How to repurpose your old phone into a web server
far.computerRelated ongoing thread: This blog is now hosted on a GPS/LTE modem (2021) - https://news.ycombinator.com/item?id=46049981
Related ongoing thread: This blog is now hosted on a GPS/LTE modem (2021) - https://news.ycombinator.com/item?id=46049981
If the device can run PostmarketOS with a mainstream kernel, then it can run any Linux distribution. (I put Arch ARM on such devices, since I like that distro.)
That's the big hurdle though - mainstream kernel support.
For most devices, even if they can be rooted and jailbroken, you're stuck with the kernel they come with. Doesn't have a new feature you need? A horrible security flaw in the network stack? You're out of luck. Most "repurpose your old phone" approaches have this problem. You can make it a server but you wouldn't want to expose it to the public Internet.
s/mainstream/mainline/
But yes, this is definitely an issue. I've been playing with a 2013-era Samsung device that came with a 3.0 kernel. It can run pmos with said kernel but there are multiple root LPE vulns. I've been looking into getting it to run a mainline kernel just for fun, but it's not going to be easy.
This is the kind of task I've found tools like Codex to be pretty good at. You just have to be able to give it good enough access to test and debug its work.
I note that Linux mainline has a device tree for the "Samsung Galaxy S1 (GT-I9000) based on S5PV210", not sure how complete it is though. Lots of others too:
Is Arch ARM officially supported by the same team? If not, what might be the reason?
x86_64 is the only official Arch Linux. All other ports are unofficial. They are community projects where many of the members are the same as the main Arch Linux.
I think it's basically for the same reason as why they dropped 32-bit x86 support about 8 years ago. Not enough users. (That resulted in the unofficial Arch Linux 32 to maintain support.)
Arch is working to officially support ARM and non x86_64 archs.
https://rfc.archlinux.page/0032-arch-linux-ports/
That RFC says "New ports are added by proposing them in an RFC. At least two package maintainers have to lead a port to ensure it will be developed longer term." but I'm not finding any RFC for ARM support, so can one say work is really officially happening on ARM?
The first step is setting up the project to allow other ports. That it can be done, what it will require, etc.
Once that’s done, then the ports can be submitted.
Look at the maintainers and contributors on the unofficial arm port. Orce this RFC gets accepted, the arm port can propose and figure out how to merge things together.
Yeah, that sounds right to me, and sounds like you're agreeing with me that it isn't yet an official effort, as the RFC hasn't yet been merged, in contrast to what parent claimed.
[dead]
I think the reason is they don't want to become debian where deciding anything takes foverever. Another architecture is a liability, so it lives in another "project" that official arch is not committed to.
I write this from arch on arm (orange pi) thingy, btw
The thing that holds me back from this is always the battery. I want to have my battery removed so that it doesn't eventually become a time bomb, but it's a pain on modern phones and I'm not even sure if they boot without. The mobile hardware reuse space can suck for hobbyists.
Most phones can have battery removed somewhat destructively, but without affecting the rest of the phone.
Generally, as long as you keep the phone plugged in, the battery should be safe virtually indefinitely - the battery management on board will keep it in a state where its a constant charge which means the chemistry will be stable.
There were several generalizations in that statement that align with my similar fears to the OP. Most firmware should minimize the charge cycling, most batteries should be stable at constant charge... most isn't great for something that I want to sit in the corner undisturbed for a decade just chugging along - I have a few old desktops I use whenever I need a stand alone server or to host something web-live for a while. They'll eventually have hardware failures, but I have a lot more confidence that when they fail it won't be dramatic or destructive - ditto with old laptops, the serviceability expectations are much higher than phones so I have yet to meet a laptop I can't pop open and just pull the battery out of to run on AC alone - in the case of a power failure the UPS can't cover I'd rather the machine just power off rather than needing to deal with the possibility of dramatic failure.
I think if you're considering re-harvesting old devices to use for hosting and get far enough down your list to get to phones then you've likely got enough constant maintenance costs in overseeing things that the additional worry of fire risk just isn't worth it.
What makes your UPS any less of a fire timebomb?
Every old hardware needing a fan is also a silent fire risk.
> Generally, as long as you keep the phone plugged in, the battery should be safe virtually indefinitely
What is your source on this?
I've replaced the battery in always-plugged-in iPhone 3 times over 10 years because it was expanding into a spicy pillow.
I too want a way to run phones directly off of USB power, without a battery present.
Go to ifixit.com, look up your phone's battery replacement steps, stop half way through :)
Yeah the first two times Apple did it for me. Then Apple stopped supporting battery replacements on a phone that old, so I ordered a battery replacement kit on Amazon and did it myself, with ifixit.com's assistance.
Never again. I was genuinely shocked the thing turned on once I closed it up. It's one thing to have a conceptual understanding of how tiny the components inside a phone are. It's another thing to actually be trying to seat a plug into a socket with tweezers and just have no idea how you're supposed to tell if it's fully inserted or not.
I agree. But for removing batteries, could not be easier. The ifixit guides are especially good because they warn you of the stuff you could never anticipate when opening glued on cases.
> I was genuinely shocked
Could have been worse -- the sentence could have ended right there...
I'm not educated enough in this area to have any expertise, however, in my personal experience leaving a lithium-ion battery plugged all the time results in scary semi-exploded batteries that also stop working.
Would you say this is a chemistry/QA problem? Have there been advances in battery / controller technology that achieves the above?
Yeah I was about to say the same thing! I leave my steam deck plugged in all the time (it is my main computer) and the battery still popped (valve replaced it for free ofc)
How uh, does one find out about battery problems? I almost exclusively use laptops, and I tend to leave them plugged in most of the time. I don't want a sudden lithium-ion battery fire. Can I detect ahead of time that things are going bad?
(My current machine is a Thinkpad P52 if it matters, but I also use older Macbooks and newer Thinkpads and older Dell machines this way, although they're plugged in less often these days.)
1. Improve longevity by charging Li-Ion only up to 85% of marketed capacity (can be configured at least on Thinkpads).
2. Open up the laptop and check if battery is swollen. After about 10 years, it's also a good idea to replace the CMOS battery before leaking.
3. Without opening, sometimes keys/trackpads don't work anymore as expected. This might be due to swollen battery packs (we had several Dells where this happened).
Of the six old Android phones I have around, two of them I don't dare turn on due to swollen batteries. I guess it depends how old the devices are whether this was a real risk, but I won't leave devices plugged in anymore for this reason.
Depends on your phone. Just has to replace the battery on a generally always-plugged in Moto (at least after a certain age). Battery had pillowed out. It's acting as our "landline" with a link2cell on some old DECT handsets.
if the power resets, the phone will boitloop without a battery?
You could try to fake a battery instead: https://yaky.dev/2022-09-06-smartphone-without-battery/
(This is for a removable battery, but should be close for built-in ones too, I suppose)
> I grabbed a few power point timer switches, and set them to only over up the charger for a hour a day. Never had another battery puffing failure - at last not in the next 2 or 3 years before I left.
[0] https://news.ycombinator.com/item?id=45021233
Place the "server" into a shoebox. Place another shoebox on top, filled with sand. Tape together and hide behind a furniture.
So the phone effectively becomes a 4U rack server that's probably not much of a fire hazard. We'll tuck it away behind some wood for extra safety. Never liked sleeping with my eyes shut anyway!
Then put that in a garage at least 50ft away from your home
Next, fully encase the garage in concrete. Surround it with a ring of jagged concentric spikes and skull symbols to warn future archaeologists.
In theory, you can replace the battery with a chunky enough capacitor (to get past the power-on surge) and a power source at the right voltage attached right where the battery would go. The soldering points are way too tiny for my amateur soldering skills, though.
Check out this method: https://www.youtube.com/watch?v=7f8SliNGeDM
hopefully "bypass charging" becomes more of a thing in the future. a few of the latest pixel phones use it but the only other time ive seen it is on tablets aimed at gaming
Red Magic can be set to not use the battery when the power cable is plugged in. (it is to avoid heating issues and not degrade the battery)
I tried this once a few years ago.. had half a dozen Samsung Android phones running an SSH daemon with some functionality that could be remotely accessed. However, what I learned is that phones generally don't like to run 24/7 as servers. They start giving you trouble after a while, never figured out why.
But I suspect it's just the "always on" nature and the battery. The usage pattern is just entirely different than having a phone in your pocket and using when you need it.
You're welcome to try though, maybe phones got more reliable.
I don't think people generally turn off their phones so it would be interesting to learn exactly what the difference was.
Exactly but I suspect phones last longer when they are in idle/near sleep mode with screen off.
Inspired by this, went to look into how much performance I can squeeze and turns out Qualcomm software practices are so bad that I can’t do much but accept old software.
It sounds like Qualcomm has to do everything from scratch on their hidden Linux software for every new chip.
All my old phones used to become BOINC nodes doing WorldCommunityGrid or seti@home, at least until we got to the point where you couldn't run the phone without a battery anymore. Came home to one too many spicy pillow'd phones even keeping them in a cool area with a rigged up fan blowing on them.
Interesting, I wonder if using a regular sff pc fan might work if you don't need the touchscreen.
Just thermal paste to the battery hah
I do Wigle wardriving with a dedicated cheap phone these days. (Moto G Stylus 2023)
In order to prevent issues this time around I've preemptively removed the back of the phone, and the camera modules so I can have a nice flat phone. Then I bought a heatsink nearly the same size as the phone itself. I've got thermal pads on the SoC which sits lower than the battery and the heatsink itself had thermal adhesive on it pre-applied which is sticking to the battery/phone frame holding it to the phone. No more phone overheating worries and if the battery goes pillowy it should just pop the heatsink up instead of warping the whole phone.
hardcore Wigler right there :)
I have an old iPhone XS lying around with a broken digitizer. Basically, it's recording phantom touch events all the time, making it unusable. Though the screen itself, camera, CPU etc. are all working fine.
Any ideas what I can do with it to give it some purpose?
There is a much easier way to do this without renting a VPS or anything. If you download and install the Localtonet application from Google Play or Termux, it is very easy to do.
Call out to World Wide Web (no affiliation) that sets up a web server on an iOS/iPadOS (€9.99 for PRO, https://apps.apple.com/it/app/worldwideweb-mobile/id16230068...)
This sounds like a fun project. A perfect use for an old android phone sitting in the junk drawer.
Title should be updated to include "unused android phone"
"unused android phone with unlocked bootloader that is supported by postmarkOS"
(or maybe be able to use recovery zip that requires effort after every reboot)
For some reason, I never buy phones that work with postmarketOS :( And I find phone naming confusing, it's difficult to find a used one locally to play with. Is it a Moto Play 2018 or a Play 2020? Trying to get that information from someone on Facebook marketplace is like pulling teeth.
That makes sense. Most phone users aren't technical. Like -- at all.
If you can think about how deep into technicalities the most average person you know gets, then you can also understand that ~half of everyone is even less technical than that.
There's nothing wrong with this. That's just the way that it is. (We can accept this or be frustrated. Acceptance is more useful.)
As a workaround, I find that searching by part number provides a good filter.
Maybe I want a very particular Moto G Power to use for whatever. I don't search for any permutation of "Motorola G Power" at all, because that description doesn't help me.
Instead, I just find the part number (maybe something like "XT2041-7") and search for that instead.
This excludes a lot of listings straight away, and that's fine: I don't want to stumble through listings from people who don't know what they have. I only want to buy what I want to buy, and what I want is an XT2041-7.
Ebay bro, play 2020 was $25 last time i got one. dont mess with fb sellers
It's through this link that I today discovered that a surface RT can run Linux. I think I got rid of mine already. Would have been nice to breathe some life into it
Related ongoing thread:
This blog is now hosted on a GPS/LTE modem (2021) - https://news.ycombinator.com/item?id=46049981
Don't even need postmarketOS.
Simple root, with a custom degoogled rom, and termux is all you need.
"Simple root"
You don't need root if you webserver is listening on a port over 1024.
Termux plus some webserver like nginx is all you need.
Now to make it reboot resistant is another story.
Can't you just run a Linux VM on Android these days?
For some reason I was expecting a RasPi in a rotary phone enclosure.
better of compiling android kernel with docker support and using docker
[dead]
Should be merged with: https://news.ycombinator.com/item?id=46027554
Nothing beats my toaster serving my webpages.
Of course it runs NetBSD
More an exception than a rule these days, sadly.
Though they might still have an edge on toasters.
so once you have a web server on the phone how are you able to make it available publicly on the internet? don't ISPs detect these and ban? are you using wireguard or something like that?
ive been looking to build and serve my own servers and i have been considering to use old android phones to outright racks but the part I am still struggling to figure out is how to serve it publicly without ISP catching on as they require business plans for that and its not cheap
A CloudFlare tunnel?
https://developers.cloudflare.com/cloudflare-one/networks/co...
Although, you may also go with a 5$ virtual host (e.g. Linode Nanode 1 GB) and wireguard to build your own tunnel (or just the 5$ virtual host to run your server)
at this point you don't need the phone :D
i see so just run cf tunnel and ISP wouldn't be able to see I am hosting web apps? what if I am streaming large files (not torrent)? couldn't they see the bandwidths being consumed and then tell me to upgrade to business ?
What kind of an ISP prohibits self-hosting?
Heavily depends on the contract with your ISP, I'm not aware of anything saying you can't use your uplink "commercially" - how one would even define and monitor that?
Yes, an ISP could see that you're using a lot of traffic. But if the traffic is encrypted, they can't be sure what you're doing. Are you a personal user? Or are you a business? How would they know if it's all encrypted?
As for the volume of traffic you're sending, you need to read the terms of your ISP contract, at least a little. Your ISP could have volume limits (e.g. only 5TB of traffic per month), and if you reach those limits, they could temporarily suspend service. But if they can't see what you're doing, and you're within the technical and contractual limits of your service agreement, and you're not causing problems for them, then an ISP is not going to care what you do.
> don't ISPs detect these and ban
No. No ISP who desperately tries to grow marketshare at all costs and lock their customers into a year-long contract will intentionally ban users. I'm not even sure where this misconception comes from, it's not like ISPs led a massive PR campaign warning people of the dangers of running a server.
The only way you will get banned is if you cause disproportionate strain on their network, which means you'd need to exceed the usage of the typical gamer (downloading games worth hundreds of gigs regularly), streamer (streaming 4k video for hours at a time), cloud backup customer (uploading gigabytes regularly), Windows user (in its default configuration Windows can use P2P to share updates), torrenter (sustained full-duplex bandwidth usage), and unlucky idiot with a compromised device spewing DoS traffic at line-rate.
Saturate the pipe consistently for several days by hosting video? Yeah sure you could get a warning and eventually disconnected, assuming they don't already have traffic shaping solutions in place to just silently throttle you to an acceptable level and leave it up to you to move your homebrew YouTube clone elsewhere when you realize it's too slow.
Hosting a website which will have a few mbps worth of traffic with the occasional spike? That's a rounding error compared to your normal legitimate usage, so totally fine.
The reason most consumer ISPs have a clause against running servers (not even defining what counts as a server) is to preempt a potential business starting a data center off a collection of consumer connections and then bitching about it or demanding compensation when it goes down or they get cut off. Nobody cares about a technical user playing around and hosting a blog at home.
Many ISP don't care.
Some may block port 80 and 443 "For Security", but you can sometimes contact the support and they'll open it, even if you're not a business.
I have a webserver running at home and use the free dynamic dns from noip.com.
It used to be easier to get a web server up and running in the past. I remember the 1990s fondly.
Not sure what changed, but things got more complex - and more expensive, too.
> Not sure what changed
IP4 address exhaustion.
Other folks have given general answers, but I'm wondering, what ISP do you have, and where?
(I'm lucky to have Sonic, in the SF Bay Area. A local ISP that actively campaigned for net neutrality and has 1Gps symmetric as the standard basic fiber plan. Pretty sure they're not shutting down anybody's servers.)
> don't ISPs detect these and ban
No? I mean, I'm sure there are ISPs out there that do it, but that's a ridiculous thing to do.
ISPs don't care, actually. They care about operational problems, but you serving a constant stream of web traffic is probably not going to matter to them; web traffic for even a pretty successful blog is going to be a tiny volume compared to you streaming 4k movies from Netflix.
ISPs will have rules (maximum data volume per month) and restrictions (ISP equipment auto-drops all sending/receiving packets on port 25, 80, 443, or 456), but within those limits the ISPs do not care as long as you cause no problems for them.
Also, one of the easiest ways to expose e.g. port 80 of your in-house server is to just have your local server do an SSH port-forward to a remote server like a cheap VPS. Note that by default it'll bind to a localhost port on the remote, so on the remote you'd need to have an HTTP server reverse proxying to the remote localhost:8080, or you need to enable `GatewayPorts: yes` in sshd on the remote. Assuming you turn on GatewayPorts on remote.example.com, here's how you could expose port 80 of localhost:
You can make the above connection permanent by setting up `autossh` on in-your-house-computer.If you're already paying someone monthly to "forward" ports, why not just pay for a blog somewhere? Way more secure.
Cause the server in your house is a lot cheaper to upgrade with more RAM/storage than a VPS. By using a VPS as just a way to make traffic available, you can choose an extremely cheap VPS. It's pretty easy to find places that'll charge you $2 USD/month for a tiny VPS with 1TB monthly data transfer allowances; for $5 you can get unlimited data transfer. There's tons of good deals.
Would this involve "the usual" dangers of someone hacking the in-your-house server ?
Yes, with asterisks. If you're serving static files from your house, the risk of having your server taken over is incredibly low. If you're hosting Wordpress on your home server, that risk spikes massively. So make sure you understand what is and is not dangerous, and of course, only expose the "low risk parts" to the outside world.
A Wireguard tunnel via a free tier or dirt cheap VPS, or a VPN provider that lets you forward ports like Proton
but can't the ISP still see something is up if there is traffic 24/7
Amount of traffic is what matters. Are you saturating your pipe 24/7 for an entire month? Sure, you may have problems. But you'd have the same problems if you were torrenting (let's assume legal torrents here, I am not talking about copyright) or hosting a mega LAN party with hundreds of people streaming their games all at once.
Otherwise, no worries.
Would use less bandwidth than wi-fi cameras that are uploading 24/7.
Don't ISP's just charge per caps on ingress and egress volume?
From your comments it is clear that they don't. Super infuriating. Why should they care what I do with ingress and outgress that I paid for, as long as I am not hurting them.
His comments are based on fear-mongering he read somewhere or an overly-literal interpretation of terms and conditions written to cover the ISP's ass in every theoretical situation possible.
ISPs who enforce data caps already priced it in and technically have an incentive for you to exceed your cap as fast as possible so you pay to increase said cap (they can however still slow down your traffic as they wish, to ensure sufficient capacity for everyone).
ISPs who don't enforce a cap actually still internally enforce a reasonable cap of several terabytes at their discretion. And of course, they can and will use traffic shaping to ensure the integrity of their network so your usage doesn't affect others. If you exceed that soft cap consistently several months in a row they may get in touch, but other than that you're fine.
TLDR: host your server and enjoy. When you get to the scale of the next YouTube, then you have to worry.
Yes, though even though they can see that, as long as it's encrypted they can't know for sure, so as long as you don't cause problems they won't care at all that you're using it for something. In all my years I've never had an ISP complain about constant encrypted traffic, though some ISPs do have general data caps like Comcast.
Why would your ISP ban you?
I can run a web server on a $1 microcontroller, so what?
I use my old phone to proxy serial data to tcp. Also gives me macros and a video/audio feed. But most relevant to this is it has a built in webserver.
As others have mentioned you have to watch the battery if you do this for real.
The battery will swell and explode if you run 24x7 on a phone.
The main question is WHY? I already have a 3570K box running our NAS, plex, Wifi repeater admin, etc, etc, and it would be trivial to put up a web server via python or something.. If I had any need for it.
How do I use your box to host my web server?
Sure, a phone could work - but only if you don't already have another server anyway. The downsides of a phone are probably too much of a pain over a cheap $50 used server.
maybe because phones have a battery (built in UPS) so they will keep running if the power goes out. its only useful if you have a router that can be powered by an external battery pack i supoose