@kev @purism

I have to disagree with you in a detail:

"It's privacy focused, but you can get the same buying an Android and flashing Lineage OS"

I think the point is to provide phones that are already privacy-aware without needing to do hackery stuff to it. Normal people doesn't understand what's LineageOS and how in the world are they able to install that in their phones and probably void the warranty.

@sirikon is counter that with, normal people don’t know how to use Pure OS or get any apps installed outside of the basics. The lack of mobile centric apps will likely mean that ‘hackers stuff’ will be required on the Librem too.


@kev @purism

The operating system itself should be good enough in terms of UX to allow users to install any software, and such a thing is expected.

Changing the operating system is way lower level.

@kev I had the same reaction to that "longevity" argument.

This is simply dishonest marketing.

@killyourfm yeah, 100%. Not sure what planet they’re in to think people will swallow that rubbish.

@kev @killyourfm There is one advantage that it has over flashing regular phones ... hardware killswitches!

Why can't someone just do that?!

I'm in total agreement with everything else you said, the will get the crowd that's more concerned with privacy over features.

@kev @killyourfm for 450€ you can get the Fairphone 3, which actually has longevity by having everything user replaceable! And otherwise you have the Pinephone for 150$ with similar specs and hardware switches 😎

So yeah, the 799$ price tag is just absurd 🙃

@kev @purism I do mostly agree with you on the librem5. Wouldn't spend more than 300€ for a phone.

I'm hyped for the pinephone to get mature software. More than reasonable price and a little more pragmatic approach towards the openness of hardware, so there's no need to rebuild everything from the ground up.

Form what I've seen they've got dip switches on the inside to turn off unneeded peripherals for privacy reasons. I believe they're working in the hardware level. Great feature!

@kev @purism not to forget: purisms communication is shit, pine64 is very good on this point.

@dwagenk agree completely. I decided not to mention the @PINE64 PinePhone in the post, as it's still in development at the moment.

Also agree on the poor communication on Purism's part.


@kev @purism you may also wanna add that it lacks default disk encryption, apps run unsandboxed by default, and lacks any kind of boot security.

It litterly sets back years of security advancements made in the mobile space.

@blacklight447 @kev not defending the librem 5, but not sandboxing apps is totally fine if you install them from a trusted distribution. It's only necessary on Android because Google Play is a malware distributor. Debian is not.

@sir @kev there is no reason to not sandbox your apps, why give needless trust to app distributers?

@blacklight447 @kev the trust model works differently on typical linux distibutions. The threats just aren't the same.

@blacklight447 @kev and to answer your question directly: because it's more complex and poorly suited to the unix style. Unix programs don't work well in silos.

@sir @kev just because desktop linux is slacking behind on securiry advancements doesn't mean its a smart idea to recommend to end users to pay 800$ for a device which is significantly less secure the mature platforms. If the librem five was clearly marked to be experimental and should be used with caution, i would be fine with it, but currently thats not the case.

@blacklight447 @kev but it's not less secure. Sandboxing untrusted code is less secure than not running untrusted code in the first place. I'm not a securitybro absolutist like some.

@sir @kev "we can improve a users security by a long shot by providing sandboxing, but we trust the repo maintainers so lets not"

Thats kinda weird logic.

Remember security should be done in depth, if the trust in the maintainers fails, you still have trust in the isolation. Also what about folks who want/need software outside of the default repo's? Dont they deserve protection?

@blacklight447 @kev this is that dumb securitybro absolutism I was referring to. "Better security", at any costs. Everything is a tradeoff, and security does not have an infinite weight on that metaphorical scale.

Folks who want software outside of the default repos have the wrong want. It's like wanting to eat burnt tires.

@sir @blacklight447 @kev

>Sandboxing untrusted code is less secure than not running untrusted code in the first place.

Sandboxing and privilege dropping is just good hygiene. Your image viewer shouldn't be able to read keystrokes from other programs, start new processes, screen-record outside of itself, write to the filesystem, access the internet, etc. You might trust maintainers to be non-malicious, but do you trust all packaged code to act non-maliciously when faced with arbitrary untrusted input?

@sir yeah, I see your point. Lack of local FDE is a big miss though, if that's actually the case.


@kev @blacklight447 I don't know about the defaults, but pmOS supports the librem 5 and has FDE support.

@kev @blacklight447 with truly open phones, the idea of using the stock OS is about as dumb as the idea of using the OS that comes with your laptops. I would expect to reflash any open phone on day one.

@sir @kev but if your not expected to run the stock os: 1. Why do they even develope it in this case?
2. Then it shouldn't be marketed as something normal end users could/should use, but only tech savvy folks with 800$ to burn.

P.s. the librem 5 is still full of binary blobs, so its not even nearly "truly open"

@blacklight447 @kev they might expect you to run the stock OS, but _I_ don't expect you to run the stock OS.

Also, we're not talking about security anymore. For the record, I don't like the Librem 5 for a multitude of reasons. I am not defending it.

@sir @kev thats okay, my opinion on the matter is: if you are a tinkerer who likes messing around with your device, then the librem 5 is just for you, but its just not ready for normal end users to adopt, i would say having default disk encryption enabled is a fair minimum requirement for mobile devices.

@blacklight447 @kev I think you have a lot of work to do if you want to get FDE by default on most mobile devices

@sir @kev i would say thats less unlikely then you think, android has had default encryption since (i think?) Android 5, ios has had it for ages as well. Laptops are more problematic, but atleast mac os and linux have out of the box support(not turned on, but support). Regarding windows, MS need to get their ass of the enterprise throne and allow windoes home users to utilize bitlocker


You strike me as a #qubes user. If someone ported #qubes to the Librem 5 would you consider it?

@sir @kev


My previous guess was based iin your insistence with sanboxing even for a Linux Desktop with well curated repositories such as Debian

@sir @kev

@maryjane @sir @kev well qubes is not a distro that you can port easily, this is because it utilizes hardware features for its isolation, currently it uses intel vt-d and vt-x. Btw yes im a qubes user ;)


@maryjane @sir @kev dunno, you tell me, but porting it would be a massive undertaking , if you were to do that, i would port it to power 9 instead of arm, so you can run it on ACTUAL open source hardware like the talos II :D




"ACTUAL open source hardware"

well if you are going full stallman on this, then I gues syou have no love for the Pinephone as well?

Or was that comment just to spike me ;)


@sir @maryjane @kev well i currently like power 9 more because it atleast has computers which would even be able to run qubes resource wise :p

@blacklight447 @kev @purism doesn't flatpak, assuming it is implemented correctly, offer sandboxing for applications? From what I've read in the documentation the preferred method of software distribution for the librem 5 is through flatpaks.

@vancha @kev @purism currently ( or last i checked) it requires you to either find an already written flatpack policy or write your own, if there is no policy, then it runs uncontained, which is why i said unsandboxed by default.

@blacklight447 @kev @purism ah yeah that makes sense. We'll see if the device eventually gains enough traction for things like this to become standard for an ide like gnome builder or something. Seems like a very valid problem to be addressed at some point.

@kev @purism To me it's a bit like when Dell publically sell Ubuntu on the XPS for over £1300. They are aiming it at a very niche audience. It's why my laptop is a latitude at half the price and I fought hard to get it. My next laptop will probably be a libretrend. I'm looking forward to seeing the pricing on the pine64 myself.

Very interesting write up kev , I had high hopes for the librem5, but recently based on comments scattered about the web , YouTube videos and in some instances the lack of communication from Purism which has spoken volumes in itself , I feel the Librem5 had lost its shine .
I'm holding out for the to make a bold statement when it's ready for the mainstream.

@GreyLinux yeah, I saw Gardner's video last night on the Librem5 - he couldn't even get 4G or wi-fi working on the damn thing. Now yeah, I get it, it's a beta at best currently, but they're claiming the phone has shipped - I would expect it to be able to do the the basics at least.

As you say it's still in beta technically! and as you say the basics should be solid before it's shipped at all , at the very minimum it should work as a phone . I'm not expecting it to be in the same league as android or IOS and I understand that your paying to support a project like this but at that price I would at least expect it to be a contender for Android.

@kev Not only will it be an utter failure, but I hope it is. I don't want Purism being the brand the represents "Linux" they have never completed a projected, continue to sell not-ready-for-market items, and then continue to announce more and ask for even more money.

All I see is a money making scheme that will end up collapsing costing people thousands.

@danarel yeah, I think you're right. I'd much rather were our poster child. They seem to have got the balance right IMO.

@jamesmullarkey @kev I have always disliked Purism laptops. I wanted them to be awesome but a friend ordered one and it was a piece of garbage. He returned it.

@danarel @jamesmullarkey @kev i just listened to @Linux4Everyone podcast w system76 and i really liked their philosophy, might consider them in the future....love pop_os as well

@LPS @jamesmullarkey @kev @Linux4Everyone I’m holding out to see how the upcoming laptops look. I was really unimpressed with the last one I saw in person. I heard they are making huge efforts for higher quality and I’m looking forward to it. They seem like an awesome company

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.