regard.
> I don't know why you have a hard cutoff for the opportunity there as being 'missed' and now nothing can be done.
I guess, because after all these years GPL seems to have lost steam, with GCC and the Linux kernel being the only GPL relevant pieces that are still around.
With efforts like Fuchsia, ARM mbed, Linux Foundation's own Zephyr OS, Amazon's RTOS, BSD adoption as basis for game console's OSes showing the direction where this will be going.
So most efforts to have a pure GNU/Linux device are bound to not survive long enough to keep a sustainable business.
> because after all these years GPL seems to have lost steam
I don't see how. The non-GPL efforts you mention are all in places where it hardly was GPL before or if it was, it was packaged in such a way that it hardly mattered.
Game consoles always used BSD because game companies are notoriously proprietary and don't care about free software, but they never did, so hardly any change there.
Android's kernel is GPL which does help as there's an ongoing effort to mainline more and more Android patches, but from an end-user perspective, because the userland is not GNU and Google never actually cared about Android as FLOSS a kernel change for Android doesn't mean much unless Android's current patches are mainlined and hardware OEMs start producing mainline-linux HW, at which point a differnt kernel would indeed be a loss for Linux, but as of now, nothing would fundamentally change, because it never meant much to began with.
> So most efforts to have a pure GNU/Linux device are bound to not survive long enough to keep a sustainable business.
If so, this has nothing to do with the GPL.
Say the Librem 5 ran a BSD kernel. How would it suddenly become mainstream without Samsung's marketing budget?
If anything, the GPL is doing better than ever precisely because the issues around privacy are becoming more mainstream. I have family members asking about alternatives to iOS/Android that were not asking these in the OpenMonoko days, which gives me hope.
On the desktop, we now have Microsoft contributing GPL'ed code, which is something. Companies like NVidia do too nowdays.
I suspect what you may be perceiving is that unicorn SV startup libraries on GitHub tend to not be GPL and that's true, but I don't think they'd be releasing any code otherwise, since they don't care about free software in the first place, so in that sense it's at least a compromise.
"First hardware kill switches; first replaceable cellular modem and Wi-Fi/ Bluetooth (on M.2 cards); first smart card reader (for 2FF OpenPGP card); first running 100% free software; only current phone to offer convergence as PC without special hardware"
“It's also one of the few phones to have hardware baseband isolation - making you immune to IMSI catchers and other cellular-based attacks.”
In addition, because all software is free, "Respects Your Freedom" certification [0] from Free Software Foundation is expected [1]. Tentative recommendation has been given [2].
Sounds like you value the open/libre aspect at $0. Not everyone feels the same way: Those phones are for people who value the replaceable battery and libre stack at $x where x > 0.
Sure, there's a market for these phones and I absolutely do not speak for everyone :)
Still, I can get a Samsung Galaxy A20e for 150€ right now, which has about the same specs (actually slightly better) and spend two hours to get Lineage on it.
My point is, I do value my privacy a lot, even to the point of running my phone without GApps (which drops a lot of features), and I think these projects are absolutely awesome, but with their current offering those phones are simply not a general solution to someone with a budget.
> A PinePhone/Librem 5 will also always be capable of running emacs/golang etc. which is not easily doable on Android if termux isn't possible anymore.
So can a phone running Lineage. The thing blocking termux is a config file; any phone that isn't locked down can handle it.
You're not getting all of the openness for free, but you can get a lot of it for free.
I think it's important to point out that you'll always rely on proprietary blobs and generally hostile hardware that way.
For now it's a config. As these things progress and get more locked down with each release in the name of security, it's going to be harder and harder and I don't want to scramble the moment it is practically impossible. I'd rather push for a free, open, libre hardware now so that the polish is there when there's no alternative.
I have certainly seen a much longer lag between a phone release that is not a Pixel and it being rootable+able to run Lineage compared to the Cyanogen days.
I've also noticed that nowdays, few phones are able to run more than one newer major Android version ahead because the OEM will simply not release the firmware needed to run newer versions and Lineage doesn't have the capacity to update/release their own firmware rebased against the latest Android, (I am talking about things such as the radio firmware, OnePlus is a famous example I know of).
These phones are for people willing to push the boundaries of free software and early adopters. This is for the people who ran early GNU stuff in the 90s, not the ones who said, "well, I can get a more polished toolset from <insert commercial vendor here>"
Unfortunately, by doing so you'll always rely on proprietary hardware blobs and hostile vendors who will make it harder to patch whatever you want to patch with each release in the name of "security" and will never offer anything close to an actual GNU/Linux experience on a phone.
I also don't see how a process that requires rooting, patching etc, is any more prone to mainstream adoption than an actual Linux phone.
The thing is, if one wants to move a cause somewhere, it may require some inconveniencing at the start for the long-term vision to pan out.
Working with GCC was surely a bit painful at the start of the 90s, but it was worth it for the goal of having a free software stack on the desktop and now it's time to do the same for the phone.
Linux phones are nice since they provide things like mainline kernel support which is important for the long term, but many cheap Android devices can be modded to run custom firmware. (The PostmarketOS is working on providing "baseline" Linux installs for those devices.)
I am a big fan of PostmarketOS, but that being said, you still need to patch the Mesa libraries to get hardware acceleration working on an old Nexus 7. They want to do a lot more work, but it's difficult with all these garbage/trash ARM devices out there.
If Google gave a shit about e-waste, they'd mandate UEFI+ARM like Microsoft did with their phones (except without the locked bootloader). Trying to get drivers to load an work on every ARM variant is a nightmare compared to x86.
I am still surprised Google gets almost no flack for this. Chromebooks are particularly bad offenders. They're basically disposable laptops with an incredibly short lifecycle, where even browser security updates end when Google decides a laptop has left support. It's ironic Chrome is supported many years longer on any given Windows PC than any given Chromebook.
Google loves claiming to be environmentally friendly, but disposable computing is practically their default mode now.
Not sure what's "bad" about Chromebooks, seeing as you can unlock them and install standard firmware. Then your only obstacle to using them as you would any other laptop is OEM hardware that's sometimes not supported by the mainline kernel, and a mildly non-standard keyboard. Android is a lot worse than that, many devices are not even OEM unlockable in the first place.
They might be unlockable, but at that point they're disposable to a business or school environment.
A PC shipped with Windows 7 in 2009 can run Windows 10 for free and the latest release of Chrome, supported officially by Google. If you upgraded from XP or Vista, many of those PCs can still run current Chrome just fine. The max life of a Chromebook as a Chromebook is like six years.
You would unlock them after they've reached EOL w/ their supported OS, for the sake of resale value and thus reuse. It's not much of course, but it's better than a lot of mobile hardware.
> they'd mandate UEFI+ARM like Microsoft did with their phones (except without the locked bootloader)
I approve, but is that sufficient? UEFI gives you a better booting situation, but I thought you still needed device tree or something to handle device enumeration? Or does UEFI do that?
EDIT: In an attempt to answer my own question, I dug up https://elinux.org/Device_Tree_What_It_Is#UEFI which implies that UEFI can replace device tree and give you an actual uniform platform. If I'm getting that right, then that does look like the best possible solution.
> but that being said, you still need to patch the Mesa libraries to get hardware acceleration working on an old Nexus 7.
Why are these patches needed? If the issue is that graphics has to rely on a proprietary binary, then that's sad but not something that Mesa can do much about. If no non-free code is required, it should be possible to push these patches upstream and make the support official.
Also worth noting that one of Google's long-term goals is to make Android bootable on mainline. They've been slowly upstreaming the patches they built into Android's base kernel, and their Treble roadmap involves further isolating the hardware drivers, to enable running a generic kernel across devices.
Yes and AIUI, libhybris is working on supporting those userspace hardware drivers on a non-AOSP install. The postmarketOS folks would rather do without using downstream code/drivers/firmware at all and keep everything upstream based, but some devices will need this and it might also be useful for quick bring up on new devices.
Given that you guys don't list Linux APIs as something that one can count on as stable NDKs APIs, require us to manually write JNI wrappers to access 90% of OS features, no not really.
It could be running BSD or Windows and we would hardly notice.
Depends how much the Chocolate Factory Oompa-Loompas are willing to actually offer a C and C++ development environment comparable to other GNU/Linux variants.
Better ask Willy Wonka if it is ok to do so, and by Android 20 we might eventually get it, if it takes as much as sorting out header files, build tools, native dependencies, gcc and clang support and finally listening to game developers as presented at GDC 2020.
Tablet companies really need to realize that a decent tablet with a decent dev experience is going to lead to an explosion of developers on their platform and result directly in way higher quality apps and therefore way better sales and brand.
Imagine if websites couldn’t be developed on normal desktop computers and you had to run an extremely inefficient emulator every time you wanted to make a small notification.
About once every 2-3 months, something would be changed in ChromeOS that would break the crouton installation. The solution could be as simple as updating crouton, only 15-30 minutes of lost time, to switching to/from a later development version of ChromeOS, 3-4 hours of lost time as the entire hard drive is wiped and you need to rebuild the environment.
The use of a Linux environment in ChromeOS should only be viewed as a toy, because the ChromeOS developers are willing to break it at any time.
I'm not sure what you're talking about. Crouton is different from Crostini, and it's Crostini that is the default/built-in Linux container on Chromeos (on a Pixelbook). I've been using Crostini on Chromeos since November 2018 and I've never had "the hard drive wiped" or had to rebuild the environment. I'm trying hard to recall anything that's actually been a bug. I'm sure there've been some. Mostly they've been rolling out increased features on a pretty regular basis, with few hiccups. It's not a great solution for everything, but, to me, it's been surprisingly robust and useful.
It certainly is not "a toy". The Pixelbook is a beautiful piece of hardware, but I wouldn't be using it (at least not as a contented Chromeos user) if it didn't have the built-in Linux container.
I do follow Chromeos/Crostini/Pixelbook forums somewhat online. I know I've seen some people griping about problems caused by updates. From what I can tell, a very large percent of these people are ones who were using Chromeos/Crostini with the 'dev' or 'beta' branch, so they could get new features on their device sooner. I've been on 'Stable' and have had few complaints.
Chrome OS historically has been the most thoroughly mediocre desktop experience available on any device. Inferior to windows, traditional Linux, or Mac worthy of note only in that one could find one at Walmart for $200.
Between launch in 2009 and 2018 the necessary escape hatch to run real Linux was a flaky tool called crouton. 9 years later a better but more complicated tool exists with caviates like
> Can I run X programs?
>Yes, although you might run into some compatibility kinks, and it probably will never be as perfect as running a traditional X server. However, with the wider community moving to Wayland, it should be good enough.
So running real Linux but somehow less capable than wsl?
I understand why people buy $200 devices to watch Netflix on. I do not understand people buying expensive fake Linux device, learning a complex chrome OS specific framework to sort of run actual Linux applications that would be trivial to run on an actual Linux computer out of the box.
It speaks of an enjoyment of complexity for its own sake. This isn't exactly a sin. People also like to say make their own clothes but it's rather hard to recommend.
Well, I bought my first computer (TRS-80) in 1979, first laptop in 1990, and I've had lots of different computers. MS-DOS, nearly every version of Windows, Linux versions since 1995, never a Mac OS but I got an iPad last year. Right now I have one Windows laptop, one dual boot Windows/Linux laptop (mostly Linux), a Raspberry Pi running Raspbian Linux, the iPad, and the Pixelbook.
I got the Pixelbook on sort of a lark, on sale for $699 back in November 2018. The hardware is 8GB, Core i5 processor, 128GB ssd, 2.4 pounds, beautiful 2400x1600 (that's 3 by 2) touch-screen display, high quality construction, excellent keyboard and trackpad. 10 hours battery life. And fanless. (Also 2-in-1 form factor, flips around for use as tablet.) I didn't expect it to become my main computer, but it has.
Complex? Well, I don't know about that, but they do say the mark of a good product is that it makes complex things seem simple. Or something like that. That's what I'd say, anyway, about the Pixelbook. Best machine I've ever owned. I'd rather be running full Linux with i3 window manager, but it's not worth switching (and giving up instant boot and higher security of Chromeos).
I don't think I'd recommend Pixelbook/Crostini if you're heavily into x-window apps on Linux. I rarely use them; I'm mostly just on the console/terminal and it works well. I've tried Firefox in Crostini, works fine, but it's not as snappy as Chrome.
RE: Google. I'm not a fan of Google, so have to get past that when liking the Pixelbook. And it seems Google is not very good at supporting their hardware. Fortunately, I haven't had anything go wrong. At some point I will want to upgrade to a more powerful machine, I expect. Light weight (the closer to 2 lbs the better), good battery life, and fanless operation are important to me, and I'm not sure there's any machine out there that I'd pick over the Pixelbook right now. At least not for a reasonable cost. Pretty amazing given that Pixelbook came out in 2017 and I paid only $699 for it.
The chromeos boot actually isn't quite instant, even if they call it that. But it is not at all suspend to ram; it's a full boot in the space of a few seconds. Of course, most of the time I just do a suspend, like an ordinary notebook. But the lighter-weight less resource-intensive chromeos is a benefit, snappier than Windows or OS X would be on the same hardware, that's for sure.
Ha, not surprised you don't believe security is better.
Security is on the level of iOS or Android, everything is sandboxed. ( https://support.google.com/chromebook/answer/3438631?hl=en )
And updates are as smooth and unobtrusive as they are on iOS or Android; don't get me started about problems with Windows updates.
Really, it's not bad. It's surprisingly really good. Of course, if it weren't for Crostini/Linux it would be too limited for many people to use as their main computer. But with Crostini, it's pretty great for the right users. Pixelbook hardware in particular has a quality feel, makes you feel good just to use it. And the software has a polished feel, too. It just works. Windows, in comparison, feels like a clunky mess; a complex, clunky, mess.
Looks like Crostini is the official tool that duplicated the functionality of the the more homebrew Crouton. Crostini came out in early 2018, which was about half a year after I gave up on using linux on chromebooks out of frustration.
As a Linux user, the last thing I want to do is use a computer controlled by Google. I am however typing this on a Mirosoft Surface Pro 7 running Linux.
About 3 years ago my 2012 MBP finally gave up the ghost. I was traveling frequently at the time and still had my trusty Mac Mini. So I decided to get a tablet. I did tons of research and it came down to a spec’d iPad Pro with all the bells and whistles vs. a mid range MS Surface. I’m an engineer so I need to code.
I got caught up in the Apple fanfare, and shame on me for not doing better research, but the thing was near impossible to use for coding. It’s a beautiful tool, but not one that fit my development needs. I ended up using it as a 2 monitor for my Mac Mini and a media consumption device. In hindsight, I shoulda went with the Surface.
All I wanna do is be able to code on an iPad. Yeah I know it’s currently possible, but have you tried it!? Is that asking too much?
I don't buy that argument. Game console developers don't develop on the device they're targeting, and it hasn't really hindered them. So why do mobile devs need to develop on those devices? Mobile form factor and UI just isn't suitable for software development, and the companies making them realize it.
There's a lot wrong with Android development (IMO), but the lack of an on-device dev environment isn't one of them...
This never made any sense to me -> going from a multi-monitor setup to a laptop feels like i am handicapped man suffering from tunnel vision. I can't imagine what coding on a tablet feels like.
> Tablet companies really need to realize that a decent tablet with a decent dev experience is going to lead to an explosion of developers on their platform
Depends on whether you have bothered to open them up and remove the hardware-based firmware write protect. The process is highly device-dependent, and seems to be entirely undocumented for many Chromebooks and other ChromeOS devices. YMMV.
You don't need to open it up for developer mode, which lets you mess around as root, chroot into a Linux distro, give the chroot control of the screen...
"Developer mode" is incredibly brittle. If you don't press the right key combination at boot, your user partitions get formatted without warning and you lose all data. That makes it essentially a toy, not a real "developer" device.
I see your point, but it's not as bad as that. Pressing the right key combination is optional, and all it does is skip an annoying beep. Factory reset isn't triggered by inactivity, it's triggered by pressing space and then confirming.
It may have changed in the past two years, but there was a 30 second splash screen saying "Press space to continue". If you press space during that time, it will "continue" to safe mode, wiping your entire crouton environment. There was no indication at all as to the key combination needed to skip the 30 second wait time.
Has anyone stuck a Teensy or arduino or something inside of a Chromebook to automatically send the right key combo? Seems fairly simple to me to do, but I don't have a Chrome device to test that on.
Various pi boards have been retrofitted into laptops but a Pi Zero in particular is a downgrade in performance from just about any relatively recent laptop/Chromebook. As some of the sibling comments mention, there is more involved with resetting than an accidental non-action during boot.
Even better you can switch to coreboot and load Linux, there's even a Chromebook-specific distro, https://galliumos.org/
I'm really starting to despise most OS's for having such an overbearing security policy. I think it's really why I've stuck with Windows for so long. For sure Windows is not as user-stupid as something like macOS, iOS, Android, etc... but for me as a power user it's just about as powerful as I need to be.
I'm not even considering *nix distros here because honestly the market for every day users for something like Ubuntu or Mint is really small, and those are possibly the most end-user friendly.
I hate that macOS is starting to go the iOS route of only letting me run applications that are Apple certified. No, I do not want to open system preferences every time I want to launch something. I am a power user. Put it behind some shell command or something... but have it easily documented and marketed towards people like me.
At least we can still sideload with Android. Some changes to the API like this those are just so annoying. Yeah there's going to be some apps that just need pretty much unlimited access to my device. But that's OK. I've accepted that.
As someone who has been on Linux a long time, but still has to support family members using Windows, here's my perspective:
1) Linux is usually easier in the "happy case", where everything works as it should, and it supports everything that the user needs.
2) Linux is way way way less likely to just change something and break the whole system while the user is sleeping. (This was REAL fun with my grandparents-in-law when their Dell All-in-One PC decided to upgrade itself from Windows 8.1 to Win10 despite Dell not having drivers for Win10 on their fancy custom monitor. I have to fix it for them every 6 months now.)
3) Searching the web for Windows solutions to your issues without being a computer expert feels like it has a >80% of infecting your computer with malware or getting you on the phone with a scammer. As a computer expert it's like 20% (not even zero!).
4) Fixing a Linux problem can be painful, but is often "copy and paste these config lines into this config". Arcane.
5) Fixing a Windows problem can involve having to go into the registry, which can't be copy/pasted and is extremely difficult AND dangerous. (There probably IS a way to copy/paste it, but I don't know it).
6) That said, it's easier to fall off the "happy path" and into real trouble in Linux. Fixing the issue by randomly clicking stuff is more likely to work in Windows than Linux.
7) It's way easier to find someone you know to help you on Windows than Linux, for now.
8) Gaming is still so much better on Windows, unfortunately, but the gap is closing.
9) The few times I've gotten family members to try Linux, they called me LESS often for support. Even on laptops!
10) Windows is becoming increasingly user hostile in every way. Ads, forced updates, forced settings changes, privacy issues, etc.
> 9) The few times I've gotten family members to try Linux, they called me LESS often for support. Even on laptops!
This is so true.
All my family members are on Ubuntu, and it just works without any support. For many many years. Sometimes when I visit them I click on update to the next LTS. By the time I have to leave it is updated and runs again for 2 more years.
Where supporting Ubuntu falls over is when I try and support "power users".
There's like an uncanny valley of competence, between completely naive users who just let things run and experienced users who know where the red lines are when using sudo.
So far I've seen the following breakages:
- completely fuck up apt somehow such that it refuses to update or fix itself
- overwrite packages with their own compiled versions
- mess with the system installed scripting environments
- try and install a new kernel or graphics drivers (usually not even to get something working but because it's "new") and consequently break the boot somehow.
yes, true. But what alternative do we have? If such a power user breaks windows registry in a _really_ bad way, the fastest solution, by far, is to just reinstall anything. And, again, if you are smart about having your /home folders on a separate partition, reinstalling Ubuntu is way faster. So even in this worst case scenario Windows loses.
The registry has multiple automatic backups to the point you can delete the entire thing and not need to reinstall or use external backups, system recovery boot mode will handle it.
Debian Stable is king when it comes to the "just works" POV. They only release a new stable version after every known update bug has been ironed out, so the process is consistently flawless. Recent versions will even install security updates for you, with no user interaction required.
I really wish I had known about Debian Stable when I made the switch to Linux. My first Linux comp was a nightmare because the specific combo of Ubuntu (early 18) and hardware had a myriad of issues. I ended up switching to Ubuntu 16 which worked much better and from what I now know Debian probably would have been even less trouble.
The big problem with Debian stable as an end user OS though is that all the software on it is really outdated, and as soon as you go trying to run more recent versions of applications on it you run into the same issues you were trying to avoid with stable.
Imo it makes a lot of sense as a server OS, but not so much for end user application software.
You can use officially-provided backports or flatpaks to run more recent versions, if you really need to. I don't think it's more out-of-date post-release than Ubuntu LTS, which is what the other poster was referencing.
>) Fixing a Windows problem can involve having to go into the registry, which can't be copy/pasted and is extremely difficult AND dangerous. (There probably IS a way to copy/paste it, but I don't know it).
You absolutely can copy/paste registry edits.
You paste the edit in a plain text .reg file and let the system patch it in for you.
I'd much rather run a narrowly scoped (diff-style) .reg file than unpack an entire configuration file from a .tar.gz and potentially blow away existing settings (which has happened to me more than once when installing system updates...)
The outer post was talking about helping family members with their computers. They're gonna be dragging files around in the Linux equivalent of Explorer, not extracting stuff to tmp and manually applying diffs. So doing a 1:1 comparison on that basis, the Registry has the standard tools of the trade on Linux beat. There's certainly no particular reason you couldn't send someone a .sh file that manually applies your diffs to grandma's config file, I guess...
FWIW I've had Ubuntu system updates blow away entire config files (helpfully setting the old one aside, at least) instead of applying diffs, but maybe that was the package maintainers being naughty.
> Linux is way way way less likely to just change something and break the whole system while the user is sleeping
I take it you have never had to try and correct a system broken by seemingly innocent-looking aptitude or RPM package upgrades. :-)
> Fixing a Windows problem can involve having to go into the registry, which can't be copy/pasted and is extremely difficult AND dangerous. (There probably IS a way to copy/paste it, but I don't know it).
I’m really not sure the registry is any more “dangerous”. For many everyday users, I would guess that the perceived complexity of the registry and of configuration files scattered throughout the system are really about the same. Both can appear cryptic and fragile.
On the one hand, you might accidentally delete something important in the registry. On the other hand, you might forget a quotemark/character or get some indentation wrong in a configuration file and be surprised when the entire thing breaks.
> I take it you have never had to try and correct a system broken by seemingly innocent-looking aptitude or RPM package upgrades. :-)
Keep in mind that on Win10 you don't even have to click a button, and the updates aren't even avoidable.
> I’m really not sure the registry is any more “dangerous”. For many everyday users, I would guess that the perceived complexity of the registry and of configuration files scattered throughout the system are really about the same. Both can appear cryptic and fragile.
I dunno, once they are in the registry, it's like putting every config file on the whole system into their home/documents directory...
I support several family/friends that are computer novices. It's super easy. Just install the latest ubuntu LTS, drag off all the icons except for the settings/sound (for earphones+microphone) and the browser icon.
Instead of weekly complaints (lost windows, things changing, sound not working, etc). I get the occasional query once a year or so. I can login remotely to tweak things, or share their screen if need be.
WAY WAY WAY less pain then it was under windows.
Zoom works and video hangouts work. Webex does not, but that doesn't seem very popular with home users.
>It's way easier to find someone you know to help you on Windows than Linux, for now.
Really? Windows seems to be losing developer mindshare pretty fast and I’m not convinced this isn’t already the case. In college the capture the flag group had a serious problem finding people familiar with windows development and most junior software engineers I’ve met are much more familiar with GNU/Linux than windows.
Windows support for family members is not limited to developers, it includes the son, niece, brother or cousin that likes to game on their windows machine and is just more used to it. (And I am not sure about the mindshare declining rapidly either.)
7) It's way easier to find someone you know to help you on Windows than Linux, for now.
I visit my parents once a year and always mark out a day to spend fixing/updating/removing junk on my dad's Windows laptop. Three times I installed Linux and when I came back the following year Windows was back on the laptop. The reason being people just know Windows where I am from and the moment they see Linux they feel that's the problem. Even if my dad is struggling to print something which has nothing to do with Linux, the first thing they do is remove Linux.
I have installed Ubuntu to my mom and my wife's parents PCs and I never ever spent time having to worry about those computers again. They instantly learn where the browser, skype and printer menu is, and NEVER have a problem with a computer again. I also never worried about antiviruses and malware since.
They are all in their 70s. No regular user has a problem with Ubuntu these days, but they regularly did have all kinds of trouble with Windows.
I also run a business and for the last 13 years have had countless new hires (non developers) who have never seen Ubuntu and were productive on it instantly, without any problems with the OS ever.
So it is simply not true that people "feel there is a problem the moment they see Linux". Ubuntu is the most friendly and reliable OS for a regular person out there, I say it from decades of experience.
My intention was not to create impression that Linux is the problem. I myself have had similar experiences as you have had and use Ubuntu on all my PCs.
However the reality is schools teach on Windows and just about all PCs and laptops sold in my home country have Windows installed. Apple products very rare and for the very rich. What this means is the average "computer guy" available to help my dad is typically a Windows person. If my dad says he can't print, the Windows guy cannot help him on Ubuntu so typically thinks the problem is Ubuntu.
I am not saying the problem is Ubuntu, Ubuntu just isn't common in my home town.
These days the only application that is important for a non-computer folks is the browser, and Ubuntu can run Firefox just fine, it's easy to launch and turn off. In my experience, the perception that Linux is somehow 'hard' is just not true, deeply rooted in 2002 or something. Things have changed so much, and whatever kids are taught in school is not that big of a problem anymore.
You quite right, if you only browse the Internet then using Firefox will suffice. Problems tend to start when you editing documents and sharing them with people on Windows computers. Yes I know LibreOffice can edit MS Office documents but the inconsistencies in formatting tend to add up especially for novice users.
The key here is simply to stop caring about MS office documents, and use open standardized format for information exchane. That is, OpenDocument, a native format of LibreOffice, which is available on any platform out there.
My company never ever sent out a single file on MS Office format since it was founded in 2007, and I assure you that business can work just fine without ever using .doc(x) / .xls(x) files.
I put Debian on the laptop of one relative, and never had to support him again (almost - he needed help setting up a printer once, which I was able to do entirely on my phone using CUPS' web interface over an SSH tunnel). I dist-upgrade him every couple of years. Totally painless. But his needs are modest - a web browser and an email client mostly keep him happy.
I have another relative who mostly uses her X220 laptop to write in Microsoft Word, and she is constantly having computer troubles. Shitty battery life (Windows keeps resetting power management to "max performance"), fans constantly blasting, endless file management issues and no backups. I am constantly having to support her, and Microsoft Windows makes that a royal pain. I knew she was going to kill that machine eventually, so I got her another X220 as a cheap backup computer, which had no OS and so I put Debian on it. I was right, her computer died, she ended up being forced to use the Debian machine, which netted her among other things triple battery life. But she was so tunnel-visioned into her particular idiosyncratic workflow (see https://xkcd.com/763/) that every minor hiccup was met with "I want to go back to Windows". It astonished me how much patience she had for Windows' daily WTFs, and yet so little patience for anything else. Within months the computer was running Windows again. I expect she'll kill that too...
The update policy is the right choice.
I have come across so many people who were he always was too clever by half and disabled security updates for all kinds of incoherent reasons. To "stop spying", "keep out NSA" or because they were afraid their cracked Windows version would go poof.
Keeping billions of unpatched devices is disastrous form the point of view of malware.
> "copy and paste these config lines into this config"
Copy-pasting things you don't understand into configs on Linux is hugely dangerous. It just happens that Linux desktop users aren't high value targets, so you usually get lucky.
This is an excellent breakdown of the differences. I've been looking for a pro/con list between the two that isn't heavily biased by my views, and I'll probably use this almost verbatim next time I have that discussion.
Yet my aging Asus 1215B netbook that came with Ubuntu no longer does OpenGL 4.1 with hardware video decoding thanks newer AMD drivers and has lost wlan capabilities during one Ubuntu release generation.
5) Fixing a Windows problem can involve having to go into the registry, which can't be copy/pasted and is extremely difficult AND dangerous. (There probably IS a way to copy/paste it, but I don't know it)
This pretty much sums it up. You just simply do not have enough Windows experience. Nothing to be ashamed of but doing comparison in this case will give skewed results.
>I hate that macOS is starting to go the iOS route of only letting me run applications that are Apple certified. No, I do not want to open system preferences every time I want to launch something. I am a power user.
Yeah, such a power user that you can't use any one of the easy, documented ways to deal with that? You're not exactly helping your case here.
>Put it behind some shell command or something... but have it easily documented and marketed towards people like me.
sudo spctl --master-disable
Man page for spctl is all there. Or how about quarantine? That's just controlled by an extended attribute (com.apple.quarantine) and you can remove it (interactively or via script including recursively down a directory tree) with xattr. Want to totally disable SIP too? That's also documented and there, boot to recovery, pull up the terminal and
csrutil disable
With SIP off you can also then modify what it applies to in a more fine grained way if you want.
Yeah, Apple has put up more guardrails in macOS. But contrary to your assertion, enhanced security is plenty useful for "power users" too. Being a power user doesn't mean that it's nice to have some bad software clobber your install or a zero-day nail you. Some of the new security features could definitely be made much more easily useful for power users sure, up to and including having a GUI on them. It'd be nice if Apple had functionality to easily have your own root signing setup alongside theirs, so that we could take advantage of all the signing mojo as well. And it's reasonable long term to be concerned about a day when Macs also have hardware trust chains and what happens then.
But for the time being macOS remains 100% modifiable for an actual genuine power user. The new stuff can be turned off, and more easily arguably then back when you needed to recompile your own kernel to mess with kern.securelevel and the like. Somehow someone in the company continues to open source a certain amount of macOS same as the old days, see https://opensource.apple.com/.
Ah, see, now that's good. I don't use macOS enough so I've not known about that.
> It'd be nice if Apple had functionality to easily have your own root signing setup alongside theirs, so that we could take advantage of all the signing mojo as well.
Yeah, that would be very developer friendly without breaking their shields too much.
Also no argument that macOS isn't modifiable. However with the general dismantlement of things like AppleScript I feel like we've already passed the golden age of the OS.
Most of my time on it these days is supporting others, or using my aging 2014 MBA. What I remember is I started to get more locked down with each update. Personally I would prefer an "expert" mode in preferences or something of the sort.
But yeah, I made a rash judgement on something I don't often use. I owned up to it.
Anyway, for what it's worth the only reference to that command online is from Apple discussion boards or third party sites. There's no documentation from Apple themselves. For PowerShell, Microsoft has this type of policy well-documented:
> Most of my time on it these days is supporting others
In general, I actually disagree with even this sentiment, that macOS is worse because it is harder to help others fix certain kinds of problems.
The problem with supporting people on "easier to modify" operating systems is that it creates tech debt. Modify some system files? On the next OS upgrade, they might get overwritten, or, worse, it might cause bugs. Teach a tech beginner that they can google and download an app that solves their problems? The next they they decide to try this on their own, they might unintentionally download a virus, and the OS won't give them a bunch of warnings when they open it.
A system with a loose security policy make it easier for things to work for now, but a tighter security policy makes it potentially easier for the help you provide to cause less pain down the line, even if it means jumping through more hoops right now.
When you help people resolve issues in other operating systems, consider the fact that they might run into just as much hassle, except that it is not visible to you because occurs months or years down the line. (Those issues are potentially more costly, since you might not be free to help at that time.)
No opinion about which system is easier to support in practice with all of this considered, I just wanted to point this out on principle.
Also, it should be noted that this is only the first time you launch the untrusted app. After that the system considers the app to be trusted and doesn't bug you about it. But self-described power users already know all this stuff, so I'm sure this isn't news to anyone. Self-described power users know everything about everything, or else they wouldn't describe themselves as power users. It's why they're so revered for their humility and lack of obvious cognitive biases throughout the world.
For every day users, that is those wanting access to email, social media, an office suite, etc I will argue that Ubuntu or Mint is fine. Even for other users, the most frequent issue that I've seen being mentioned is Windows-only software. If there is no such thing then the aforementioned distros should be fine.
Also, there was never unlimited access in Android unless you had a rooted device. Probably there will be a way around no-exec for rooted users, probably setting up an app as trusted. Nevertheless, this change is really cumbersome and it seems Android is slowly turning to iOS lockdown-wise.
Rooted users can freely alter or disable enforcement for any SELinux policy. None of this will affect them. (OTOH, many apps can't be installed or function on a rooted device due to SafetyNet and the like. And no, there is no safe bypass of SafetyNet since Google can potentially require users to run a remotely-attested "stock" firmware in order to pass the check.)
> For every day users, that is those wanting access to email, social media, an office suite, etc I will argue that Ubuntu or Mint is fine.
Yes, it is fine, but that doesn't mean people actually use it. I'm just highlighting that Linux is generally not thought of as a large market for most consumers.
> For sure Windows is not as user-stupid as something like macOS, iOS, Android, etc... but for me as a power user it's just about as powerful as I need to be.
I guess it depends on what kind of "power user" you are because windows is pretty limited (why else would they frankestein an Ubuntu terminal into the latest Windows versions?).
Not sure what you mean by limited here? You have quite a few options are your disposal these days. (Depending on how you scope "power user")
Cygwin (OSS compiled to Win APIs)
Powershell (Native Windows fun)
WSL 1 (Linux ABI Bindings to Win Kernel)
WSL 2 (Thin Hyper-V running a full Linux Kernel, with Plan9 FS mappings to Windows filesystem) (Insider Preview, should be releasing this quarter)
Hyper-V
DOSBox
Docker (Hyper-V, soon to take advantage of WSL-2)
Much as I love DOSBox, I don't think it belongs on your list.
In fact, DOSBox's command line capabilities are weak compared to genuine MS-DOS (which is already quite weak to begin with) – it doesn't fully support COMMAND.COM's syntax, it lacks many of the commands/utilities that come with MS-DOS, etc. – it is just the bare minimum to get most game launcher batch files to work. And that's unlikely to ever change, since DOSBox devs generally aren't interested in improving the accuracy of the MS-DOS emulation unless that improvement helps run some game – if you want a more accurate emulation of MS-DOS, they'll point you to FreeDOS instead.
kind of a weird quip. the point of WSL is to allow you to use existing linux tools and write code targeting linux from within windows. it's not intended to make administration of the windows installation easier.
maybe I'm not what you would call a "power user", but I do write code for a living. I'm sure you would have a bad time if you expect windows to work like your favorite linux distro, but I find it perfectly serviceable for my work. it gets in my way far less than macOS.
Linux is major platform for deployment of backend servers and Microsoft wants Windows to be viable development platform for Linux. Hence "frankesteining". Has nothing to do with the Windows being "limited" because it is not.
I use Windows to develop Linux applications and am happy like a clam with this approach.
To sell Windows laptops to people that buy Apple laptops to actually develop GNU/Linux software instead of supporting OEMs like Dell, System76 and Tuxedo, and don't care one second about Apple or Microsoft developer platforms.
We have two laptops running Linux in our home. Two use cases:
- Me: can install a distro/troubleshoot things on cli/like to endlessly tinker with DEs etc. Linux lets me do all this and more.
- My daugther: just wants to get on with classwork, music, videos, Zoom/Skype/Google Meet etc. Too young to ask which OS the laptop was running. Was comfortable on XFCE within few days for her daily needs.
Linux serves both of us so well without restricting us or getting in the way. Being rock solid and friendly enough for average users while having the freedom/flexibility under the hood have been the big reasons why I have stuck with it for more than a decade.
I totally get and agree with you, but the notion of Windows not having an overbearing security policy makes me laugh. MacOS is frustrating in some ways, but at least when I do 'sudo __' it generally allows me to do whatever I want.
Windows, on the other hand.... the amount of times I've yelled "I AM THE ADMINISTRATOR!" at my PC is too damn high. Getting a "You do not have permission to access that file" even when I'm logged in as an Administrator is my bane.
> I'm really starting to despise most OS's for having such an overbearing security policy. I think it's really why I've stuck with Windows for so long. For sure Windows is not as user-stupid as something like macOS, iOS, Android, etc... but for me as a power user it's just about as powerful as I need to be.
> I'm not even considering *nix distros here because honestly the market for every day users for something like Ubuntu or Mint is really small, and those are possibly the most end-user friendly.
Like, I sympathize, I really do, but you're complaining about OSs restricting your freedom while avoiding the OSs that don't restrict your freedom. Yes, Darwin and NT should behave better, but they don't. It absolutely sucks that the options are "supports most commercial software" XOR "lets user control their own device", with some options splitting the difference (ex. ChromeOS possibly with developer mode, Android rooted or with a custom ROM), but the option is there.
> Windows is not as user-stupid as something like macOS, iOS, Android, etc...
Even linux distros go down this path from time to time. For example, with systemd linger, or when ubuntu got rid of the root account. I don't like thinking of it as user-stupid. For example when I type sudo, I tend to automatically think a little harder about what I am about to do.
- Android 10 is not killing anything. Targeting API level 29, the native API level of Android 10, prevents the mechanism Termux uses, but you can target a lower API level and run just fine on Android 10, and in fact Termux does run just fine on Android 10.
- API level 29 blocks a specific mechanism that Termux happens to use to run arbitrary code. There are other ways to do anywhere from most to all of what Termux wants to do, with some tradeoffs. It's not as good as the old way, but it's hardly "killing".
Right now apps on Google Play are required to target at least API level 28. This will most probably be raised to level 29 in the near future, essentially blocking distribution of Termux, at least in its current form.
You will always be able to download Termux from outside Play. I actually have no idea how Termux could even work within Play policy seeing as it's essentially a 3rd-party repo not unlike F-Droid. You wouldn't expect to find F-Droid on the Play store, surely? You have to sideload it, and then it just works.
This will cut the developers out of a revenue stream though, as they provide optional Termux add-ons for a fee on the Play Store to support their development.
I donated, but I'm obviously part of a minority of users.
Wouldn't be the first app that runs into issues with Google's benevolent inclusion of their code in the Google store. I'm sure F-Droid will continue to deliver Termux, especially for the specific Termux audience.
Isn't that the same thing in Android? SELinux, which I read elsewhere in this thread is where this is built into, is part of the system in which your app runs.
I am the first one to decry the absurd power that apple and (to a lesser extent) google have on what you can run on your own device, but this isn't it.
This has been discussed for over a year at least, there is currently no solution (that the developers consider acceptable, proot is an option they don't). As each day passes we move closer to the app being banned from the Play Store (or at least updates being banned).
It will be impossible to distribute the app targeting 28 in the near future.
Targeting 29, the only replacement for apt get that they could come up with is to stuff Linux binaries into 100s of apps and upload those apps to the play store. I am not sure this is usable anymore. You might want to read this:
One will always be able to gain write access to that "user space" by having a separate app build "APK update" packages on-demand, signed by a user-controlled signature. It will be the moral equivalent of running a Linux live distribution from read-only media and having to reboot Termux for each "update". Of course, one will be able to execute other code via JIT, perhaps even hooking into a patched version of qemu-user. It will be annoying but it will broadly work.
If I understand correctly, they are killing exec in app homedir. I assume they would block exec in the sdcard too then. If that's the case, what's the workaround for installing and running things through termux's apt get?
The proposed workaround is that you distribute software through apps and allow Termux to essentially get plugins from other apps (whether distributed via the Play Store or sideloading).
As a heavy Termux user and one who describes Termux as "the killer app for Android" this makes me sad and angry. I was very irritated when they broke ability to send SMS from the termux CLI (in fact I forked and currently build my own version with that patch reverted).
If I wanted a paternalistic platform I would be an iOS user (I don't mean that as a slam, iOS obviously has its place, but it's not for me).
This change was a long time coming and looking at that issue thread just makes me sad.
It does not look like they contacted the platform team or even tried to come up with any solution.
They had one year before the change was included in Android. And then another year before 29 became the mandatory version to support to publish on the play store.
Thanks for asking. My use case is programmatic. I wrote a couple of ruby and bash scripts that automate a few different things. One is a poor-mans SMS scheduler that allows me to have it fire off at a set time. Another parses incoming messages and alert me differently based on content (matches against a set of regexes), and in some cases will auto-reply. Another, I had a case where I need to individually send out the same SMS to a couple dozen people. With termux (and ruby) it was trivial for me to script it up.
The possibilities are (or were) endless, which is what I love about a platform. I've always hated the UX of SMS, but people insist on using it anyway. At least this way I use it on my own terms.
You have to both `termux` the app and `termux-api` to get SMS functionality. I build both at the same version so there aren't any compatibility issues. Then make sure you don't have automatic updates turned on otherwise the Play store will "update" you to a non-sideloaded one that does not have the SMS ability.
I was going to say there must be apps that do this but it looks like Play store would ban those as well because they don't want apps doing that?
I think Google should subject power user apps to more scrutiny than banning them outright. If Android doesn't support things like these then it's no better than iphones.
I'm not OP, but for my part, I hardly ever use Termux with the on-screen keyboard. I hate typing on that junk. I carry around a small bluetooth keyboard, and I generally pull it out whenever I'm going to do anything with the terminal, or spend more than about 10 minutes using my phone in general.
I ordered a PinePhone the other day and I'm going to do as much as I can to try and make it my daily driver.
I really can't be arsed with this stuff any more.
Why are the developers at Google acting in such boneheaded ways? Is it literally just "I get paid loads of money, lol"? Do people not grow out of that eventually when they have enough?
Like, you're literally a developer. Why would you make something you wouldn't want to use? Is the company just wholly made up of people who actually don't care about computing?
> Why are the developers at Google acting in such boneheaded ways?
(I'm a developer at Google, but I'm not on the Android team and am definitely not providing any sort of official response here - this is personal opinion and may be inaccurate)
If apps can download arbitrary code and then execute it, they can bypass the validation that's done as part of the Play Protect program. My understanding is that there's plenty of evidence of malware in the wild that presents as a harmless app and then downloads the actual payload after being installed on the user's device.
Okay, can I just get a big popup on the Play Store saying "this app requires the following functionality that could harm your device:
- Run and use other applications without your consent
Unless you know precisely that this behavior is necessary for this application's main functionality, we recommend you do not proceed". And use some design pattern to make "Cancel" the "go-to" action for the user.
Or even more palatable for whoever's behind Play Protect: Forbid these apps from the Play Store, and force it be done through a 3rd party store or manually, and this can be combined with the big popup.
We know it's important to protect grandma from malware, but it's also important to give the advanced user the option to ignore this, specially for a platform like Android that has gained the favor of many technical users through providing some reasonable degree of control over their phones.
I think you've missed my point here, this goes _way_ further than this specific individual issue.
The entire ecosystem is built on a model that turns it into a disposable toy and there's no sign that this is going away any time soon.
Why do we need hobbyist movements to produce devices that we can actually run real software on and that won't be completely useless as soon as Google decide to update the API?
Yea, phones should not be designed to be replaced after 2 years. Phones from 6 years ago would still be plenty powerful if they weren't crippled by Google Services eating more and more resources.
Google could use mainline kernels and force manufactures in the OHA to open source all their drivers, maybe even back PostmarketOS to prevent e-waste.
You can take an old Pentium 4 laptop and still put modern Linux on it and still use it for some tasks. Good luck trying to do that with any ARM system.
It makes me genuinely really angry that this isn't the case, it has me questioning why I even bother to interact with the development ecosystem when it seems like 90% of the stuff out there is this sort of closed-off 'got mine' fuck-the-environment style thinking.
Maybe it's just too much time on HN?
Like, how many times does one have to push against the bullshit bootlicker arguments before one just gives up?
The problem is the ARM bespoke-devices ecosystem, not Google. The pre-Android "Linux on mobile" world was far worse wrt. the use of downstream patched kernels. We just didn't care as much, because a kludgy, patched BSP was better than a wholly-closed solution with no source available. Our standards as to what qualifies as "open" have simply become stricter.
This excuse might hold even a little bit of water if the "validation" actually did anything. Google Play is a malware distributor, plain and simple. Go search the Play store for "flashlight" and read up on the permissions of any of the first 10 results.
GPS location, full network access, prevent device from sleeping, run at startup, microtransactions, read contacts and accounts, read your filesystem... for a flashlight app. These are malware. The Play store is 95% malware, or worse.
Moves like the one that locks out Termux aren't protecting the user at all; Google has never been interested in that. They centralize power. That's what it's all about.
The other day I was trying to find a QR code scanning app in Google Play for my mother. I honestly cannot blame people for ending up with a phone full or spyware since basically all the top results were garbage. I ended up searching for "qr reader foss" which got me some decent apps.
Doesn't Android support QR scanning in the stock Camera app anyway? You shouldn't even need to take a photo, it should detect the QR pattern and give you the option of reading/copying/browsing to it.
Until all execution of foreign code is blocked (like Apple), then all that Android does is to add a bit of nuisance to malware, as they can no longer download the actual payload to disk but have to download the payload to memory and execute it from there. Not really a big deal for a malware author, but likely a dealbreaker for a Termux-like program.
And if Android implements a policy like Apple's to block all execution of foreign code (which is the apparently inevitable conclusion of this type of security arguments), then browsers and everything else will be gone, exactly like Apple (for the record, where every browser is just a wrapper over Webkit).
I used to think that Android was more open than iOS based on principle, but now I realize that no, it was more open than iOS just because they lacked the technical means to enforce the draconian restrictions.
That answers the question of why management operates the way it does.
It doesn't answer the question for developers.
I actually can't fathom it at all, I find it completely impossible to sustainably perform tasks that I think are socially negative, pretty much regardless of the reward, I'd just shut down and get sacked if they pushed it.
The general response I get to this sort of thing is some variant on "you are privileged", which completely misses the point, it assumes that I have a choice in the matter of whether I do bad stuff.
Maybe I just have too much free time to think about this stuff in and that could be the 'privilege'?
Impact of Android 10 on Termux usability is already old news.
What worries me more is behaviour of Termux developers. They make dubious claims and effectively sabotage their own application (more on that below).
The solution to Android 10 problems — a software wrapper called "proot" [1] — has already been found. That solution would allow to keep all of Termux functionality and preserve existing package managers (such as apt). Proot allows Android user to compile C code in Termux (which they currently can do) and does not require major changes to Termux itself.
Termux developers refused to adopt proot as solution and even removed it's mention from their wiki on Github. Instead they are insisting that all Termux packages should be distributed in Android apk files, published on Google Play. That "solution" has major usability issues, does not scale (it uses shoddy Android PackageManager to track all Termux packages) and would prevent users from using Gcc and other compilers in Termux. The only claimed upside of using apk files is that it would better comply with Google's policies.
Termux developers justify their actions by following arguments:
1. Termux packages require a lot of bandwidth to host, and Termux does not have money to pay for their mirrors; hosting packages in Google Play would be preferable. That statement is nonsense — even fringe Linux distributions like Artix can find FREE mirrors, willing to host their packages. This is usually done by contacting curators of existing servers, that host Linux packages, and asking them for support. Termux is more popular than some of Linux distributions, but it does not look like Termux devs even TRY to do that — they apparently just sit on their hands, occasionally begging their sole mirror provider (JFrog) for more bandwidth.
2. Termux currently does not comply with Google's policy and it's developers are afraid, that this will result in removal from Google Play. They are technically right, but they are making mistake by downgrading experience of their app in attempt to pacify Google Play censors. They are making even bigger mistake by displaying guilt about that — Termux does nothing wrong, and the display of guilt is a better excuse to punish them than their actions.
1: despite it's name, proot does not require root access
There are _already_ several "Linux-like environments" on Android that use proot. GNUroot, UserLAnd, Linux Deploy, AnLinux, Androlinux, etc.
Some of them _literally_ just package existing Linux distros such as Debian (e.g. GNUroot) in a way thatis much more compatible and easier to mantain than something ad-hoc such as Termux.
Termux became popular _precisely_ because they did NOT use proot. Proot is great in theory -- using ptrace and hooks in order to simulate a more Linux-like environment, ala Cygwin. In practice, it is just goddamn slow, and ptrace just introduce MORE compatibility issues than the native Android does.
Termux had a shitton of disadvantages compared to the proot-based distributions, such as for example the fact that every package had to be patched in order to use the non-standard Android directory structure, making compatibility with native Linux binaries utright difficult (not even ld is where it should be) and reusing Linux distro scripts impossible.
But _still_ it became the most popular because proot is just worse.
No wonder they completely ignore all requests to use proot.
If you want to use proot, there is no point at all for Termux to exist (or at least, for Termux the distro; the terminal emulator itself may still be interesting, your mileage may vary). There's little point remaining for patching packages for Termux; you can use Debian packages, so just go and use Debian.
And to to top it off, what if a future Android breaks proot, which looks likely?
Yeah, their decision baffles me too. I'm pretty sure the average termux user is willing to install f-droid if play store decides to remove termux. They shouldn't compromise usability to appease google overloads.
Do you know of any documentation on how to use proot to get around this restriction?
As part of my work, I occasionally need to deal with a wireless comms setup that moves data from a roof-mounted RF antenna down into the network. Instead of having to carry my laptop up to the roof with me (sounds simple, but oddly enough dealing with the laptop up there is actually kind of a pain) or call someone downstairs to run the ping to make sure the network configs line up right, I use Termux with a scripted command to do that myself right from my phone. It's been a major boon to my workflow, and it's going to be frustrating to lose it.
Like a few others on this thread, I've got a PinePhone on order, and now I'm even more stoked to have access to a terminal through it now that Termux isn't going to be an option on my Android.
I installed Termux on my Chromebook a few years ago to try and create a local development environment per this article[0]. It seemed to work okay, but I never liked how janky and unsupported the whole thing felt. I couldn't bring myself to try and build a workflow around it long-term.
And here I guess that's vindicated. Whether now or in a few years, the whole concept of Termux is not long for this world. I guess these types of restrictions are essentially required to keep insecure and abusive apps off of the majority of users' devices.
> to keep insecure and abusive apps off of the majority of users' devices.
I don't know, but we have a small android tablet with a bunch of games. If you ask me - Play Store is a cesspool of ad-ware ridden junk with some of the games showing you an ad after every single screen (5-10 clicks / taps). After installing more than 10 games the tablet starts showing full screen adds spontaneously at different times and in different screens. And I haven't installed any "shady" apps, just games with "4 stars" or more rating on them.
Somehow that is ok, but running GNU grep in a terminal is now a crime on Android. And you can review grep's code, while these games run amok with spyware.
Google is "fixing" security in all the wrong places. Which means security has nothing to do with what Google does. It is locking the android appliance to ensure uninterrupted consumption of ads. Anything else, be that development, tinkering, etc. which interferes with ad consumption must be restricted, limited and removed.
When we need to quickly diagnose and fix some sudden server issue from anywhere, Termux is indispensable. I even bought a tiny Bluetooth USB keyboard because of it.
Agreed, I had been using JuiceSSH[1] but then it seemed to no longer be supported (though I see it just got an update) so I then switched to Termux to be able to ssh from my phone (which is running Android 10, I guess I haven't run into these problems since I don't generally do much with the local filesystem).
I migrated from JuiceSSH to Termux because it allows you to run remote diagnostic locally, ping, traceroute, schedule crons and even vibrate your phone and display notifications to alert you. It also allows you to port forward ssh, whereas in JuiceSSH you have to pay for that.
I mean it's sad that this change will affect Termux, but at the same time I can see why Google wants to enforce W^X on apps home dirs.
This is currently a big backdoor for apps to sneak unvetted code in at runtime, bypasses Google's review policy. Sure Termux was using this for good, but I guarantee that Google has examples of apps doing this to sneak hostile code onto user devices.
Development tools often need higher security permissions on Desktop, maybe Android just needs a "development" class of app that is more privileged? They'd just need to enforce the limitation to development focused apps really strongly in the review process.
If they were actually vetting the code, they could tell that an application contained a suspicious "download and execute".
In actual fact the Play Store is full of perfectly "vetted" malware, as it stands. What this actually does is prevent the user from coding on the device.
I get why Android is doing this, even if they're not openly writing it: they want to get in control of malvertising which downloads untrusted binary code that is not in the APK and thus scannable for the Play Store security scanners.
What I don't get: why aren't they creating a separate entitlement for runtime code execution that requires manual approval in the Play Store?
Hopefully that entitlement would require manual user approval, too. I might not want any old free-to-play game from the Play Store to be enabled to run unapproved code on-device, but I definitely want it for Termux.
There are a couple solutions, with tradeoffs of course. It's important to remember that this isn't merely a technical problem. Some choices can be judged by human reviewers to be violating policy.
The obvious solution is to use isolatedProcess, the isolated_app SELinux domain, just as web browsers do. The restriction on executable code "does not apply to code that runs in a virtual machine and has limited access to Android APIs". Of course everything depends on what "limited access" means. Filtering out paths that start with "/../this-is-a-limitation/../" probably isn't enough.
Another solution is to ship all of the executable bytes. Turn an entire Linux distribution into something like busybox. It would be possible to exclude the non-executable pages of memory, shipping those separately as code-free ELF files. Installing programs would work the normal way, except that the .text sections would be empty holes in the files. As long as the mremap system call works, a loader should be easy to implement.
I'm having a hard time already in Android 6. I used to be able to do things like use Termux to move videos I'd downloaded in NewPipe into subdirectories and delete them; apparently with Android 6 I can't do that any more.
What alternatives to Android are people using? I'm already not using the Play Store, just F-Droid and a couple of third-party apks.
Well, I don't know how to tell a safe root from a malware root (or find one that will work for my device), and I'm ignorant enough about Android to wonder if rooting the device means I'm running everything as root and consequently have no protection at all from malware? I mean, it's embarrassing, but that's the truth.
It also kills the entire Wardriving community as well as amateur network coverage work by putting a continually-increasing delay on how often an app can scan for wifi signals.
Disclaimer: I'm not really an Android developer. I was considering implementing a service I'm working on for Android and after many hours of research determined it's not a suitable operating system for my purposes.
Personally I no longer consider Android a viable computing platform. As a developer you simply don't have the tools available to give your users control over their data and experience. With the changes to storage security the last couple years, they've essentially dumbed it down to the level of a web browser, and in the process pretty much deprecated running native (C, C++, Rust, Golang, etc) applications.
I'm not opposed to improving security, but when you can't even run software like syncthing or a file explorer without getting special Play store approval, something is wrong.
I've been meaning to write a blog post summarizing what I learned.
This official video is actually a pretty good summary of some the changes made and what the goal is:
Yeah, apparently many still haven't got the message that Linux on Android is only implementation detail and the NDK's main purpose is for writing Java and Kotlin native methods.
The way forward is to create Termux like apps in Java/Kotlin.
Well that's annoying... I'm not a heavy termux user, but it's been extremely useful in some situations - ssh proxy over abd in very restricted networks mainly.
What's the actual restriction? If it's literally just exec on apps outside the app directory, why not shim the dynamic linker and rewrite calls to exec to use that instead? Are there additional W^X protections that prevent mapping executables outside the app directory PROT_EXEC? (Note I have no idea how Android works so I may be missing something very basic).
Part of the problem is precisely that no one knows how these restrictions might evolve in the future. There's no such thing as forward compatibility when it comes to Android API levels.
Sure, but this is about API level 29, not 30+. We can speculate that API 30 will disallow non-Google-written code by default but that's not the discussion at hand.
I turned-off automatic downloading of upgrades on my Oneplus once I found this out. Termux is very important for me since it allows me to install the typical tools like SSH/Nginx etc that help me connect to my phone, view my wiki (synced between my PC and phone using Syncthing) among other things. It is a very useful piece of software.
I depend heavily on Termux when travelling without my laptop (i.e., vacation). With my smartphone, a bluetooth keyboard, Termux, an impressively full-fledged emacs, a well-crafted ssh config, and my 2FA card, I can solve most or all emergency work-related problems remotely. Hopefully there will be a solution here.
Just the ability to run TOR along with a node server made this incredibly useful. This way it was possible to register an onion domain and set up e.g a chat server with just a phone.
android 10 has been pretty bad for rooting etc. i think they would do well to release something that us techies can tinker with though. Call it android 10 unsafe edition :) , i gotta say im pretty happy that its still possible to disable annoying bloatware like 'settings' and 'play store' via the android debug shell. the moment that changes im going to have to drop android altogether, because i still dont believe in using a phone like a computer.
Termux is the only reason I use Android. If it doesn't work in the future I will most likely switch to IOS. Long term software support is much better anyway.
pretty annoying to read that issue thread ( https://github.com/termux/termux-app/issues/1072 ) and read that instead of changing their app behavior, they just want to drop out of the play store :/
Dropping out of Play is arguably the best solution because the whole point of Termux is to run code that's been obtained from outside Play, and that kind of thing has been contrary to Play policy for a long time. It's a custom repository of sorts, much like F-Droid. That goes besides this whole W^X issue, it's more general than that.
Projects like these were doomed from the beginning. Buy a real Linux phone, like the PinePhone or the Librem 5 + a backup phone (I’m on Apple for that) for the proprietary nonsense. Simple, straight-forward and clean. It’s time to stop hacking on existing non-free platforms and time to use libre hardware. You have nothing to loose but your chains!
I almost wonder if WebAssembly might be sufficient here? I suppose that'd break support for third-party binaries, but you don't need exec() to load a wasm blob /shrug
WASM w/ WASI is still in its early stages and cannot even support existing applications seamlessly, let alone a full operating environment. For now, it would be better to run a riscv64 system VM, since that architecture will both run with comparative efficiency under an interpreter or JIT, and be well-supported at a system level.
This is one of the reasons that "open source" by itself is not enough for "user liberation" as it is usually painted.
What point there is to forking a platform where the upstream is as big as a mammoth as Google, changing millions of lines per release and actively breaking API compatibility?
Your fork will stay stuck in an API version that in a couple years will have almost no programs written for it. Who would use that?
Your only choice is to try to match the manpower from Google and try to keep your "fork" up-to-date. But that is also guaranteed to eventually fail as someday Google will change something that you literally _lack_ the manpower to revert.
Which is why I can't recommend an "open source" _Android_ phone. I don't feel promoting Android at all, even if open source, encourages my user freedom.
Please refrain from using titles that are more alarmist than the original title. If linking to something with an alarmist title (not the case here!), use a more neutral headline for your submission.
I don't think it's very alarmist or an overstatement though. An android 10 app is no longer allowed to do what termux does.
I guess with more reading they are saying they need to declare themselves as targeting android 9 or lower until they find a solution. At some point, I imagine, that will not be an option.
To some degree it should also be on Google to ensure that tightening security (or perceived tightening of security) doesn't break valid use cases.
edit: Ok, for some reason I can't reply, but I see the workaround is to write to another directory.
The title is that Android 10 is killing Termux. But it's not, it's killing exec() on writable files.
There's alternatives Termux could take, which the Google issue tracker already mentions such as bundling the executables in the APK & using extractNativeLibs=true so they can be exec'd ( https://issuetracker.google.com/issues/128554619#comment4 ). They could use a loader that mmap's the code with PROT_EXEC but not PROT_WRITE, that also works (this is how JIT's work, and Android is obviously not breaking JITs anytime soon)
It's not entirely clear why Termux hasn't seemingly made any move on the alternative approaches raised a year ago (that's how old the issue is: https://github.com/termux/termux-app/issues/1072 ), and there's a bunch of nonsensical alarmist bullshit muddying up the waters which isn't helping.
Termux allows you to apt install thousands of packages. The options in that issue aren't nearly as good. Bundling every binary in the apk? That would be a breach of licenses, let alone the amount of storage that would take up to have gimp, libreoffice, Firefox, etc installed. As mentioned, proot is a temporary hack (why wouldn't any app just stick proot in their lib Dir?).
Even if the workaround works, this would break apt install from non-termux repos, compiling and running with gcc, maybe Python packages installed with pip.
Google's intent here is to block code execution in the app home Dir. Any workaround would be a security violation and eventually stopped. How is this not killing Termux?
> Google's intent here is to block code execution in the app home Dir
Google's actions are to block exec of writable code. What their _intentions_ are is pure speculation and detracts from the actual issue. Your claim is largely unsubstantiated & lacks evidence, particularly as Google recommended ways to continue to do exactly what you claim they are intending to block.
> The options in that issue aren't nearly as good.
How is using a PROT_EXEC mmap "not nearly as good"? It's the same end result. There's no technical banning of executing downloaded code. That's not what was done, and doing that would also break Chrome which should be glaringly obvious that Google isn't intending or going to do.
It takes a bit more effort, and it's not as "simple" as just exec'ing random stuff, but it's not without its own upsides as well (like not violating W^X, which is a _well_ proven security design)
That is not at all what happens. W^X is not the problem. W^X is already enabled by default. Executable pages are not mapped in as writable even if the image file is writable. The security argument is bullshit.
The problem is that they don't want you mapping code from anywhere other than your strictly read only .apk.
There is no workaround proposed there other than shipping every single piece of executable code with the .apk.
Sure, you can workaround right now with proot or the like by creating your own executable loader, but who guarantees this works with Android 11? It is also a violation of their policy.
In fact, what they are saying there is that eventually fork and exec are going to be deprecated because they disalign with the Android process model.
I'm confused, because I use termux on android-10 (on a pixel2) without any problem.
I have a cron running on it that mails my notifications to me, a ssh server which my laptop use to send my backups on my phone, a go http server running a local app that I use in the mobile's browser, I'll often take screenshots on the phone, then scp them on the laptop, etc.
Am I missing something?
EDIT: I won't reply to each of you to not be floody, thanks everyone for the clarifications :)
Android apps ship with a file called AndroidManifest.xml that (among other things) tells the operating system the latest version of the API that the app understands, i.e. what the app was compiled and tested against. The operating system tries to maintain backward compatibility with what the app is expecting.
The Termux maintainers have built their app to tell the operating system that Termux is only aware of how the Android 9 API works. So when you run Termux on your Android 10 device, the operating system tries to behave like it's Android 9. So it allows this.
They (Google) do this to ease the transition so that when a new version of Android is released, they don't force all developers everywhere to immediately fix all compatibility issues.
But they do want developers to do it eventually, so at some point in the future, they will probably stop allowing the Termux maintainers to upload an app that declares "I don't understand Android 10 yet".
> I'm confused, because I use termux on android-10 (on a pixel2) without any problem.
It's only an issue if applications target Android 10 APIs. Termux still targets an older API version and is thus not yet affected by this issue. Eventually they'll need to target a newer version because the Google Play store specifies a minimum API version that applications need to use.
Android apps specify a target SDK version (essentially a kind of OS version) in their manifest alongside a min SDK version. The advantage of targeting a newer SDK than the oldest one you support is that you get access to new APIs, but it often comes with additional restrictions as well. Google Play periodically updates their policy to require that targetSdkVersion be above a certain value in order for an app to be published in the play store (currently that value corresponds to Android 9) [1]. What this means is that this policy is an optional trade-off today but likely to be a requirement in the future.
You are running in a compatibility mode. If they built it declaring support for Android 10 at build time it would be subject to the new rules and break.
Long term, I can only assume targeting an old SDK will not be supported at some point.
It basically give access to most permissions an app can get. The cool thing is that you allow the permission for termux, and then all you scripts can use them.
But yeah indeed, the notif2mail was quite a game changer, for me :) I had a big problem of spam calls/sms at some point, and this allowed me to get my notifications through my spam filter and remove the spam. I also use it to trigger desktop notification when my phone battery is low or full.
EDIT: oh, actually, it's not termux itself, but the addon Termux:API (which is a second app, from Play Store point of view). Also, the command to list notifications is `termux-notification-list`, but it doesn't appear in this documentation page, for some reason. All api executable start with `termux-`, so it's quite easy to list them from the shell.
It's still possible, you just have to dance around a little more
In one project we work around this by shipping a tiny wrapper in the APK to exec that then uses dlopen() on the target, which is now built as a library.
Pretty sure a generic hack could be made to run unmodified executables this way. Certainly in the security community userland ELF loaders are very old news, even X11R6 had its own at one point
And the next release Android uses noexec and therefore you can't even mmap(...PROT_EXEC) the binary. So you now have yo copy the binaries to RAM by yourself on exec().
And then at some point you realize that, like Cygwin, you have built a system where fork() fails randomly by design.
"As i said on another issue, you should really start communicating this to users now , via as many channels as you can. I understand why you are doing what you do, but it is a big change and will annoy and/or confuse users however will you implement it. so getting people prepared now (ie as soon as possible, and before they have to do anything) will avoid a lot of angst and be in your best interests."
The "solution" is to publish 100s of different play store apps with Linux packages or to disable the ability to run installed programs.
One of the other awesome things about Termux is that you can use it to setup a pretty complete ARM Linux environment on an Android device in a few steps: https://wiki.termux.com/wiki/PRoot
You can even get a GUI running if you have an XServer: https://wiki.termux.com/wiki/Graphical_Environment & https://github.com/adi1090x/termux-desktop
I've used this in the past to get a pseudo-Linux dev environment running on an Oculus Quest: https://www.reddit.com/r/cyberDeck/comments/fc5sfr/oculus_qu...