For a hacker news article, it misses the crucial option - hacking a smart TV! I have LG OLED jailbroken using rootmy.tv, it was pretty trivial. It's basically a linux computer with a huge screen, you can customize it, SSH into it, map any commands to the remote, etc.
Before I only used monitor, simple DP/HDMI input is all I wanted. But being able to take full control of the tv and connect it with other devices in the house I would normally get Rpi for is pretty convenient!
You shouldn't have to hack it, you should have the right to repair the software on your device. Hopefully the Vizio lawsuit will help with that for Linux based devices, signs are looking good though.
You're right, but until the laws change we should be telling everyone how and make these tools better. If we can't change the laws we can make the cat and mouse game too expensive for them to continue.
Plus, I'm pretty confident they are already doing illegal things. On my Samsung TV it wants to force update. There is no decline option, there is no option to turn off updates, only to take it completely offline. There's no way in hell these kinds of contracts would be legal in any other setting. There's no meaningful choice and contracts that strongarm one party are almost always illegal. You can't sign a contract where the bank can arbitrary change the loan on you (they can change interest but they can't arbitrarily charge how that interest is determined. Such as going from 1% to 1000% without some crazy impossible economic situation).
Someone needs to start a class action. Someone needs to push that as far as the courts will go
Agreed. Its not that useful, but I have been collecting exploits here when I see any that could potentially be useful for replacing firmware on devices.
This is just about GPL compliance though (afaik LG TVs are already GPL compliant, or at least, I haven't noticed any noncompliance).
The bigger problem here is tivoization. You can build a fresh kernel from source but you have no way to install it because the bootloader is locked down.
We should really be happy that Torvalds decided to license Linux as GPL software. If it was BSD these discussions would simply not exist, and corporate power over software would be even greater. I would dare to say we would probably not even have an open source scene at all...
In the email you have linked to, he does not support tivoization. He simply says that he finds the term offensive (which is really funny coming from him).
Torvalds has also publicly stated that he doesn't think that tivoization benefits users, but it's not his battle to fight. More info on that topic can be found in the linked YT (linked at the precise time he is answering the question about tivoization, but the whole video is about GPL v2 vs GPL v3).
Because anti-tivoization doesn’t make sense in a software license.
Imagine you make a smart toaster, and you make it entirely out of open source software. You release all the changes you made too, complying fully with the spirit of open source. People could take your software, buy some parts and make their own OSS toasters, everything’s great.
But for safety reasons, since the software controls when the toaster pops, you decide to check at boot time that the software hasn’t been modified. You could take the engineering effort to split the software into parts so that only the “pop on this heat level” part is locked down, but maybe you’re lazy, so you just check the signature of the whole thing.
This would be a gpl3 tivoization violation even though the whole thing is open source. You did everything right on the software end, it just so happens that the hardware you made doesn’t support modifying the software. Why is that a violation of a software license?
This is what makes no sense to Linus, and TBH it makes no sense to me either. Would the toaster be a better product if you could change the software? Of course. But it seems to be an extreme overreach for the FSF to use their license (and that “or any later version” backdoor clause) to start pushing their views on the hardware world.
It makes sense in the context of GPL specifically when you remember that the GPL itself and the entire GNU stack and movement started from frustration with a printer, not a program.
> But it seems to be an extreme overreach for the FSF to use their license (and that “or any later version” backdoor clause) to start pushing their views on the hardware world.
Nothing is stopping the "hardware world" from developing their own operating system. But as long as they choose to come as guests to the FSF/GPL party, partake of the snacks and fill their glasses at the free-refills fountain, they're expected to abide by the rules. The doors not locked, they can leave any time.
> But for safety reasons, since the software controls when the toaster pops, you decide to check at boot time that the software hasn’t been modified.
As arguments go, this is a pretty weak one considering how obvious the solution is: Make the manufacturer not be liable for what happens when you operate the device with unauthorized software.
Manufacturers still may not go for it, due to the potential bad publicity. To go back to the toaster example, if some fancy open source software alternative has a critical issue and causes fires, the news will not report it with nuance. "SmartCo Toaster Fires on the Rise!" will be the headline, not "Niche Modding Community Sets Toasters On Fire, And The Manufacturer Had Nothing To Do With It".
Right, I'm saying I don't think codifying limitations on liability in law will be effective, because it probably wouldn't be absolute enough to satisfy the lawyers. You need a law that actually says "the user must be free to modify the device".
I have a toaster oven in my kitchen. It's a dumb thing with a bimetallic thermostatic switch, a simple mechanical timer (with a clockspring and a bell), and a switch to select different configurations of heating elements. The power-on indicator is a simple neon lamp. (It also certainly has some thermal fuses buried inside; hopefully, in the right places.)
And, you know, it works great. It's simple to operate and (so far!) has been completely reliable.
I can hack on it in any way that I want to. There's no aspect of it that seeks to prevent that kind of activity at all.
What would I hack it to do instead? Who knows, but I can think of a couple of things. Maybe instead of having some modes where the elements are in series, I want them in parallel instead so the combination operates at higher power. Maybe I want to bypass the thermostat with an SSR and use my own control logic so I can ramp the temperature on my own accord and finally achieve the holy grail of a perfect slice of toast, and make that a repeatable task.
Whatever it is, it won't stand in my way of doing it -- regardless of how potentially safe or unsafe that hack may be.
There are countless examples of similar toaster ovens in the world that anyone else can hack on if they're motivated to do so, and very similar 3-knob Black & Decker toaster ovens are still sold in stores today.
And yet despite the profoundly-accessible hackability of these potentially-dangerous cooking devices (they didn't even bother to weld the cover on or use pentalobular screws, much less utilize one-way cryptographic coding!), they seem fine. They're accepted in the marketplace and by safety testing facilities like Underwriters Laboratories, who seem satisfied with where the bar for safety is placed.
Why would a toaster oven (or indeed, just a pop-up toaster) that instead used electronic controls need the bar for safety to be placed at a different height?
> Why would a toaster oven (or indeed, just a pop-up toaster) that instead used electronic controls need the bar for safety to be placed at a different height?
It wouldn't. It's a thought experiment. I even said:
> Would the toaster be a better product if you could change the software? Of course.
The point is, nobody should be compelling you to make your products hackable. If you don't want to, that's your prerogative.
The problem is, before GPLv3 existed, the authors that picked GPLv2 never expressed that they wanted their software to be part of some anti-locked-bootloader manifesto... they picked it because GPLv2 represents a pretty straightforward "you can have the source so long as you keep it open for any changes you make" license. That's what the GPL was. But this whole "Or any future version" clause gave FSF carte blanche to just alter the deal and suddenly make it so anyone can fork a project and make it GPLv3. I can perfectly understand why this would make people (including Linus) very mad.
If an author wants, they can leave out the "or any future version" verbiage. If the author does not, then they are explicitly saying that they want their software to be part of whatever future manifesto the FSF puts forth, including the anti-locked-bootloader manifesto present in the GPLv3.
And that's why Torvalds left out "or any future version" when licensing Linux. So I'm not sure why he's "very mad" (I doubt he actually is?); his software remains on GPLv2 like he wanted.
> The point is, nobody should be compelling you to make your products hackable.
If you want to use my GPLv3 software on your product, then yes, I am requiring that you make it hackable. If you don't want to do that, tough shit. Either do so, or freeload off someone else's software.
You used the thought experiment as the foundation for the anti-anti-tivoization sentiment expressed. If the thought experiment is false, then the sentiment which might rest upon it is without basis.
> The point is, nobody should be compelling you to make your products hackable. If you don't want to, that's your prerogative.
I agree.
Nobody is compelled to use GPLv3 code in the appliances that they want locked-down for whatever reasons (whether good or bad) they may wish to do that. There's other routes (including writing it themselves).
They may see a sea of beautiful GPLv3 code and wish they could use it in any way they desire, like a child may walk into a candy store and wish to have all of it for free, but the world isn't like that.
We're all free to wish for whatever we want, but that doesn't mean that we're going to get it.
> But this whole "Or any future version" clause gave FSF carte blanche to just alter the deal and suddenly make it so anyone can fork a project and make it GPLv3.
This "Or any future version" part isn't part of the GPL -- of any version.
> Each version is given a distinguishing version number. If the Program
specifies a version number of the license which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
the license, you may choose any version ever published by the Free Software
Foundation.
The GPL itself does not in any way mandate licensing any code under future versions. An author can elect to allow it -- or not.
If they specify GPL 2, then they get GPL 2. Not 3. Not 4. Only 2.
Other versions of the GPL are ~the same in this way. (You know where to find them, right? They're easy reads.)
The law compelling you to make your products hackable is called "right to repair". Without this law, if my toaster breaks, my only option is to buy a new toaster. But if I'm allowed to change the toaster, I can fix the toaster.
Products have worked this way since forever. Only since modern microprocessors and cryptography have evil companies been able to deliberately add roadblocks that are impossible to overcome (without replacing so much hardware that you've made a new toaster from scratch) in order to maximize revenue. This is predatory and should be illegal. The only reason I can see that you'd support this, is it you work for a company that makes a lot of money selling new toasters to replace broken ones, and if this is true, your company deserves to be shut down by the government.
> But for safety reasons, since the software controls when the toaster pops, you decide to check at boot time that the software hasn’t been modified.
"For safety reasons" is every single claim. For safety reasons, I want to block the manufacturer's software from doing what it wants. Why do the manufacturer's safety reasons overrule my safety reasons?
> This would be a gpl3 tivoization violation even though the whole thing is open source.
Copyleft has nothing to do with open source. You haven't done everything right on the software end, because the GPL isn't about helping developers. To do things right on the software end, you should keep GPL software out of your locked down device that you are using to restrict the freedom of its users.
> Would the toaster be a better product if you could change the software? Of course.
You just said that it would be an unsafe product if you could change the software. Now you're using the "don't let the perfect be the enemy of the good" trope to pretend that you would of course support software freedom in an ideal, magical, childish, naïve dream world.
> it seems to be an extreme overreach for the FSF to use their license
People can license their software how they want. Is it an extreme overreach for Microsoft to not let you take their Windows code and do whatever they want with it? Why are you even thinking about GPL code when there's so much overreach coming from Adobe? They don't let you use their code under any circumstances!
All of your reasoning is motivated, and I would recommend that people not buy your toaster.
No, actually anti-tivoization makes perfect sense, even in your example, and if you make this toaster then you are simply an evil anti-freedom company.
If you're afraid that modifying the software will make the toaster overheat, then include a hardware thermal fuse. You need to anyway, in case the manufacturer software fails or the processor fails.
The lawsuit is indeed about the GPL, but the right to repair (or at least replace) software really it needs to be expanded to all software. The right to repair movement is often about software-based lockdowns. Hopefully it will eventually result in those being banned.
> RootMyTV (v1/v2) has been patched for years, and your TV is almost certainly not vulnerable.
We recommend checking whether your TV is rootable with another method.
Religiously updating my TV? It has been patched since spring, someone clicking by accident "yes" for the update notice that appears randomly on the middle of the screen in the past 9 months would ruin it. I was religously *not* updating my TV and it still got too new software for the exploit :')
TV manufactories can get the best of both worlds: The people that want smart TVs, get a smart TV. The people that don't want a smart TV, can disable the smart TV features. Manufactors make one model and sell to both market segments.
Why should your preferences impose on the ones that don't want what you want?
I guess the preferred way would be for manufactors to have add a feature where the tv prompts you if you want to enable smart features when you boot the tv for the first time, but it's a bit difficult when manufactors get more money when they have these features enabled by default.
> Why should your preferences impose on the ones that don't want what you want?
The problem is that I can’t have my preference: a TV that comes without (non-essential) software installed.
This means I have no choice but to deal with required updates — or at the very least, an annoying reminder that software updates are needed — for software I never wanted in the first place.
If the software was optional — could be uninstalled, or disabled so that updates weren’t required — then I would agree with you that having all TVs be smart TVs would be fine.
But not only is it not optional, it often comes with dark patterns of imposed privacy violations and/or unwanted ads.
The OP’s solution is to “jailbreak” it with a Linux install, which the average consumer doesn’t know how to do.
Again, is fine for hackers that want to tinker with things, but the whole point of the linked article is that many people are tired of smart TVs and the annoyances that come with them.
A monitor has a processor in it that is running an OS and software. These are digital devices. The nit you're picking is silly.
If you want to buy a bare LCD panel, they're cheap. But you're going to have to add a processor to it that runs an OS (which you're free to write yourself, along with the driver) in order for it to understand any input. All that slapped together is what we call a monitor, or a television.
If you want an analog television, they'll pay you to haul it off from wherever you see it, but you're going to have to add an external computer to it in order to process the digital information that you want to display into waveforms that you can push over coaxial cables.
Not wanting a "smart tv" means people don't want a smartphone for a television, an OS that they don't have any control over. If you want to make up another definition, you're going to have to set limits to acceptable RAM, clock speed, number of processors, and I don't know why you would waste your time doing that. The number, however, will never be zero for any of these things.
It's not necessary for a display to have an operating system.
They make fixed-function chips in factories every day that do stuff like convert video signals from one format to another (including formats that LCD panels can deal with).
Like the TFP401. For illustration, here is one on a board, ready to plug into an LCD panel and use for whatever: https://www.adafruit.com/product/2218
It doesn't run an OS. It's barely even programmable, and the programmability it does have relates only to configuring pre-defined hardware functions. It doesn't have an instruction set. It can't add 1+1.
But it can bridge the gap between a consumer device that produces video and a fairly bare LCD panel. It's a very much a single-tasker.
(Do any of the current crop of consumer-oriented televisions and computer monitors use this kind of simple pathway? Most assuredly not, which is the complaint that brought us here to begin with.
But these pathways exist anyway. It's completely possible to to create an entire video display and house it in a nice-looking package, put it in a retail box, and sell it on store shelves without involving an operating system. It's not a technological limitation.)
Because if you own a TV manufacturing company, you can sell more TVs if they have more features. You can get more features by including a linux SBC and integrating it. In fact, some of the paid-app makers will even _pay you_ for this "real estate". You could make a dumb-tv, but you wouldn't sell as many and you would have to charge more.
Why wouldn't you want it to be a computer? Then it can be connected to your devices AND also do the job itself in a situation where it's awkward to connect to a device.
If already needs a computer in it to drive menus / modern display protocols. Having that computer be powerful enough to also decode content is barely an extra cost.
A rooted piece of trashy IOT is trashy IOT. It's an acquired taste, the excitement of putting a black box insecure linux device on the home network to add to your home infra admin duties.
Rooting gets you additional means to reverse engineer the proprietary software system but doesn't automagically lighten the box.
It's all relative of course, maybe you view anything you can Ghidra as not-black-box. (though this is kind of tangential to rooting - for a many/most devices you can get a hold of the blobs to reverse engineer without rooting anything)
Do you have to upgrade your computer when you upgrade your router?
This entire subthread is not computer-literate. Your monitor contains a computer. A dumb display contains a computer. Your keyboard contains a computer.
You can strip the software down on them so they do nothing but take commands and drive whatever electronics you have attached to them, but it will still be software on a computer. If there's a lot of RAM and a fat processor, like on a rooted smart TV, I might (but not necessarily) make it do a little more than that.
The same reason I don't want anything else in my life to be a computer. A computer is one more component that can fail and take down the whole product. I want my computer to be a computer and that's it.
Modularity and separation of concerns can extend into other domains than software.
For me, it seems so much simpler to keep the two separate. You won't be forced to wash the heating element every time you wash the cup. Can't heat a different cup while the other is in the dishwasher, unless all your cups are self-heating. Normally, the only way for a cup to break is if it shatters, but with an inbuilt heater there's electronics that can break too. And should the cup shatter, now the heater is unusable too, or vice versa.
I have to have a kettle for other purpose (including heating water for other mugs than mine), and no self-heating mug is going to be as efficient as a kettle to heat water.
Furthermore, I also put cold or room temperature liquids in my mug. With a self-heating one, I would be carrying the heating parts for absolutely no reason.
Same goes for a TV.
By keeping things separated, I can decide what I do which each device and manage their lifecycle separately.
If the device reading video files is included in the TV, I can't plug it to another TV or a projector or even take it with me to use it elsewhere.
While I've upgraded three times my video playing device to follow tech evolution, I've kept the same TV to plug them in.
I have a multi-purpose kettle that I can use to boil water, heat the room, cook a small amount of food, or use as a sand battery for when its cold in the desert, where the kettle is designed to operate as long as there is a handful of material to burn.
It is fair to observe a separation methodology, but I also have to say, in some cases multi-purpose devices have their place.
If, say, the self-heating mug involved solar harvesting, I'd put a couple in my kettle bag, for sure.
You can make coffee with a kettle, but if you are making enough coffee often enough, it does make sense to bundle a second kettle into a dedicated coffeemaker, even if you are reducing the functionality of it by doing so.
It's a thing and it's convenient as a smart TV is convenient for people who don't care much.
But as a "power user" of a TV, I want to compose my own setup.
In the same way, "power users" of coffee don't use a coffeemaker. They use things like French press.
(I use instant coffee myself in my non-heating mug so in this comparison I would be the person not owning a TV and watching everything on their phone?)
Arguably the outcome you’d want there is to be able to add your own kettle to the coffee maker, so you can have the best value/option for you if you want it. Want a cheap thing or none? Fine. Want one with remote start and modded temp controls or whatever? Fill your boots. Got a new coffee part but like the existing kettle? Reuse it.
This applies less for some physical items, I know some people are already preparing to explain why it’d be harder to make or dangerous or something but that would miss the point. Computers are incredibly easy to swap out, we already have so many ways of doing that.
Maybe I want a fast computer. None. Maybe I want to upgrade later. Maybe in a year there’s a faster cheaper one. Maybe mine is just fine right now but I need a new screen. Why do I need to bundle the two things together? There’s a simplicity for users unboxing something but there’s not (I think) an enormous blocker to having something interchangeable here.
This provides absolutely zero advantages to the oven or to the microwave. It does cause a lot of stupid, easily foreseeable problems:
- There's only one control panel, and if the oven is currently active, some of the microwave controls get disabled.
- The microwave is awful in various ways -- regardless of whether the oven is active -- which wouldn't ordinarily be a problem, because microwaves are very cheap. But...
- It's impossible to replace the microwave, a $50 device, without simultaneously replacing the oven, a $2000 device.
How about the abdysmal security Smart TVs either have right of the shelf or for certain after they are no longer kept up-to-date? I don't want to worry having my TV act either as botnet or spying device (many come with microphones and cameras nowadays). I rather purchase additional device that has decent security that I can attach to the TV if I need to.
I feel you, that's exactly why I was using only monitors before! I got convinced to go for this as an acceptable compromise with much more control than some proprietary backend.
Unfortunately, they already exist - the M-series smart monitors, made by Samsung (who else?). They made a splash a few months ago when they started showing popups over people’s screen content nagging them to update or register for some service during the normal monitor-like usage
Honestly your best bet is going to be buying a mini PC and hooking it up to any TV of your choice as the only input. Most bespoke hardware is too locked down to make anything like that possible.
I have 2 LG OLED TVs, different sizes. Rootmytv failed to root both of them. I forgot which step and which error it was giving, but I tried everything including factory reset etc. I'm glad it's working for some people.
The first line of the homepage says "RootMyTV (v1/v2) has been patched for years, and your TV is almost certainly not vulnerable.", so that's hardly surprising
What I didn't mention is that I specifically looked for older TV on the second hand market to find a hackable model.
I mean, I didn't wanted to buy a brand new one anyway, it's very expensive and I don't need latest AI features. I found a year old model with firmware that was listed as supported by the jailbreak at the time
I’d do exactly as you did. It’s pity it didn’t work for you. I’m on the market to buy a TV (not hurrying though), so I’m not sure what to do here. I’d like to have Dolby Vision (otherwise why would I want a TV if my computer display is good enough for everything else), so perhaps that worsens things. As otherwise I’d just pick any TV, even FullHD (not 4K), and even not smart (attaching some SBC with Kodi to the back). But ideally I’d prefer to jailbreak it and have Kodi installed without any extra device. Now I’m puzzled whether these lists of ‘compatible’ TVs are trustworthy.
Seems like there is a big opportunity here for something a router distro to combine with a tv jailbreak. How good is the hardware? It would be nice to have my tv serve a couple purposes if it has the hardware to do it.
It's a modest ARM CPU, I wouldn't rely on it for a router but it can run Rpi Hole! Also Home Assistant integration, I use the TV remote to control LEDs/lights around the apartment
I totally forgot about the remote. That really opens up possibilities for home assistant type stuff. I hadn't looked at this space a lot before. I see some articles on how to jailbreak various devices but nothing about standardized distros to put on things out there. Something like dd wrt but for TVs could be pretty amazing. A project that is designed to give you a good interface, is privacy aware and hacker friendly (things that aren't just entertainment like home assistant stuff) would get a lot of interest. There has to be a reason this isn't a thing. I am guessing it is 99% a hardware reason. Maybe that is changing though? Modern devices have to have more capability so I bet the hardware on newer tvs is getting pretty strong.
I don’t know the finances, but I wouldn’t be surprised if their margins are low enough that their profit comes from advertising and data gathering post sale. So all this bloatware and advertising is subsidizing a high quality product and if you can strip out the unwanted stuff you’re probably getting a good deal at the expense of the company
Often what you buy is either all you can afford or all that that has been made available to you. There are plenty of companies, industries even, which refuse to give consumers what they'd prefer simply because it's more profitable for them not to. Too often consumers are left with choosing the best of terrible options or just making due with what they can can.
Can you actually replace the firmware with an open-source, privacy-respecting one? If you're still left running all the same proprietary background "services" and telemetry, I don't see how this kind of hack relates to any of the reasons for preferring a dumb TV.
This “proprietary telemetry” is basically malware, just, it was put on the thing at the factory. Once a system is fully rooted by malware, the least-bad option is to nuke it entirely and install from scratch.
In this context where the locked-down device probably also doesn’t have a fully open source kernel and drivers, this becomes a bit tricky. Better just to use a device that doesn’t have malware on it in the first place.
I’ve been pretty happy with the smart apps on my LG OLED; it’s got the streaming things I want including jellyfin. Really the only one missing is steam link.
My LG C2 hardware isn't powerful enough to stream higher than 60hz at 1080p, if I remember correctly. It also needs a LAN cord for consistency since the tv wifi adapter is not good. Instead I put moonlight on my steam deck and plugged that into the tv.
Oh yeah I’m aware of various “plug in a thing” options, just thinking it wild be nice to have to, particularly if a single controller paired to the TV itself could operate the outer shell as well as Xbox and steam streaming.
I have a no-name brand smart tv and it runs an OS called Tizen, and with a very little bit of googling, you can enable developer mode and install 3rd party apps on it. It probably doesn't solve the "spying-on-you" part, but it is nice to have the option of more apps.
I think the parent commenter is perhaps a little over-selling the LG rooting. It is definitely root, you can write whatever you want on the filesystem (at your peril), and theoretically do whatever you want, but the homebrew exploit launches a bit later in the boot chain than you'd want (so blocking update nags isn't quite reliable), and a lot of the inner system things are proprietary and require reverse engineering to extend.
It's the same system software, just with root capacity.
That being said, there's still a bunch of nice homebrew:
- Video screensavers ala Apple TV
- DVD logo screensaver
- Adfree (and sponsorblock-integrated and optional shorts-disabling) Youtube
- Remote button remapping (Netflix button now opens Plex for me)
- Hyperion (ambilight service that controls an LED strip behind the TV)
- A nice nvidia shield emulator for game streaming from my PC with low latency
- VNC server (rarely useful, but invaluable when it is)
Sponsorblock and remote remapping are killer features for me, and the rest is just really pleasant to have.
What’s the difference between that and just using the LG TV without any of the smart features? Like if you don’t connect it to the internet and only hook up something else through HDMI, isn’t it the same?
How would you block ads on such a TV? The problem is you still cannot connect it to the internet without unknown privacy intrusion... Maybe to the LAN only? But then it's usefulness is still limited.
Before I only used monitor, simple DP/HDMI input is all I wanted. But being able to take full control of the tv and connect it with other devices in the house I would normally get Rpi for is pretty convenient!