I’m very happy to announce the first release of Capyloon, an experimental Web Based OS for the Librem 5! You’ll find installation details at https://capyloon.org/linuxphones.html
Capyloon is a spiritual successor to FirefoxOS : a web based OS that aims to provide a alternative to iOS/Android focused on User Agency.
Here it is, running on the Librem 5 (right) and PinePhone Pro (left).
Sorry, I meant I hack on my setup; I personally don’t use a mobile device, but I’m very interested in carrying a portable computer for other reasons. And really, that basically amounts to a portable web browser, hence my interest in your project.
Of course if I see any typos or misspellings in your docs, I’ll submit patches.
Read the capyloon.org and I got more questions than answers. Some of them are straight out of L5 FAQ (would be nice to have similar answers at some point). But for starters:
How and Why is it different (than iOS/Android and other linux distros and mobile linux distros) in general?
And more specifically concerning usability, efficiency, privacy and security perspectives?
How does (or does it) differ to install, how finished is the current version and how tech-savvy do I need to be to test it?
And just to be clear: I like having options, so this is/may be good. I also like to know the limitations.
Compared to iOS/Android, we want to get rid of walled garden / rent seeking practices. This means that by design, the ecosystem should not require things like “apps vetted by a store operator”. That also means exploring different monetization approaches, to incentive both app devs, hardware manufacturers and OS vendors.
Compared to classic mobile linux distros: we believe that they are not attractive enough from a user and developer standpoint. On the other hand, the web has many developers and we want to leverage that. I don’t want to start a shouting match with the “regular linux” crowd: this is a niche that has a lot merits, products like the Librem 5 pushing for more open HW are very much needed. But we think that focusing on mobile gnome/plasma for the UI is not the best choice for the application stack.
The web is a naturally permission-less execution environment, so it’s very well suited to be both dynamic in terms of content and code access, and at the same time it’s an unrivaled platform to enhance user experience by directly learning from the user’s activity - all locally, in a private way.
We mostly inherit the capabilities of the web runtime here, except for usability I guess (not sure what you mean by that). Security is a chain, and there is a lot to do on the distro side to be on par with eg. what is standard on Android (secure boot, read-only system partitions, a/b updates etc.). I know this is contentious for some people here, but it’s meaningless to pretend shipping something that is not really secure, but yet saying it offers privacy.
We will have custom Mobian images “soon” (thanks to the Mobian folks who reached out to explain us what to do!). For now you need to manually download an install the debian package on top of an existing Mobian installation.
The current version is very much a work in progress: you can configure wi-fi and a few other settings, and play around the UI. There is no telephony support yet. It’s not ready yet for daily use
The whole UI of Capyloon is a browser on steroids (it’s a fork of Gecko, the same runtime used by Firefox). In this model, each web app runs in its own sandboxed process.
Thanks for the answers so far. Can you still elaborate, as I think there is some obvious point I’m not comprehending? And bare in mind I never had a chance to get to know FirefoxOS either, or have any other background. (I should probably quote Jeremy Irons’ character: “Talk to me as I were a young child or a golden retriever”)
I’m confused about if Capyloon is just (more or less) a UI (does it need other OS in the background), a standalone OS or something else? The “web based” aspect seems central but doesn’t get across (to me anyway) and at least to me it would be beneficial to hash out more:
pros/cons of it and especially differences in how it changes user experience (Capyloon model may not be for everyone, so what would be the use cases - for what kind of use would it be best suited for?),
usability of apps (web apps only available? how to use non-webapps then?),
efficiency (speed, disk usage, net usage, memory usage, transferred information),
privacy and how that changes (what info or data is conveyed, or not, how is it controlled, and how does it change the the overall/macro as well as the ux/micro situation),
security and how it changes (permissions do not apply? why are they not needed? how to control and what is used to control now instead? - not just data to net but apps locally - is that different too?)…
To add to @Gavaudan question, how about selinux, apparmor etc. other security measures? Any reason firewalls would need reconfiguring (or will they be meaningless in this)?
This seems interesting, has several points. Can you expand on it though (possibly with what I asked above)?
I hope you’ll post here, when an image is available and it’s usable for us mere mortals
Hi! Thanks for all the questions. As a pre-amble, keep in mind this project is a lot about experimenting, so we don’t have all the answers. We will try things, maybe not like it and throw them away, rinse and repeat. But calling it ItchScratch was not a good name
About your questions: from a user point of view, yes Capyloon can be seen as a UI layer. I would say that the interesting bits are there. Of course it needs support from a kernel & drivers to provide some functionalities: we support android based ports (called gonk, inherited from FirefoxOS) and now have better support for regular Linux, even if the hardware support is not at the same level.
We believe that users are poorly served by current OSes that tend to silo data in apps. Putting users in control can be helped by the OS itself. For instance I like to listen to spotify radios during bike rides. Sometimes I discover a new song I like, but it’s very cumbersome to do a mashup of the spotify play history and the route gps tracker. Of course you can’t expect all apps to know about each other and to interoperate! But the OS itself knows where you went (you gave GPS permission to an app), and was also aware of what was playing when on spotify: why not provide an OS-level ability to drill into all this data? We are convinced that if you give people tools, they will build great things. Current OSes have instead turned into a very controlled model.
Note how this is all done on device, respecting your privacy. We also already include tracking protection, ad blocking and one-click Tor enabling.
It’s a web based OS, so only web apps are available. But it’s a supercharged browser, so additional non standard APIs are / will be available.
I’m biaised but I would say it’s very competitive. Web runtime get a lot of resources poured in to make them performant. Again, it’s early days…
See above. User control is paramount. Right now starting to work on data remote storage, that will obviously use client side encryption. We believe the cloud parts should be just clever enough, but not too much. Dumb pipes, dumb storage, smart device
Permissions apply like with your web browser: users will be prompted to grant access to privacy sensitive apis (geolocation, camera etc.).
A bit of background there: the initial “gonk” platform inherits from Android security model for the low level parts. These days this means selinux is used to enforce various constraints. Because Android is moving toward a quasi micro-kernel model with lots of small daemons, this leads to a lot of complexity on the selinux side.
So let’s say we are open to use something saner on regular Linux, and apparmor looks like a good candidate. Apps run in seccomp-sandboxed processes already, but there is a “main” process that still requires more hardening.
I’m not sure what you mean about firewalls in this context.
Very good, thanks, this, and UI layer viewpoint clears it a bit. With a user controlled linux (in stead of locked android model) this might be interesting new paradigm (apologies for the nasty word) to mash and develop information usage. As you stated, there is still much to do. Silos are there for some (previously) good reasons, so I hope Capyloon can present a usable, visualized and verifiable model to understand and control information for user approved services.
The firewall thing was in relation of it being apparently heavily web-based, so would its use of webapps and data permission handling create some sort of opening or challenge to firewall operations. Answers seems to indicate not.
I think your usecase is still a bit more an example of how information could be used more flexibly than what I was looking for: more like what type of users, what types of devices what types of needs (and on all of them, what probably is not solved in the near future with this). I can ques some of it, but it might help in the long run to steer expectations.
.JPG/330px-Capybara_(Hydrochoerus_hydrochaeris).JPG)
_on_capybara_(Hydrochoeris_hydrochaeris).JPG/330px-Yellow-headed_caracara_(Milvago_chimachima)_on_capybara_(Hydrochoeris_hydrochaeris).JPG)