Just bought a FirefoxOS Revolution Geeksphone in mid-May. I mean, sure, it's buggy and needs improvement, but it's an open source, community-driven project. That is how it was presented to consumers.
It has nowhere to go but up, right? Wrong. Without any kind of transparency or openness or communication, the Geeksphone crew let us know in a one-line comment that they were orphaning all of us.
Re: Firefox OS 2.2
« Reply #3 on: June 10, 2015, 05:34:08 PM »
No sorry, all FxOs development are finished by Geeksphone.Thanks..... ;)
And that's all, folks. Apparently. To add injury to injury, they used a locked bootloader, according to another commenter. I didn't even check on that. It's an open source project, I thought.
I'm also mad as hell. Any other Soylentils in this mess? Anybody have any ideas on a useful way forward?
Original Submission
Related Stories
How KaiOS claimed the third-place mobile crown
In December 2015, Mozilla announced it would be abandoning Firefox OS as a smartphone platform. Many assumed the company's withdrawal would kill any hope of a mobile operating system built around the open web, rather than a combination of native apps and tightly-controlled storefronts. In the last few years, plenty of so-called "alternative" smartphone platforms, including Ubuntu Touch and Windows 10 Mobile, have faded into obscurity, too. Jolla has struggled on with Sailfish OS, but it's never felt like a true challenger to the Android and iOS duopoly. Three years later and a surprising competitor has emerged: KaiOS. The relative newcomer, which makes feature phones smarter, is already running on more than 80 million devices worldwide. How did it grow so big, so quickly? With a little help from Firefox OS.
[...] The operating system that emerged is quite different to Firefox OS. The user interface, for instance, is built around phones with physical keys and non-touch displays. The application icons are smaller and you'll often see a contextual strip at the bottom of the screen with physical input options such as "Cancel" and "Okay." KaiOS optimized the platform for low-end hardware -- it only requires 256MB of RAM to run -- and, crucially, kept support for modern connectivity such as 3G, 4G, WiFi, GPS and NFC.
Feature phones are normally associated with emerging markets such as India and Brazil. KaiOS, however, started in the US with the Alcatel-branded Go Flip. Codeville and his team persuaded AT&T, Sprint and T-Mobile to stock the handset because of their proven track record while working at TCL. Those deals then allowed the company to win a contract with Jio, a mobile network in India owned by a massive conglomerate called Reliance Industries. Together they built the JioPhone, a candybar-style device with a 2.4-inch display and 512MB of RAM. It was effectively given away with ultra-competitive 4G plans.
[...] Google Assistant was a particularly important addition. For many, voice is a faster way of typing than pecking a classic one-through-nine keypad with their thumbs. The Assistant talks back, too, which makes the platform viable for people with poor literacy skills.
Previously: $25 Firefox OS Smartphone Coming to India
Mozilla Adding Granular App Permissions to Firefox OS
Geeksphone Stops Support for FirefoxOS with No Warning
Mozilla to Cease Development of Firefox OS
The Story of Firefox OS
Google Invests $22 Million in the OS Powering Nokia Feature Phones
(Score: 2) by c0lo on Monday June 15 2015, @09:04AM
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by kaszz on Monday June 15 2015, @09:04AM
Crack the bootloader? And why is a locked bootloader even allowed in a open source project?
And what operating system will Geeksphone pursue now?
(Score: 4, Informative) by Anonymous Coward on Monday June 15 2015, @12:48PM
Crack the bootloader? And why is a locked bootloader even allowed in a open source project?
Because it's Mozilla, and much like the Libertarian Party (who once nominated the author of the Patriot Act for President because he was in the Borat movie), they are willing to compromise their ideals for whatever is trendy (such as: 1) firing a CEO over personal beliefs, but only after 18 years and only when the tides had comfortably shifted in favor of gay-rights, 2) including DRM in the browser, 3) forcing proprietary third-party plugins on a default Windows install).
In this case, a relatively unknown company agreed to build the flagship for their OS, and Mozilla, true to form, lost their shit and let them have a locked bootloader to sell all of 200 phones.
(Score: 2) by jmorris on Monday June 15 2015, @09:19PM
It is worse, it isn't only Windows. I just got force fed Pocket by Fedora's Firefox package through an update. Fedora was warned about the trademark being a future problem and now it is here, they can't remove the commercial tie in and keep the name so that 'minor' compromise of their principles has now become a larger one. Same as Firefox itself, they started small and each one lead to a bigger one. They threw Eich under the bus because they were afraid of the SJWs, they threw Free Software under the bus because they were afraid their users were too dumb to install a plugin to watch Netflix and then they threw the rest of their principles under for a pure revenue play because why not, they didn't exactly have very many left anyway so might as well cash in at the end. Besides the whole point now seems to be building an App Store to compete with the hellhole that is the Play Store.
But this too is part of the beauty of Free Software, Moz Corp and Firefox is going to end up buried in a little remarked grave beside Netscape Communications and the code will live on under yet another name.... but as usual it might be called X but it will -always- be Mozilla.
But on this phone thing, if the bootloader is really locked I can only laugh my butt off at the crowdfunder idjits who bought into such a scam. Nobody even noticed the locked bootloader until now? Some 'open source' project, no wonder they abandoned it since obviously they were doing 100% of the work for a tiny customer base of people with money to burn but no real interest in advancing the work, only social signaling to their friends.
(Score: 2) by Grishnakh on Tuesday June 16 2015, @02:14AM
They didn't throw Eich under the bus, he stepped down voluntarily because the whole issue was causing such a shit-storm that the company couldn't function properly. No other company would keep a CEO around if he was generating that much controversy.
(Score: 2) by jmorris on Tuesday June 16 2015, @06:30PM
Shitstorm? If people are going to get fired for every two minutes hate on twitter and tumblr, nobody is going to survive. And lest you rest easy in the false belief that you are safe because you are a double plus goodthinker, think again. Go watch the fun and games of Vox Day vs Tor books where he fully intends to make the SJWs start living by the same rulebook they wrote for everyone else. Everybody loses. Which is of course the only way to win because they won't even consider rewriting the rulebook until you also live in fear. And if that isn't enough to seize up your sphincter, consider that Eich was sacked for supporting a political position that WON in the Bluest state and was the stated position of both President Obama and Hillary Clinton at the time he made the donation. So there truly is no safety, when the tumblerinas shift the goalposts again you too could find yourself in their cross-hairs for a decade old position OR the growing counter strikes by people like Day.
Also worth pointing out that out of a post only mentioning this issue as a first step in building a chain of events mostly devoted to criticizing Moz Corp for selling out all principles, emulating Google and the Play Store, side hits on RedHat/Fedora, etc. that only this one side issue was replied to. You precious snowflakes really like creating the impression of all seeing, all destroying monitors of all speech don't ya.
(Score: 2) by Grishnakh on Wednesday June 17 2015, @01:26AM
If people are going to get fired for every two minutes hate on twitter and tumblr, nobody is going to survive
The shitstorm over Eich was very different for two reasons:
1) it wasn't just on Twitter or wherever, it was all over the mainstream news. When a Free software company (or any software company really, but especially one like Mozilla) makes it to the mainstream news, it's a big deal, and it's really bad if it's negative publicity like this.
2) Eich wasn't some random person or low-level employee, he was a CEO. CEOs are extremely public figures. The rules for them are different. This is the big thing all the conservatives just don't seem to understand, no matter what. What some janitor or burger-flipper can get away with is very different from what a CEO can get away with. When you're the public face of a company, they can be destroyed by any negative publicity you bring them, so it makes perfect sense to get rid of a CEO who's making the company look bad. Does "stock value" not compute to you? Gee, I'd think that talking in purely monetary and capitalist terms would make perfect sense to conservatives, but apparently not because they never, ever, understand this. Anyway, this is why very few CEOs take any kind of political stances or say anything publicly that would polarize people against their company. The only ones who do are ones who feel really secure in their positions for whatever reason (e.g., Apple customers aren't likely to get pissed by having a publicly-gay CEO the way Hobby Lobby customers might; also, a CEO who basically owns the company can probably do whatever the heck he wants; the Kochs are a good example here, as their company is privately-owned).
You precious snowflakes really like creating the impression of all seeing, all destroying monitors of all speech don't ya.
It's amazing how blind you conservatives are. Do you think a privately-owned company should have the freedom to fire an employee who drives to work with an Obama (or whatever) bumper sticker on their car? I'm sure you do. Conservatives were talking about that a lot before Obama got elected. But if someone gets in trouble for saying something conservative, suddenly you're screaming "freedom of speech!" Here's a clue: companies are not governments. The First Amendment doesn't apply in the workplace: if your employer doesn't like your speech, in most states they can fire you, thanks to Right-to-Work laws. You conservatives are all perfectly OK with right-to-work laws, and bash states (I think there's only one left) which aren't, and complain about it being too hard for employers to get rid of people. But if it's a conservative issues, suddenly you're screaming "freedom of speech!" Why weren't you screaming that about Muslim employees who wanted to wear veils at trendy clothing stores? (For the record, I think that was bogus too; the store had every right to fire her for not following the dress code and bringing religion into the workplace.) Face it: you're all a bunch of hypocrites.
(Score: 2) by GungnirSniper on Tuesday June 16 2015, @02:09AM
Who are you talking about? The Representative who introduced the Patriot Act is still an active Republican: Jim Sensenbrenner. [wikipedia.org]
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 0) by Anonymous Coward on Tuesday June 16 2015, @03:45AM
You're right. Merely voted for the Patriot Act. Authored the Defense of Marriage Act. Extended the scope of the War on Drugs. Said all the right things in 2008 to get the LP nomination, the people in attendance went apeshit over having a minor celebrity in the audience and nominated him over Wayne Allyn Root. He spent most of the 2008 campaign drinking in bars all across the country, and promptly went right back to being a Republican as soon as the election was over.
That doesn't change the fact that the LP sold out, just like Mozilla sold out.
(Score: -1, Offtopic) by Anonymous Coward on Monday June 15 2015, @09:14AM
Except Soylent, of course, it's the best. Have you read NiggerCommander's blog posts? They're massive, like where does he find the time to write whole books about how wonderful Soylent is?
I can't wait for Soylent to die without warning! That's gonna be fucking awesome!
(Score: 4, Interesting) by Runaway1956 on Monday June 15 2015, @09:36AM
Alright - you have a Revolution phone. I hit Google, and it seems that the selling point of the Revolution is, you can switch between OS's. I went to this page, and it appears that you can still download images to load on your hardware -
http://downloads.geeksphone.com/ [geeksphone.com]
Maybe this page is where I should have started: http://forum.geeksphone.com/index.php?topic=6508.0 [geeksphone.com] There seems to be no known method to sign a new bootloader image. Yeah, looks like a screwup - an open source project using an Intel signing process. Coldnew posted "I still need time to write about the boot.img format, but actually it is SIGNED in RSA algorithm by Intel's tool called isu, thanks some Chinese developer, now I have the isu binary, but I need geeksphone's key.pem to signed up the boot.img."
I guess the question is, how does one find the key.pem? Seems like Geeksphone should be able to supply it to the community.
Yeah, I guess I'm at the same place that quixote arrived at when he posted . . .
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by quixote on Monday June 15 2015, @01:15PM
"There seems to be no known method to sign a new bootloader image."
That's what I'm afraid of. Like another commenter said: how is that even allowable on an open source project. And, as someone else said, Mozilla really is losing its shit. >:(
(Score: 2) by kaszz on Monday June 15 2015, @02:22PM
One way is to contact Geeksphone. Another is "too bad if there's a buffer overflow sprintf() in your code wouldn't?" or code in stack .. :P
(which would allow anyone to detour the boot sequence just like with ordinary locked computerphones)
To the dear Geeksphone: Fix such that owners of said phones can load and install their own bootimages and kernels or watch your standing with the community go *P00F!*
(Score: 3, Interesting) by Gravis on Monday June 15 2015, @09:55AM
I'm also mad as hell.
that is your prerogative but some of that anger should be for yourself because you didn't make sure you could build the firmware from scratch.
Any other Soylentils in this mess?
i dont have a pocket computer but i have a cellular telephone that is great for telephoning. [amazon.com] after two years of use, only needs to be charged every couple weeks. the reported standby time is 39 days.
Anybody have any ideas on a useful way forward?
yes! there are many multiple options:
* only invest in portable computers that have the complete source or not at all.
* reverse engineer the bootloader and build your own version of the OS
* make a pocket computer of your own design
* declare all the aforementioned options are bad and pout.
(Score: 2) by c0lo on Monday June 15 2015, @10:29AM
And where the hell are the call logs on that model? Got one of those last December and I'm couldn't find where to find the last call to add the calling number to contacts, drives me crazy.
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by Gravis on Monday June 15 2015, @12:15PM
And where the hell are the call logs on that model?
if you just hit the call/send button without dialing, it will bring up the log. however, if you go to Menu->Settings->My Shortcuts, you can reconfigure the navigation and selection keys to do just about anything.
(Score: 2) by c0lo on Monday June 15 2015, @02:42PM
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by VortexCortex on Monday June 15 2015, @08:29PM
if you go to Menu->Settings->My Shortcuts, you can reconfigure the navigation and selection keys to do just about anything.
Indeed, the devices typically run Java (Mobile Edition), which is incredibly moddable too, but for which you probably don't have the ability to flash with your own firmware image -- really how is that better in any way (besides battery life)?
To those concerned about cracking a locked bootloader, and/or consider a non-smartphone: On all modern cell phones the mini-kernel that handles the baseband radio IO is insecure and has full read/write access to the entirety of the phone's memory. Even the "feature phones" or "dumb-phones" you have today are basically the same as smartphones just with less CPU power, (thus better battery life), and different input features (no fancy multi-touch screen). Point being: The security benefits of using a dumb phone are largely imaginary, as are the security benefits of having a phone with open source software/firmware.
Let's say you do get open source audited firmware installed: Just like with a smart(er) phone an IMSI interceptor, like the Stingray systems cops are using, could easily inject malicious data that exploit any of the hundreds of unchecked bounds in the baseband kernel to perform a remote code execution vulnerability and take over the dumb(er) phone, install a rootkit that reports location information (tower signal strength for triangulation even if no GPS), exfiltrate all the data on the phone, and etc. Since the decommission of analog cellular so too went the uncrackable plain dumb cell phone with simple speed-dial memory - You could spy on these too (even with just a modified HAM radio), but at least they didn't have the capacity to have spyware installed to carry around with you. Some of this could be fixed with an open source baseband kernel instead of a blob, but then there are a few hardware level exploits that no amount of open source code can fix.
I like FLOSS, and understand the principals behind using it exclusively, but I don't get why it's such a big deal today with so many exploits (mistakes) in the code and no way to verify the hardware it's running on isn't injecting spyware into all of your binaries. Ken Thompson's ACM acceptance speech covered this in the prophetic year of 1984. [bell-labs.com] Until we have open & verifiable hardware FLOSS is primarily to avoid vendor lock-in, IMO; It does little to ensure security. Complete Mobile VMs, when? It's a bit more complex to deliver ex-filtration and tracking payloads on smarter phones because the dumber ones are less diverse in the firmware department, but state level hackers have the time and resources to build cracks for any/every phone model. Beware if your phone gets an over the air firmware update, then seems slightly off (typically missing a few vendor installed custom features) and requires you re-enter WIFI passphrases etc, then a reboot or two later returns to prior operating conditions: Rather than hack the phone in real time, sometimes a spoofed update cycle is used to send you a spyware infested firmware for your model then (re)update to the vendor's firmware after getting your data (this attack is often deployed during an actual update cycle) -- Don't get too paranoid as some vendor features disable normally until you accept terms and conditions required by some firmware updates.
Ever since GSM's poor linear shift register encryption was hacked anyone with a bit of cash and some know-how can use a software defined radio and about a month of evenings figuring out how to overwrite their own phone's OS in real time (do so in a Faraday cage to avoid breech of FCC regs). Buh bie "bootloader" lock, just warm-boot over the air to a whole new OS. Bonus: Turn it off and on again, and it's an unmodified phone again... Besides price & battery life, I'm not really sure what the draw is for the dumber phone. They aren't any more secure than smart ones are, and they do less. Just be aware that anything you do and anywhere you go with any cell phone purchased today is potentially public information (as they ping the public airwaves just asking to get spied on or infected). One outcome will probably be that enough hobbyists like myself hacking on their own mobile hardware will bring the barrier to entry to cracking phones low enough such that common identity thieves will have plug-n-play point-n-click access to the same tech hackers do (just like with exploit toolkits on desktop / server machines). That way we'll be forced to take a proactive approach to security (as on desktop and servers); We probably won't ever get open hardware with end to end encryption default on our systems at the hardware level, but that's what we need. Until we can 3D print chips at home your best bet is a FPGA if you REALLY need to know the chipset isn't spying on you. Off the grid (clean power) computing in an EM shielded enclosure is another option -- it doesn't matter if the Intel Sandy Bridge chip's cellular modem is spying on me, or just waiting to get bricked, if it can't phone home.
Invest in a Faraday bag if you want a bit of mobile privacy. Also, try leaving the mobiles at home every now and then. You may be pleasantly surprised at the results of less distracting information overload. For the more adventurous, create a phone pool and trade phones with friends (don't put anything important on them - get a little black book for your contacts), that way any tracking done is mostly useless. For the most adventurous, I don't recommend this as it's highly illegal, but you can sniff cellular traffic then clone a nearby phone's signature (even a dumb phone), and use the SDR to make innocuous looking phone calls (preferably at both ends, receiving end will have to jam the phone it cloned). Buh Bie usefulness of "meta data" collection. That's what some of the higher tech criminal elements do, which demonstrates why all the NSA spying can't stop terrorists (that's a smoke screen to manufacture consent to spy on "troublemaking" US citizens / activists who blow whistles on the powerful and corrupt).
P.S. It's fun to see the complexity of good 'ol Hayes-like modem commands still down in the guts of our cellular modems. It's a veritable cornucopia of exploitability -- almost like none of those command strings are even tested for overflow / unexpected input. I guess most hackers today don't get down to that level, but I expect they will as the Software Defined Radio becomes ever more available.
(Score: 2) by Gravis on Monday June 15 2015, @09:49PM
On all modern cell phones the mini-kernel that handles the baseband radio IO is insecure and has full read/write access to the entirety of the phone's memory.
actually, you are wrong about this. the radios have their own little ARM chips that handle the I/O. the radio is an I/O peripheral to the CPU just as much as the keypad and LCD.
Point being: The security benefits of using a dumb phone are largely imaginary,
the primary threat to pocket computers is not their voice telephony capability, it's the other software that gets installed on it. the secondary threat is bugs in absurdly complex OSes and software. the smaller the OS, the better.
as are the security benefits of having a phone with open source software/firmware.
having a phone with open source software/firmware allows people to verify that they aren't being spied on by the phone manufacturer and that there are no (deliberate) backdoors. yes, they have been busted in the past for doing this.
Invest in a Faraday bag if you want a bit of mobile privacy. Also, try leaving the mobiles at home every now and then. You may be pleasantly surprised at the results of less distracting information overload.
do you really have that little willpower?
as for all the rest of you post: ugh... you talk big but you really don't really get the big picture.
(Score: 3, Touché) by Anonymous Coward on Monday June 15 2015, @12:42PM
Have any other remarks to let everyone else know just how great you are compared to every and anyone?
I don't think we are yet fully able to appreciate the total overwhelming grandeur that is your ego.
(Score: 2) by quixote on Monday June 15 2015, @01:06PM
"some of that anger should be for yourself"
Yup. You probably noticed from the post that I'm kicking myself.
(Score: 2) by subs on Monday June 15 2015, @01:24PM
i have a cellular telephone that is great for telephoning
"And get off my lawn you kids!"
(Score: 3, Informative) by kaszz on Monday June 15 2015, @02:17PM
Doesn't matter if the evil device uses code signing. You can have the source, can modify, can compile, upload it etc. It still won't run unless you get the blessing from the noble oligarchy in the form of a signed cryptokey.
(Score: 1, Interesting) by Anonymous Coward on Monday June 15 2015, @11:14AM
The perfect smartphone could be Fairphone + Replicant [1]. Replicant delevopers have said however that in the current Fairphone incarnation, the modem can spy the CPU... Should they manage to fix it that it's something I might buy. Until then I'll hang onto my (t)rusty 20 year old Nokia.
1 http://blog.replicant.us/2013/11/fairphone/ [replicant.us]
To the submitter: windmills 1, quixote 0. Next time spend more time checking how you invest your hard earned dineros. ;)
(Score: 2) by TheRaven on Tuesday June 16 2015, @11:39AM
sudo mod me up