We need to stop calling it "sideloading", we should call it freely installing software. The term "sideloading" makes it sound shady and hacky when in reality it is what we have been able to do on our computers since forever. These are not phones, they are computers shaped like phones, computer which we fully bought with our money, and I we shall install what we want on our own computers.
You could certainly say that. But if you go up to a normal person on the street and say "Google has prevented you from installing apps on your phone", while they're still able to install from Google Play just fine, they're going to look at you like a crackhead.
Language is for conveying information to other people. If your audience doesn't understand what you're saying, you're effectively screaming into the void.
And the average person would understand that as a non-issue. The issue is you need a developer account to distribute your app, and Google can censor you not explaining anything to you or others. The issue is Google being a gatekeeper. And the fact that there’s malware in Google play store, is a cherry on top.
Would it be possible to exclude app store install from "Install", eg swapping positions with sideloading? The idea would be that "app store sideloads" are more like enabling features than installing something novel, and installs allow something unplanned to be enabled.
How badly screwed are we that the term "installing" doesn't work because it doesn't exclude the now default assumption that someone else controls everything you are allowed to install.
> when in reality it is what we have been able to do on our computers since forever
You do realise that's been changing right? Slowly of course, there's no single villain that James Bond could take down, or that a charistmatic leader could get elected could change. The oil tanker has been moving in that direction for decades. There are legions defending the right to run your own software, but it's a continual war of attrition.
The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
"Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that."
Unfortunately it also means giving the key to the Kingdom to a company like Microsoft or Google which are definitely adversaries in my book. Keeping them in check was still possible with full system access.
Even Apple I don't trust. They're always shouting about privacy but they define it purely as privacy from third parties, not themselves.
And they were the first to come up with a plan where your phone would spy on you 24/7.
> The vast majority of people on this site (especially those who entered the industry post dot-com crash) ridicule Stallman.
I've been in tech and startup culture for over a thousand programmer-years (25-30 normal years). It wasn't dot-com or the crash. It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer. When the huge mobile wave hit (remember "mobile is the future" being repeated the way political pundits repeat talking points?) the entire industry was bent in that direction.
I'm not sure why this is. It could have been designed and planned, or it could have evolved out of the fact that mobile devices were initially forced to be locked down by cell carriers. I remember how hard it was for Blackberry and Apple to get cell carriers to allow any kind of custom software on a user device. They were desperately terrified of being commoditized the way the Internet has commoditized telcos and cable companies. Maybe the ecosystem, by being forced to start out in a locked-down way, evolved to embrace it. This is known as path-dependence in evolution.
Edit: another factor, I think, is that the Internet had no built in payment system. As a result there was a real scramble to find a way to make it work as a business. I've come to believe that if a business doesn't bake in a viable and honest business model from day zero, it will eventually be forced to adopt a sketchy one. All the companies that have most aggressively followed the "build a giant user base, then monetize" formula have turned to total shit.
Ironically, to take it full circle, I think that the thing that led to mobile being so user-hostile was the lack of sideloading of apps.
I remember sites on the early web like Hampster Dance, where monetization happened as an afterthought. But if you have to pay $99 annually and jump through hoops just to get your software even testable on the devices of a large number of consenting users, the vast majority of software is going to be developed by people who seek an ROI on that $99 investment - which wasn't cheap then and isn't cheap now. Hampster Dance doesn't and wouldn't exist as an app, because Hampster Dance isn't made as a business opportunity.
Similarly, outside of a few bright lights like CocoaPods, you don't get an open-source ecosystem for iOS that celebrates people making applications for fun. And Apple doesn't want hobbyist apps on its store, because Apple makes more money when every tap has a chance of being monetized. Killing Flash, too, was part of this strategy.
Apple certainly could have said "developers developers developers" and made its SDK free. But it realized it had an opportunity to change the culture of software in a way where it could profit from having the culture self-select for user-hostility, and it absolutely took that opportunity.
It's not a bad place, the environment we live in. But IMO, if Apple had just made a principled decision years ago to democratize development on its platforms, and embraced this utopian vision of "anyone can become a programmer"... it could have been a much brighter world.
I suspect the average computer user is significantly smarter than the average phone user. The reason is that I've never seen a really dumb person using a computer, but I've seen plenty using phones. That might (or might not) be related to why the phone ecosystem evolved the way it did and computers didn't end up like that.
I think a big reason was customers' ignorance. The manufacturers can come up with whatever they want, if no one buys it it does not matter. People accepted locked-down smartphones because they saw them a phones first and foremost. If I recall correctly the iPhone released without any app store, so it was really not that different from a dumb cell phone. If you had offered those same people a desktop PC or laptop that you could not install your own programs on, that had no file explorer, that could barely connect to anything else no one would have bought it. But because they say smart phones as telephones first it flew over their head. How many of the people who are upgrading to Windows 11 now because of lack of security support are still running an outdated smartphone? The phone probably has more sensitive data on it than the PC by now.
People are willing to accept restrictions when they come with newer technology. Why is that? I don't know, I'm just reporting on what I see.
It was mobile. The mobile ecosystem has always been user-hostile and built around the exploitation of the customer rather than serving the customer.
Right. It was infuriating when those of us criticizing the iPhone's restrictions were told "it's just a phone, who cares", when it was clear that mobile computing was going to take over quickly.
If you want a real blackpill (I think this is the right word), consider the famous Cathedral and the Bazaar.
I recently had a realization: I can name Cathedrals, that are 800 years old, and still standing. I can't name a single Bazaar stall more than 50 years old around any Cathedral that's still standing. The Cathedral's builders no doubt bought countless stone and food from the Bazaar, making the Bazaar very useful for building Cathedrals with, but the Bazaar was historically ephemeral.
The very title of the essay predicts failure. The very metaphor for the philosophy was broken from the start. Or, in a twisted accidentally correct way, it was the perfect metaphor for how open-source ends up as Cathedral supplies.
There are definitely bazaars which have a very old history. Being that the word "bazaar" has middle-eastern origins it feels appropriate to highlight middle eastern bazaars. Al-Madina Souq in Aleppo is one such bazaar with quite a few shops/stalls/"souqs" dating back to the 1300's or 1400's, such as Khan al-Qadi (est. 1450). Khan el-Khalili in Cairo has its economic marketplace origins rooted in the 1100's-1300's.
Name a single bazaar vendor that's still going more than 50 years in any of them. The bazaar as an institution remains, as it does today, but there's no permanence with a bazaar, just as open-source will never have a permanent victory without becoming a cathedral. Bazaars persist through constant replacement, churn, not victory.
Windows NT will be with us longer than systemd and flatpak.
No I meant there are individual shops inside the bazaars that are still going under the same brand name for hundreds of years. The El-Fishawy Cafe inside Cairo's Khan el-Khalili bazaar has been operating under the same name since the 1700's[0]. Bakdash ice cream parlor inside Damacus' Al-Hamidiyah Souq was established in 1895.
For me, walking through an old Souq gives me a similar feeling of awe / mortality / insignificance as viewing a cathedral or looking from the Colorado ranch land up to the Rocky Mountains.
Also some cathedrals have remained "Catholic" since their raising, but there are a lot that have changed from Christian to Islamic to Protestant ... both the cathedral and the bazaar's physical buildings are still present from the same era and both are used for their original purpose (marketplace or worship). And both have delibly shaped their regions by being engines of culture, innovation, and power.
Windows NT is younger than Unix. I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount.
However ... the domain of operating systems is subject to weird constraints, and so it's not really appropriate to make some of the observations one might make in other domains. Nevertheless, I thought the point was that we want things to improve via replacement (a "bazaar" model), rather than stand for all time. We don't actually want technology "cathedrals" at all, even if we do appreciate architectural ones.
> "I'd say the smart money is on the Unix-derived line of operating systems outliving Windows NT by a considerable amount."
Are you referring to the *BSDs? Linux isn't Unix derived. It's a re-implementation with no code traceable back to the original Unix or any of its descendants.
Aside from that, Windows has a revenue stream behind it that looks to continue indefinitely paying for its development and Linux has...? The half-digested carcass of Red Hat within IBM? Canonical?
Android is shaped by Google solely for Google's own monetary gain, just as Windows is by Microsoft. A Google branded dog collar around our necks doesn't seem much better than a Microsoft branded one.
Microsoft of course is also a major player in Linux (via Azure). As is Amazon. Their companies depend on it.
It's no longer a bazzar where random university lecturers write and run entire subsystems between classes, but it is at least multiple companies contributing.
Cathedrals change organizations too. You can't compare the longevity of a physical edifice (a cathedral) to an individual or organization (a bazaar vendor). They are different classes of things.
Not to mention the large number of ancient marketplaces that still exist (in active use) all over the world, some of which are UNESCO world heritage sites.
This type of informal market likely outnumbers cathedrals, especially if you count the ones that evolved into tourist markets, high streets, malls, and central business districts.
The title also correctly describes the relationship between FOSS and cloud SaaS. FOSS is the bone yard and parts catalog that devs go to when building closed platforms to lock in users. It largely exists today to be free labor for SaaS and training data for AI.
I'm not there yet, but I am perilously close to tipping over into believing that making open source software today is actually doing harm by giving more free labor to an exploitative ecosystem. Instead you should charge for your software and try to build an ecosystem where the customer is the customer and not the product.
I stress today because this was not true pre-SaaS or pre-mobile. FOSS was indeed liberating in the PC and early web eras.
Businesses die. Cathedrals don't. IBM is 114 years old. Microsoft is 50. Google is 27. Disney is 101. Nintendo is 136 (they'll outlive Steam and the next nuclear war at this rate). The COBOL running banks is 65 years old. Windows NT architecture is 32. The platforms become infrastructure, too embedded to replace.
How many bazaar projects from even 10 years ago are still maintained? Go through GitHub's trending repos from 2015. Most are abandoned. The successes transform - GitLab, Linux, Kubernetes, more Cathedral than Bazaar.
> How many bazaar projects from even 10 years ago are still maintained?
Uhh, all the big ones in common use? GNU’s massive portfolio of software, Linux, multiple BSDs, Apache, Firefox, BusyBox, PHP, Perl, the many lineages of StarOffice, LaTeX, Debian, vim, fish, tmux, I mean this barely scratches the surface. Are you kidding me?
How many startups have failed over the last decade? I would argue that the norm is for any project to eventually cease. Only useful things with an active community (whether that community is for-profit or not) tend to last, until they are no longer valued enough to maintain. This goes for things in the physical world just as it does for software.
Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib and GCC, etc. Just because you can't think of it, it does not mean it doesn't exist.
> Any of the BSDs (well 2BSD is the oldest on a quick search), the linux project, the GNU C lib, etc. Just because you can't think of it, it does not mean it doesn't exist.
Did BSD defeat Linux? No. Which BSD is even the right one? BSD's biggest success is living on as the foundation of Apple's Cathedral in XNU, and PlayStation's Cathedral in the PS4 and PS5.
Did Linux stay a bazaar vendor? No - 90% of code has been corporate contributed since 2004. Less than 3% of the Linux Foundation budget goes towards kernel development. Linux is a Cathedral, by every definition, and only exists today because Cathedrals invest in it for collective benefit. It's a Cathedral, run as a Cathedral joint venture, to be abandoned if a better thing for the investing Cathedrals ever came along.
GCC? Being clobbered by Clang. Less relevant every year. Same with GNU coreutils, slowly getting killed by uutils.
Firefox? Firefox only still exists because a Cathedral called Google funds it.
LibreOffice, Apache, PHP, Blender? Professional foundations that get very picky about who is allowed to contribute what. They aren't amateurs and they all depend on Cathedral funding. Blender only got good when it started collecting checks from Qualcomm, NVIDIA, AMD, Intel, and Adobe. Blender is a Cathedral funded by Cathedrals.
That's such an American take. Something doesn't have to be a "winner" to be useful. I enjoy using FreeBSD on my desktop and I don't care about the 0.01% marketshare.
I really dislike all the corporate involvement in Linux. I don't believe in win-win with commercial. That was the main reason for my choice though there's other things I like too such as full ZFS support and great documentation.
Wtf is a bazaar vendor? A bazaar-style project is a project with a variety of contributors who aren’t necessarily affiliated with a central org, where decisions are made at least partially through consensus. Linux still fits this description although it’s more of a hybrid model at the moment, as decision-making is highly centralized. But as a free/open source project, that centralization exists with implicit community consensus. If a substantial portion of the community decided that Linus and his team were making poor decisions, a fork would emerge. This process of periodic de-/re-centralization is a common attribute of many long-term FOSS projects and is usually not possible with proprietary software, absent generosity or neglect from IP “owners”.
ffmpeg and vlc jump to mind. They certainly aren't a central org -- other than in vlc having a shared like of traffic cones. My understanding of the ffmpeg dev team is they barely tolerate each other.
I feel like you're moving the goal posts and using the greed caliper for measuring open-source success. Open-source doesn't need "to win", because as long as they have developers, projects go on, and as long as they have any users they are still relevant.
>The term "sideloading" makes it sound shady and hacky
"side" refers to the fact that it's not going through the first party app store, and doesn't have any negative connotations beyond that. Maybe if it was called "backloading" you'd have a point, but this whole language thing feels like a kerfuffle over nothing.
I get where you are coming from. However, language like this matters when it comes to legislation. People outside there space will be guided by the sideload language to think it's just "something extra on the side so why should I care?"
I understand what sideloading means, as I'm sure the rest of HN knows. But to the layman non-techie, it has indeed been marketed as a boogeyman.
Even in the Android developers blog post:
> We’ve seen how malicious actors hide behind anonymity to harm users by impersonating developers and using their brand image to create convincing fake apps. The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.
The research paper that shows their methodology for discovering these results AHS not been published by Google, to my knowledge. Just a mere "trust me, bro".
But even if they used the term installing apps instead of sideload, what other word would they use? If they said "50 times more malware from internet sources than on apps through Play Store" people will still come up with their own wording.
If they use the word install apps, they would need to say installing apps from outside of the play store, in which case people are going to automatically try to come up with a different word to associate that with. Any word we come up with is going to be subject to being used for the good and the bad.
Language strongly influences how people perceive things. For example, people shown videos of a car crash estimated higher speeds and falsely remembered seeing broken glass if the crash was described as "smashed" or "collided" rather than "hit" or "contacted"[0].
"Direct installation" sounds neutral to me, but "sideloading" sounds advanced or maybe even sneaky.
Why "first party app store"? You mean the play store with that? Why is that necessarily the "first party app store". I mean, for "Google Android" it might be, but not for AOS.
I always found this term utterly bizarre. It first showed up in the early days of the mobile "revolution" and felt astroturfed, since no developer would think we need a fundamentally new term for downloading software. It felt like something some dark patterns team came up with to discourage free installation of software on your own device.
Of course maybe I'm overthinking it. It's common for people deep in the bowels of an industry to invent pointless jargon, like "deplane" for getting off an airplane. Anyone know where the term "sideload" was coined or by whom?
If Google provides a permanent mechanism to disable this in developer settings, then this devolves to an inconvenience.
The setting to allow unsigned apps could be per appstore tracked by an on-device sqlite database, so a badly-behaving app will be known by its installer.
No, I like F-Droid, but I don't want them to need an official Google status to operate, or for anyone who wants to compete with F-Droid to have to obtain that special status.
edit: because the next step would be Google paying F-Droid a half-billion dollars for default search engine placement, or something else stupid. It becomes a captured organization, an excuse subsidiary.
Yes, in that world everything works out. But as TFA notes, Google is pushing "developer verification" as a non optional change at the app level. To get around it in the future it appears you'll need a degoogled phone.
Time to figure out how to live without a phone - gotta find some sort of ultramobile pocket pc with 5G and run your own FreePBX for text and calling, etc. I've been wanting to do this forever, anyway. Using Starlink 5G would make it palatable, or maybe even preferable, assuming the performance is solid.
I have been thinking of secondary machine that would just use my phones wifi and encrypted vpn tunnels. Basically, the phone is only used for the banking app and whatever future government ID app will be required.
The secondary device would basically be built on a open platform etc. Once we can't use the phone for sharing the connection, then we are basically stuck using other wireless connections, LoRa for short to medium connections, direct wifi links and offline home cloud environments. It gets a bit grim when you think about it, but there are always options. Now, would you travel with a home made tablet phone in an airport for example? What a about a train station with xray scanners. Cyberpunk always comes to mind as well when thinking of these possible futures.
Seems like setting up a shareable wifi6 hotspot should be trivial, in this scenario - either a wifi 6 usb dongle or an m2 board like Intel WiFi 6 AX200/210 , can turn on hotspot mode for other devices.
WRT banking, you'd just use the browser - the whole point is to get away from the whole 'you need to spend $150/month and subscribe to a device and open yourself up to a whole suite of third parties in order to use an "app"'
You could use AI to build convenience scripts and UI tweaks, depending on your use case. Use tampermonkey or other script engine browser tools if you need to recreate a UI feature that a banking app provides.
I can build a much better machine for less than a flagship phone costs me, including video glasses and a few power packs. A wireless video stream to a dumbed down phone that only serves as the interface for swype style keyboard or something like that would also be an option - I think this might be a viable strategy.
I've seen raspberry pi phones and tablets that would absolutely terrify TSA agents, but I'm thinking more along the lines of a modded framework laptop with display hacks, or a boxy little pocket PC with a chonky battery - nothing that would alarm people unnecessarily.
I think I mostly take issue with the idea that the walled garden is necessary, or even preferable. Google at least had the barest shred of "the user has control" left - eliminating sideloading just eliminated any possible reason I would bother with them as a company.
I used a super-cheap Android phone with a Win tablet over 10 years ago, but couldn't come up with a decent "phone" option. I started using the phone itself for calls, everything else I did on my tablet.
Why would google implement a restriction then allow someone to disable it? That's literally how it works today. By default your Android phone with Googled-OS installs only from Play store, where all apps are verified. When you want to install non verified apps you need to explicitly allow it first.
"We urge regulators to safeguard the ability of alternative app stores and open-source projects to operate freely, and to protect developers who cannot or will not comply with exclusionary registration schemes and demands for personal information."
indeed, but they're not talking about your phone, they're talking about android, which is something you don't buy nor own, you buy a license to use it on the provider's terms.
linux phones can't come soon enough ...
your point about the termn "sideloading" is spot on, though. perverting the language is the first step of manipulation: installing software is "sideloading", sharing files is "piracy", legitimate resistance is "terrorism", genocide is "right to defend oneself" ...
> which is something you don't buy nor own, you buy a license to use it on the provider's terms
The distinction between "own" and "license" is purely a legal one. If I buy a kitchen table I own it, I can chop it up and use the pieces to make my own furniture and sell it. When I buy a copy of a Super Mario game I cannot rip the sprites and make my own Super Mario game because I don't own the copyright nor trademark of Super Mario. But I do own the copy, and Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
> linux phones can't come soon enough
GNU/Linux. I used to think Stallman was being petty for insisting on the "GNU" part, but nowadays I understand why he insists on calling it GNU/Linux. There is nothing less "Linux" about Android than Debian, Arch or any other GNU/Linux distro, but GNU/Linux is fundamentally different in terms of user freedom from Android.
> Nintendo does not get to march into my home and smash my games because they want me to buy the new one instead of playing my old ones.
This is a really interesting example to choose because the new Nintendo Switch 2 cartridges have literally no data storage except to hold a license key. The content has to be downloaded from their servers, which they absolutely will take offline eventually.
That would require a lot tighter and broader (but not corp-controlled) organization than what open source is accustomed to - making cheap and capable phones that aren't tied to a big corp is big challenge.
The popularity in app stores has no bearing. Some problem apps can be on no store, just locally installed. This has been well covered in the past and you are playing catch up. It’s about abusive household members who spy on their grown children, siblings, roommates, girlfriends, parents, etc. with apps they install on their devices if given a route to do so.
The sideloading change doesn't protect against abusive household members, though. Simple lock screen hygiene and periodic reminders about invasive permissions (e.g. accessibility & location) would do more. And let us not even pretend that is the true motivation for the change. An incidental consequence that you find defensible is simply that.
