$35 Firefox OS smartphone - back to the drawing board


#1

[Permalink]


#2

It sounds as if it has serious, serious design flaws, flaws which are inexusable, even if the $35 price point was absolutely firm.

The other really weird thing missing is any kind of battery backup for the time. If the phone loses power, the time and date gets reset, leaving it looking like an old VCR blinking “12:00.” So much of the Internet runs over a secure connection now, and the proper time needs to be set on the device or else it will think everyone’s certificates are expired and may deny secure connections. When the time gets reset, you can’t connect to the Firefox OS marketplace and download an app, you can’t pull your e-mail over POP or IMAP, and every secure webpage will throw up an error.

Sure, the time will sync down from the cell signal—if you have a cell signal. Remember, though, this is meant for developing countries where mobile coverage may still not be complete. (It’s easy enough to find “no service” in the US.) The time won’t sync over Wi-Fi, either. It’s perfectly possible to hit a Web server and pull the correct time—most desktop OSes do that—but Firefox OS doesn’t.

Further down…

If the lock screen pops up while reading a webpage, you’ll need to reload the page again. If you start the stopwatch and leave the app, the stopwatch stops. You can set the e-mail app to check for mail every five minutes, but there is never any free memory, so the mail check never runs. There isn’t even anything to keep the crucial alarm process alive. If the phone is busy when an alarm is supposed to go off, it just doesn’t go off. An alarm you can’t trust to work 100 percent of the time is useless.


#3

When it comes down to it, Firefox OS was not built for ultra low end hardware, and when you’re only charging $35 per device you don’t have much budget to engineer solutions to these problems. I have no doubt that if someone went to the trouble they could make this phone a lot better, but who is going to pay for it?

The original iPhone and first generation Android phones had similar specs, and were not nearly as terrible as this phone, but they were also quite a bit more expensive at launch. The $35 price point is incredible though. That’s the same price as a Raspberry Pi, and the Pi doesn’t come with a touchscreen, battery, cell modem, wifi, or even a case. The CPUs aren’t all that different either, although I don’t know what kind of graphics acceleration the Cloud FX has, if any. The Pi has only barely enough graphics acceleration to make H.264 playback passably fast, so regardless of what the Cloud FX has it can’t be too much slower.


#4

It does sound like the inability to save program data before swapping it out of main memory is a serious defect with Firefox OS, assuming the article is correct about that. My Android phone will sometimes kick me out of a current gaming session if I use other apps for a while and then return to the game, but it never loses actual data.

Which doesn’t excuse all the other problems with the phone, of course…


#5

Here’s something from February

Mozilla shows off $25 Firefox OS based smartphone running Spreadtrum chips

Sullivan described three different Spreadtrum chipsets, but only named one, the SC6821. All will be based on WCDMA and EDGE networks, not faster LTE.

The SC6821 is what’s used in the CloudFX

This certainly puts a different gloss on things-- it puts the blame squarely on Mozilla, not on overly ambitious engineers who put the wrong OS on an underpowered chip.

Spreadtrum claims H264 support in it’s spec sheet, though HXGA isn’t quite 1080p.


#6

The reviewer suggests that disabling JavaScript might be a potential way to alleviate processing power issues.

This is a profoundly bad idea.

JavaScript is part of HTML5 spec. One cannot reasonably expect to browse the web without it. Oh and btw the Firefox OS software stack is entirely HTML5.

Right now about 1% of the web browsing market share has JS disabled. As a developer I am terrified by the idea of a low cost device targeting a huge share of web users but did not support such an integral technology.

It’d be hell to spend all that time making no js hacks to accommodate that.


#7

Not to mention that the dynamic nature of that browser JavaScript is the exact thing that makes every app on the phone run.


#8

Unless one likes privacy and security, I assume? I’m probably not the only one around here who runs NoScript.

It sounds like they mixed up their design criteria. Must have $35 tag, and smart phone, and Firefox. I wonder how the marketing would work if they instead took away all general browser functionality, and just built in proprietary optimized tools - calendar, stopwatch, whatever people use a lot.

Sure, you’d lost out on Facebook, but that’s a net plus for me. Would it be a tradeoff for a suite of tools that work really well, reliably, and cheap enough to hand them out to kids?


#9

I can understand omitting a battery-backed RTC (the RTC chip itself isn’t free, and the battery to back it consumes board space and either requires a socket or is incompatible with wave soldering, so it’s actually not uncommon for cost-constrained devices that are expected to have access to network time to skip this part); but it sounds like there are serious failures to make any software changes to compensate:

Being able to obtain time from the cell tower is good(albeit totally expected); but omitting even the most spartan NTP client (for situations where you don’t have a cell signal but do have wifi) just makes no sense…

Similarly, a failure to assign something like the alarm function to ‘higher than god and coffee’ priority for memory allocation is just nuts.

The sniping about the hardware seemed rather churlish (ooh, the ‘black’ plastic is actually a little mottled, probably because recycled plastics are cheaper… ooh, the phone isn’t 100% fused together with no air gaps; but we aren’t going to test if this makes it more durable…); but damn does the software sound ill-matched to the hardware.


#10

I’m a first-world tinkerer, not the target audience; but this is what had me wondering ‘Where can I buy three?’.

The CPU is a 1GHz Cortex A5, not impressive; but both faster and architecturally newer than the rPi’s sub-GHz ARM11, and you get wifi, a cell modem(not a fast one; but dual SIM), enough onboard Flash that an SD card isn’t a requirement; but the option to add one, plus a touchscreen and case, all for the price of a bare board. The GPU is also undistinguished; but certainly no worse.

I’d be very, very, interested indeed to see what can be coaxed out of the microUSB port(ie. does it do OTG? Can it be made to show up as something other than just charging/mass storage?) and what, if any, serial and GPIO connections might be accessible inside the phone if the case is opened up. Sometimes ultracheap electronics are surprisingly good in this regard, since they don’t give a damn about keeping the user out. Sometimes they are painfully unhelpful, since cost-cutting has left nothing but a couple of BGAs integrated as tightly as possible with absolutely no space wasted.

If the news is at least modestly good on the USB and/or internal headers/pads front, this thing could be one hell of a hacker toy.


#11

Depends what you mean by ‘no script’. Google Chrome’s no-script is focussed on blocking Flash, not javascript, for example.

Blocking javascript is akin to blocking CSS, all it’s going to get you is a less engaging and likely broken internet (I’m pretty sure even using this BBS without JS would be impossible, as it clearly relies heavily on ajax). It’s a core web language.

I’d be interested to hear what threats you believe there to be with Javascript, at least in 2014? 10 years ago you might have had a case, assuming you were using IE 5.5. JS is pretty heavily controlled these days.

The closest thing I can think of that gets close to infringing your privacy or security would be cookies, something more often created using server-side code anyway, and something quite easy to manage without throwing the baby out with the bathwater.

Ironically I can probably think of more scenarios where blocking JS is more likely to have a negative impact on protecting your privacy online.


#12

The tech specs of the CPU in this phone are seriously unbalanced.
On one hand, you have a 1Ghz A5 ARM, making it more powerful than a raspberry pi. But on the other they’ve paired it with an astoundingly tiny amount of RAM, half the amount of the lowest spec Pi, one quarter the RAM of recent versions and as far as i’m aware, less RAM than even the earliest android phones.
No wonder the thing struggles.

Though regarding the clock losing it’s settings when the battery runs out, it’s arguably better than many of the original windows mobile phones, which stored all configuration/user data on a ramdisk which was not backed up to permanent storage. They had a small battery backup, but you risked your phone wiping itself if you left it uncharged too long :wink:


#13

As I mentioned before, the Firefox OS software stack is entirely HTML5. Given that the core technology is a web rendering engine, it’d be quite difficult to go without browser functionality.

Also who would want to buy a smart phone without a web browser? We have that already, it’s called not a smart phone.

In any case. To run on Firefox OS at all, the “proprietary optimized tools” you propose will need to be built out of HTML5, and if they are dynamic at all that’s going to require JavaScript.


#14

He’s talking about noscript, a Firefox addon that blocks Javascript on webpages unless you whitelist it. When I get a machine this is absolutely the second piece of software that I install–only Firefox is first. Yes, you do end up whitelisting a good number of websites, but not as many as you might expect. The big win is that it blocks adservers from injecting code into webpages, which is how most exploits are delivered. Also has cross site scripting protection and some other neat features.

Yes, it is occasionally annoying when you get some site where the content is loaded off of a CDN, which links to another site, which has its own CDN, which fronts for another CDN and on and on. Embedded videos are a common culprit.

I don’t run Adblock, because Noscript removes the most obnoxious forms of advertising already, so you can support webpages that aren’t trying to let the ads take over their website.


#15

This is how Palm Pilots and WinCE devices worked. Flash memory was too expensive and slow back then so everything was just left in RAM and you had to be vigilant about keeping the device charged. Of course back then a Palm Pilot would last a month or more with regular usage on a pair of AAAs, so it wasn’t as bad as you might think. The Blackberry desktop software was designed to reload all of your data if you did mess it up.


#16

Which plugin are you referring to? The noscript plugin http://noscript.net/ runs a whitelist of origins to allow javascript, flash, and other plugins. Since it’s a whitelist, many 3rd party reporting sites will not be able to get your data, provided that they follow the rules for collecting this data. (Don’t confuse this with the noscript tag that provides fallback functionality when certain plugins are disabled.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/noscript)

This is a much older pattern however, and you’ll break single page apps, but for the most part I can see people using noscript for most sites that have content urls.

Traditionally the best reasoning for preventing scripts from running is to avoid xss attacks from executing, and to prevent “clickjacking”, or clicking on elements that you did not intend to (like on a seamless iframe on the attacker’s site). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Scripts can sometimes be obnoxious, but most web developers don’t abuse this.

If you’re ever worried about privacy however, the evercookie should be a fun read: http://samy.pl/evercookie/


#17

Chrome’s No-Script might just block Flash, but on Firefox it actually blocks what it says it blocks, JavaScript. Sometimes that breaks pages, which is okay for some types of users (this one). If the page is too broken, I might whitelist first party scripts (never 3rd). Same with Flashblock, Ghostery, and cookie blocking. I pretty much operate a whitelist only approach. It doesn’t break the internet as much as one would expect, since most sites don’t need all these to be readable, and very rarely do I need to interact with more fancy content (like this forum). More controversially, I also run Adblock as default, white listing only sites I use regularly (like this one), and ads from more “reputable” 3rd parties like Google. I also flush all my cookies (even flash ones) once a month.

People can exploit JavaScript, this has been documented. It also blocks a lot of annoyances, like pop-overs. People can exploit anything, adservers, 3rd party ad rings, really almost any arbitrary code can be used to track you, or infect you.

I don’t know if it works, but I haven’t had any malevolent software issues in a decade.


#18

Thanks. Yea, that story about how Javascript is so harmless and you are less safe without it… I never heard that before today. But I am not an IT guy, I have to go with what I read.

Also, @colinInSpace, did I mention I’m not an IT guy? Maybe it’s impossible to deliver a $35 phone with lots of bells and whistles. Full disclosure: a not-smart phone worked just great for me for a long, long time.


#19

That makes sense for PDAs, less so for the mobile phone versions with ~1day battery life though (I owned some of them at the time :D)


#20

A better equivalent of FF’s NoScript add-on is Chrome’s ScriptSafe.