Containers are good, but…

Recently I have been reading a lot about computer and other hardware (phones for instance) security, and believe it or not, at this moment I think that GrapheneOS on a recent Android phone (it only supports Google’s Pixel devices because of their Titan M chips) is the most secure environment you can run right now – at least as a private person.

The problem with computers start at the kernel, and though Linux or the BSD family of operating systems are better than anything Microsoft or Apple, they are not without faults. A recent Linux kernel has probably thousands of kernel bugs, and the BSDs are only slightly better in that regard.

So what is the solution? The already mentioned GrapheneOS takes the Android approach of process and syscall isolation, with “sandboxing” as much as possible, and in this regard it might even beat Apple’s iPhones which are also quite good. On desktop and notebook computers, it’s the monolithic kernels which are the base of the problem; if an “application” (a program as we called them during my time) gets affected by an attacker, it’s relatively easy for them to break out of the program’s environment, and to take over everything, often with root rights (especially on Windows, tho it’s getting better).

When a few years ago Docker was the next big thing, my reply to it was that this wasn’t anything new – Solaris or the BSD family had containers or “jails” since I could think, so what was the fuzz about? Big Tech wants people and companies to move back to the “cloud”, and there these concepts are really needed, and so Docker and Kubernetes are now really big.

And what about the home desktops and notebooks?

Well there are interesting developments like for instance gVisor or Google’s “Fuchsia” operating system with its “Zircon” microkernel, and Daniel Micay – head of GrapheneOS – thinks that this is the future. But they’re not ready for everything yet, each isolation layer takes its toll (and will probably introduce more and newer bugs as well), and so for realtime processing like we need it for making (recording) music for instance, that’s a no go – maybe we’ll have to really separate the whole (“bare metal”) machines from the internet for these tasks?

Whatever it will be, that will be interesting to follow. Oh, and in the meantime, I’ll have it all, like a Windows 10 *and* a FreeBSD 13.2 on my Debian 12, like here:

At the same time, on another screen:

And while writing this, these “throw away” virtual machines you see in my first screenshot are history already – don’t need them anymore…

As always, thanks for reading.

About phone (and desktop) security

I know at least one former colleague who really cared about privacy and security concerning his mobile phone. And this morning, I’ve heard an interesting interview with Gabe, one of the developers of GrapheneOS, using NewPipe on GrapheneOS on my late brother’s Pixel 3a device – that looked like this:

That’s one and a half hours of a really interesting interview, so it’s really worth it. And I can confirm how secure those mentioned Titan M chips are, not even Google could hack or circumvent those, so if I wouldn’t have been able to guess my brother’s passcode, that device of his would have been an expensive paperweight.

I also liked how Gabe gave lots of credits to Apple because of their long-term support of their iPhones and devices, but yes, with the Pixel 6 and newer, things are improving on the Android side as well.

About desktop security: it’s actually worse than this, the same interviewer has some other interesting videos about that, or tips how to use Tor on your phone.

Recommended listening. And like always, thanks for reading.

Most popular on XDA

Well this is interesting. Over at XDA Developers, there’s an article about the “Most popular custom ROMs for Android in 2023“. And of course on top of that list there just had to be LineageOS, as it’s probably the most popular custom ROM anywhere, not only on the XDA developers’ site.

What’s more interesting than that is the place 2 of the list, which is PixelExperience, or PE in short. And that’s interesting because it supports lots of vendors, and it turns their devices basically into almost original Pixel phones (minus the hardware like Titan chips of course). Haven’t tried it yet, but for the Pixel 3a like for many others there’s Android 13 available.

Until now, and both on the Google Nexus 5 and now on the Pixel 3a, I have tried /e/OS, LineageOS, and most recently now, GrapheneOS – so I’ve had basically every possible experience with and without Google services like microG or even the original ones (also on original phones). And all of these have their virtues, and also their different goals. While some of these ROMs simply prolong the lifespan of your device, others try to avoid Google and are built more on security aspects like application sandboxing and memory isolation. All valid reasons to try something different than a Google or Apple (or Samsung or any other) device.

I find all of that interesting. If the 3a (or the 4a) were still my “daily drivers”, then I’d be glad that I have choices, and would try and check if GrapheneOS and the app from my bank like each other. If not, I’d probably try PixelExperience – or any other one which supports the devices longer than Google does. The 3a is out of support since a while, the 4a will soon be, and so on… and anything is better than throwing devices away, isn’t it?

Thanks for reading.

Trying GrapheneOS

The last update of the inofficial version of LineageOS I had on my late brother Willi’s Pixel 3a phone went bad. Which is okay, not everyone has every device to test, and remember that these developers from XDA do it all for free and in their spare time.

So after reading an interesting poll in AndroidAuthority, together with a test of GrapheneOS on a Pixel 6, I decided to try it on the 3a. And what should I say – it looks *very* minimalistic but is brilliant under its hood, and again I’m learning a lot. Here’s an almost standard home screen from which I removed one app shortcut (the one for the gallery which is empty at the moment anyway):

GrapheneOS on a Google Pixel 3a phone


So to make it short: for now, I answered that poll with: “No, I’m happy with Google’s default experience” because I wouldn’t flash any third party OS onto a device which is still supported. But for an older one – as long as you can get images for them – this is a good choice in my opinion. So in case you *do* have a Pixel phone which is about to run out of support, and if you don’t need the Google Wallet for payments, GrapheneOS is worth a look. It can even run Google’s Play store in a sandbox in case you’d need that (which I don’t).

Like always, thanks for reading.

Some IT news for today (March 17th, 2023)

First, a test of a notebook which runs Linux pretty well. It’s the modern version of one that a former colleague of mine had, the Lenovo X1 Carbon, here in its 10th Generation. Liam Proven checked it on The Register’s site, here:

I had a much bigger and heavier Lenovo P50 “workstation” type which also ran Linux just fine, just like my wife’s L380 Yoga 2-in-1, as you now would call them if you can rotate the display 180 degrees and use it with the in-built pencil.

Seems that for Liam, Linux Mint in its latest version has been a good choice. But others will follow…

Next: Debian’s upcoming version “Bookworm” (or Debian Linux 12) is now in hard freeze, which means that bug fixing will be going on full steam by now, and after a short “full freeze” period we’ll get that next version. Announcement is here:

Which I’ve found via the Debian micronews (thanks Laura!).

One last one for today, which this time is about a vulnerability on a Samsung chip. Google’s Project Zero warns about an issue with Exynos Modems, read here:

Its Pixel 7 devices should be safe already, but in case you have some sort of Pixel 6 or a Samsung Galaxy S22 or others, read AndroidAuthority or other sites about it as well. And turn off VoLTE and WiFi calling until there’s a fix for this.

Ok folks, that’s it for now – and like always, thanks for reading.

Well – the percentage is right…

… but KDE Connect and GSConnect differ with my phone’s opinion about the remaining battery time – see here:

For me at least, “48:29” – what is that – hours and minutes? Or minutes and seconds? – sounds a bit different from the phone’s display of “1 day, 5 hrs”

Have to check where to send a bug report about that…

Anyhow, like always, thanks for reading.

Easily repairable, but…

I’ve read the very positive reviews in The Guardian and also in Trusted Reviews about the new Nokia G22 mobile phone. This new device does indeed stand out of the crowd because like a Fairphone 4 you can pretty easily repair it yourself – changing its battery for instance would take mere minutes, and would require almost no special tools. I’ve looked it up, and it starts at around 180€ in the price comparison engines – far cheaper than the Fairphone.

That alone and in itself is applaudable indeed, and we all should give HMD/Nokia credits for it.

from the Nokia website


Last weekend, we walked through a big chain electronics store, and when coming past the mobile phone section we saw quite a number of people standing around the Xiaomi/Redmi exhibited parts. I’ve had a short glance, and wow, these had really gorgeous displays, must have been OLED, although I didn’t really look them up until now. And they, too, were about 180€ – no wonder that people flocked around them like flies around honey.

And that is probably the Achilles heel of the new Nokia G22 – which comes with a rather huge 6,52″ IPS display with a mere 720×1200 pixels – not even Full HD! They even got it wrong on their own website, because an aspect ratio of 20:9 means that it has in fact 720×1600 pixels – but HD+ also means that for normal video content, 720×1200 is about right (should read 720×1280 for that)… come on, Nokia/HMD, even the Google Nexus 5 from 2013 did far better than that – it had an IPS display as well (OLED wasn’t really a thing in 2013 yet), but at a much cuter 4.95″ size it had Full HD, which easily beat even Apple’s SE line until today.

That Nokia G22 does everything else quite right, and it even comes with a headphone jack. It would be perfect if it wouldn’t be a) that big, and b) come with that lame excuse of a screen. It almost hurts to see a good idea ruined through corporate greed like that!

HMD Global has their phones made by Taiwanese maker Foxconn who have facilities in Vietnam and who also make Google’s and even Apple’s phones. But would customers respect that, or rather take a similarly cheap Chinese brand like the -mi ones I saw on display? That large crowd of people around their display stand wouldn’t probably have a second look onto the Nokia G22 in direct comparison, which is sad.

So my advice to HMD would be: great start, people – now make it 20$/€ (10%) more expensive, and give us a nice OLED display with at least FullHD. Oh, and making it a bit smaller, like 6″ or so, would also be nice. Thanks for your consideration.

Oh, and to the reviewers of other sites:

It also helps not only to look at the makers’ support cycles (like in this case, three years), but also to help/hints about the possibility to unlock the devices’ bootloaders, so that after the end of these support cycles, we can easily unlock the devices, and put something with longer support onto them. I’d love to read any news about that, and if the makers don’t claim anything, ask them – you’re journalists, aren’t you? And as jourmalists you should ask questions, not only repeat the maker’s ads. Thanks a lot.

No “AI” needed…


Flageolet, Mörfelden-Walldorf 2023

… is the same as my blog header photo, but heavily blurred with The Gimp‘s “Lens Blur”, using a radius of 200.

I took inspiration from the wonderful wallpapers (especially the “Sage” one) of the Google Pixel 6a mobile phone, which let you really concentrate on your foreground instead of the underlying background. See here as an example:

my desktop as of now

See how much the browser window and also the Conky system monitor stand out if the background just isn’t that sharp and detailed? What a simple but effective idea from Google’s artist crew; bravi! See 9to5google, and especially this image which would also be big enough to cover my desktop…

Like always, thanks for reading.

Better than official numbers…

C. Scott Brown reports about the Fairphone 2 phone on AndroidAuthority, telling us that it has been supported for 7 years until now, and that this is better than even Samsung’s update policy.

And right he is of course, but forgetting that a) some iPhones were supported equally long, and that b) there are third party offerings like for instance LineageOS (just to name the most well-known one) who easily top that – for the mentioned Fairphone 2 for instance, there’s Android 11 in form of LineageOS 18.1 available.

And that’s far from the end of it – on my Google Nexus 5 I had an (unofficial but still great) version of LineageOS 20 which equals Android 13 – and that was a device which was even 2 years older than the Fairphone 2, and which LineageOS officially supported until 14.1 (Android 7).

So the real question before buying any new phone should be: is it supported by LineageOS and other 3rd party offerings? Do the makers at least give you the option to unlock the devices’ bootloaders so that you *can* install something different than the makers’ version of Android? For Apple’s iPhones and the iOS, the answer is generally “no”, so despite their long support through the maker they still lose against “open” Android phones like all devices from Google themselves for instance. See the devices listing on LineageOS, and if your phone is as old as a Nexus 5, don’t forget to mark the “discontinued devices” checkbox – if you find yours there, then there’s a great chance to also find some newer ROMs on the site of the XDA Developers.

The jury is still out, but at least with Android 13 on my late brother’s Pixel 3a I can even use my banking app, haven’t found many bugs even in that unofficial ROM yet.

So would I like to have a newer phone than that? Definitely yes. Do I really need one? Not so sure yet, although having Google’s quarterly “feature drops” is of course something really nice.

So if you’re reading articles about the longevity and the support cycles from manufacturers, don’t forget the third party aspect, it’s an important one in my opinion.

As always, thanks for reading.

Hmmm… another one swelling…

When three days ago I asked why things have to grow, I also meant that in regards to a swelling battery in one of our phones – again. This time it’s my Pixel 4a which is kind of hard for me because I consider that the perfect phone regarding size, features, and all…

So my first reaction was to change that battery, and I looked up videos about it and thought: “Oh my…”, because with *this* device it’s really hard. So I looked up an estimation for repair costs at Google, and oh my again…

estimated repair costs for a Pixel 4a phone

Don’t know if you can see that, but it says 326,06€ – which is more than a new Pixel 6a would cost either on mail order or in local electronics shops.

So for now I switched over to my brother Willi’s last one, the Pixel 3a. I had installed LineageOS 20 (Android 13) on it already, and after moving over the SIM card as well as some data, it almost looks the same like on my 4a:

Pixel 3a with LineageOS 20

So let’s see. Haven’t tried everything yet (like my banking app for instance), but so far this looks good…

Like always, thanks for reading.