I always wondered why Purism seemed quite secretive around the status of Librem 5 HW. And it still continues, with the Librem 5's supposed shipping a month ago - I was interested in people's experiences so I regularly check youtube's newest videos. Noone has Librem 5 yet, if I judge by that. Yet if they were actually shipping people would have phones for three weeks already.
Seems like they've bitten off quite a chunk of really hard work, that they can't finish by themselves, which this article confirms.
It would be nice if they opened up a little about issues they're having. All they're doing by hiding things is helping spread rumors. For example this one:
It doesn't help, that the rumors seem plausible. From the disassembly video, it was clear that the SoC has no cooling whatsoever, outside of the thermal connection to the mainboard. Power management is always an issue with mobile devices, so that doesn't surprise me either.
Those are not just rumours. The CEO said they have to add heat pipes in next iteration. He also said he had to charge the phone twice a day (and all or almost all of Lunduke's pictures are taken with a phone connected to the charger, which is not the easiest way to proceed usually, so we can guess it is pretty much needed).
Also Purism is aware of the rumour about the theory that perhaps the phone can't really make calls (the 'In the wild' paragraph in https://puri.sm/posts/librem-5-aspen-batch-photo-and-video-u... leaves no doubt about that). And yet they still haven't showed anything demonstrating otherwise, which would be super easy to do. So they let the rumour amplify...
I'm a bit "ehhh" on someone publishing an interview to trash one of the very small handful of companies trying to upend the Android nightmare. There's a lot of value in multiple manufacturers working together to support this fledgling ecosystem of a true Linux phone.
Though without an assurance I can get it to work on my carrier, I'm hesitant to drop Librem 5 level money on my first true Linux phone... meanwhile, the PinePhone sits comfortably in "buy as a second phone for now" territory, and I'm anxiously waiting to hit the buy button on that one.
Pine is not overpromising things and is doing more organic growth which will sustain. That said, I can confirm that I saw Ubuntu Touch running on PinePhone.
I think that is fair to say but I was pretty mad at pine years ago when I bought their first product. There was definitely plenty of hype. They seem to have learned from that though.
I'm not doubting the things you said in the interview which certainly make it sound like a difficult place to work but it is easy to see that resentment colors your perspective. I might feel the same myself were I in your place.
> I'm a bit "ehhh" on someone publishing an interview to trash one of the very small handful of companies trying to upend the Android nightmare.
If it can wash the naivety away from many people's (and customers') eyes when it comes to companies who loudly advertise themselves as different, open, transparent, a breath of fresh air and so on, that's good to take. They aren't any better, neither internally or externally. You find the same tactics, the same opacity as soon as something derails, and the same characters in there (+ a couple of extra hotheads).
I still remember how appalled I was, when the main 2 open-source software companies in my countries spent years suing each other, while fighting like pigs in mud over any possible online platform. How conflicting with their professed PR bullshit that was.
That statement is hard to reconcile with the fact that the phone is allegedly compliant with, and is being submitted for, RYF certification¹, which it would never qualify for if the phone has binary blobs.
That’s not the usual meaning of the term “has binary blobs”; if they’re separated in that way, it doesn’t present the usual problems which “binary blobs” usually means.
You’re arguing that fully Open Hardware is the only acceptable thing for freedom. I’m not saying that you’re wrong, but was this your opinion when your were CTO? Are the Purism laptops all Open Hardware?
I am not arguing anything, I am stating my opinion.
I spent my time in Purism cleaning such false claims about laptops and I was open about where we stand with it. That said, laptops have less issues than modern phones regarding freedom part and people just need to be aware and honest about it and not say "no binary blobs" when actually you will use binary blobs for crucial capabilities of modern phone otherwise you will have a brick in your pocket.
Where does say Binary Blob end and Compiled to Silicon begin?
For example most CPU's are written in something like verilog or vhdl and include internal ram on the chip and include a prom with a little bit of code that handles start up tasks.
From what I can see Librem 5 is a general purpose computer with 2 sealed black box modem modules.
Yes, there can be any level of proprietary evil inside those seal boxes... and inside your disk drive controller of your PC.
The question then really is can that proprietary evil control the functions of your computer.
With the disk drive controller, probably pretty hard, with intel ME, probably pretty easy, with the Librem modems? My guess is probably pretty hard.
Yes, all kinds of these isolated controllers can control your computer in a meaningful way.
Modem can record audio or location and send it out on remote request when it's powered on. When modem is used to access internet it can add JS code to html pages and execute code that way.
Touch controller can record touches that look like pin entry (it can observe touches, and make some guesses about frequently repeated touch patterns after powerup/wakeup) and replay them after some secret swipe gesture. If UI patterns are known, touch controller can probably tap information out to a web page somewhere and hit submit.
Just because there's no direct access to memory, doesn't mean even these "sealed black boxes" can't affect/use software running on the main CPU via other channels.
Also if the drivers are not written in a manner that they consider devices they control hostile, I would be surprised if modem would not be able to return specially crafted/unexpected messages over USB that would allow for arbitrary code execution in the kernel or in userland.
> Cloudflare (which was blocking Tor and users were rightly unhappy with this because saying you're a privacy oriented company and blocking Tor access was just not right)
Huge loss of credibility right there.
Me-as-CEO: We're shipping "only dozen or couple of hundred orders per month" and hemorraging money. We must prioritize.
CTO: Well you currently have no backups whatsoever.
Me-as-CEO: That certainly sounds like a priority. What do you propose?
CTO: Let's move away from one of the largest CDN in the U.S. to accommodate a potential Tor userbase
Me-as-CEO: Well, it's been great working with you.
Since you can’t anonymously purchase anything from Purism I don’t think it was that much of an issue.
People aren’t going to use ToR to purchase a device from a store that collects PII that defeats the purpose of using it its right there with using ToR to log into your Facebook account.
Tbh, it was very easy to slip this one in if someone didn't pay attention as it was integrated with hosting provider at that time. I removed it inside something like month (aka when I got time from other more pressing deals).
I always wondered why Purism seemed quite secretive around the status of Librem 5 HW. And it still continues, with the Librem 5's supposed shipping a month ago - I was interested in people's experiences so I regularly check youtube's newest videos. Noone has Librem 5 yet, if I judge by that. Yet if they were actually shipping people would have phones for three weeks already.
Seems like they've bitten off quite a chunk of really hard work, that they can't finish by themselves, which this article confirms.
It would be nice if they opened up a little about issues they're having. All they're doing by hiding things is helping spread rumors. For example this one:
https://www.phoronix.com/forums/forum/phoronix/latest-phoron...
It doesn't help, that the rumors seem plausible. From the disassembly video, it was clear that the SoC has no cooling whatsoever, outside of the thermal connection to the mainboard. Power management is always an issue with mobile devices, so that doesn't surprise me either.
> For example this one:
Those are not just rumours. The CEO said they have to add heat pipes in next iteration. He also said he had to charge the phone twice a day (and all or almost all of Lunduke's pictures are taken with a phone connected to the charger, which is not the easiest way to proceed usually, so we can guess it is pretty much needed).
Also Purism is aware of the rumour about the theory that perhaps the phone can't really make calls (the 'In the wild' paragraph in https://puri.sm/posts/librem-5-aspen-batch-photo-and-video-u... leaves no doubt about that). And yet they still haven't showed anything demonstrating otherwise, which would be super easy to do. So they let the rumour amplify...
I'm a bit "ehhh" on someone publishing an interview to trash one of the very small handful of companies trying to upend the Android nightmare. There's a lot of value in multiple manufacturers working together to support this fledgling ecosystem of a true Linux phone.
Though without an assurance I can get it to work on my carrier, I'm hesitant to drop Librem 5 level money on my first true Linux phone... meanwhile, the PinePhone sits comfortably in "buy as a second phone for now" territory, and I'm anxiously waiting to hit the buy button on that one.
Pine is not overpromising things and is doing more organic growth which will sustain. That said, I can confirm that I saw Ubuntu Touch running on PinePhone.
I think that is fair to say but I was pretty mad at pine years ago when I bought their first product. There was definitely plenty of hype. They seem to have learned from that though.
I'm not doubting the things you said in the interview which certainly make it sound like a difficult place to work but it is easy to see that resentment colors your perspective. I might feel the same myself were I in your place.
> I'm a bit "ehhh" on someone publishing an interview to trash one of the very small handful of companies trying to upend the Android nightmare.
If it can wash the naivety away from many people's (and customers') eyes when it comes to companies who loudly advertise themselves as different, open, transparent, a breath of fresh air and so on, that's good to take. They aren't any better, neither internally or externally. You find the same tactics, the same opacity as soon as something derails, and the same characters in there (+ a couple of extra hotheads).
I still remember how appalled I was, when the main 2 open-source software companies in my countries spent years suing each other, while fighting like pigs in mud over any possible online platform. How conflicting with their professed PR bullshit that was.
> The phone […] will have proprietary blobs
That statement is hard to reconcile with the fact that the phone is allegedly compliant with, and is being submitted for, RYF certification¹, which it would never qualify for if the phone has binary blobs.
1. “And we are compliant with, and submitting for, the “Respects Your Freedom” certification from the Free Software Foundation.” — https://puri.sm/posts/librem-5-shipping-announcement/
Apparently, if you have blobs separated from main CPU you qualify (secondary processors).
That’s not the usual meaning of the term “has binary blobs”; if they’re separated in that way, it doesn’t present the usual problems which “binary blobs” usually means.
Sure, but for me, personally, if you need proprietary things to have 2/3/4G etc is not freedom, no matter where you put it.
That said, Librem5 is still ahead compared to any Android phone regarding freedom and especially privacy part.
You’re arguing that fully Open Hardware is the only acceptable thing for freedom. I’m not saying that you’re wrong, but was this your opinion when your were CTO? Are the Purism laptops all Open Hardware?
I am not arguing anything, I am stating my opinion.
I spent my time in Purism cleaning such false claims about laptops and I was open about where we stand with it. That said, laptops have less issues than modern phones regarding freedom part and people just need to be aware and honest about it and not say "no binary blobs" when actually you will use binary blobs for crucial capabilities of modern phone otherwise you will have a brick in your pocket.
Where does say Binary Blob end and Compiled to Silicon begin?
For example most CPU's are written in something like verilog or vhdl and include internal ram on the chip and include a prom with a little bit of code that handles start up tasks.
From what I can see Librem 5 is a general purpose computer with 2 sealed black box modem modules.
Yes, there can be any level of proprietary evil inside those seal boxes... and inside your disk drive controller of your PC.
The question then really is can that proprietary evil control the functions of your computer.
With the disk drive controller, probably pretty hard, with intel ME, probably pretty easy, with the Librem modems? My guess is probably pretty hard.
Yes, all kinds of these isolated controllers can control your computer in a meaningful way.
Modem can record audio or location and send it out on remote request when it's powered on. When modem is used to access internet it can add JS code to html pages and execute code that way.
Touch controller can record touches that look like pin entry (it can observe touches, and make some guesses about frequently repeated touch patterns after powerup/wakeup) and replay them after some secret swipe gesture. If UI patterns are known, touch controller can probably tap information out to a web page somewhere and hit submit.
Just because there's no direct access to memory, doesn't mean even these "sealed black boxes" can't affect/use software running on the main CPU via other channels.
Also if the drivers are not written in a manner that they consider devices they control hostile, I would be surprised if modem would not be able to return specially crafted/unexpected messages over USB that would allow for arbitrary code execution in the kernel or in userland.
> Cloudflare (which was blocking Tor and users were rightly unhappy with this because saying you're a privacy oriented company and blocking Tor access was just not right)
Huge loss of credibility right there.
Me-as-CEO: We're shipping "only dozen or couple of hundred orders per month" and hemorraging money. We must prioritize.
CTO: Well you currently have no backups whatsoever.
Me-as-CEO: That certainly sounds like a priority. What do you propose?
CTO: Let's move away from one of the largest CDN in the U.S. to accommodate a potential Tor userbase
Me-as-CEO: Well, it's been great working with you.
Then you are a bad CEO not understanding your target audience
Since you can’t anonymously purchase anything from Purism I don’t think it was that much of an issue.
People aren’t going to use ToR to purchase a device from a store that collects PII that defeats the purpose of using it its right there with using ToR to log into your Facebook account.
Still, using tor will help prevent yet one more data point from being used to construct a character profile of you.
Between privacy and less privacy, I think the answer is always privacy.
Tbh, it was very easy to slip this one in if someone didn't pay attention as it was integrated with hosting provider at that time. I removed it inside something like month (aka when I got time from other more pressing deals).