
An Interview with Zlatan Todoric, Open-Source Developer and Former Purism CTO - l1k
https://www.phoronix.com/scan.php?page=news_item&px=Zlatan-Todoric-Interview
======
megous
I always wondered why Purism seemed quite secretive around the status of
Librem 5 HW. And it still continues, with the Librem 5's supposed shipping a
month ago - I was interested in people's experiences so I regularly check
youtube's newest videos. Noone has Librem 5 yet, if I judge by that. Yet if
they were actually shipping people would have phones for three weeks already.

Seems like they've bitten off quite a chunk of really hard work, that they
can't finish by themselves, which this article confirms.

It would be nice if they opened up a little about issues they're having. All
they're doing by hiding things is helping spread rumors. For example this one:

[https://www.phoronix.com/forums/forum/phoronix/latest-
phoron...](https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-
articles/1133747-an-interview-with-zlatan-todoric-open-source-developer-
former-purism-cto?p=1133868#post1133868)

It doesn't help, that the rumors seem plausible. From the disassembly video,
it was clear that the SoC has no cooling whatsoever, outside of the thermal
connection to the mainboard. Power management is always an issue with mobile
devices, so that doesn't surprise me either.

~~~
wott
> For example this one:

Those are not just rumours. The CEO said they have to add heat pipes in next
iteration. He also said he had to charge the phone twice a day (and all or
almost all of Lunduke's pictures are taken with a phone connected to the
charger, which is not the easiest way to proceed usually, so we can guess it
is pretty much needed).

Also Purism is aware of the rumour about the theory that perhaps the phone
can't really make calls (the 'In the wild' paragraph in
[https://puri.sm/posts/librem-5-aspen-batch-photo-and-
video-u...](https://puri.sm/posts/librem-5-aspen-batch-photo-and-video-
update/) leaves no doubt about that). And yet they still haven't showed
anything demonstrating otherwise, which would be super easy to do. So they let
the rumour amplify...

------
ocdtrekkie
I'm a bit "ehhh" on someone publishing an interview to trash one of the very
small handful of companies trying to upend the Android nightmare. There's a
lot of value in multiple manufacturers working together to support this
fledgling ecosystem of a true Linux phone.

Though without an assurance I can get it to work on my carrier, I'm hesitant
to drop Librem 5 level money on my first true Linux phone... meanwhile, the
PinePhone sits comfortably in "buy as a second phone for now" territory, and
I'm anxiously waiting to hit the buy button on that one.

~~~
zlatan_todoric
Pine is not overpromising things and is doing more organic growth which will
sustain. That said, I can confirm that I saw Ubuntu Touch running on
PinePhone.

~~~
curioussavage
I think that is fair to say but I was pretty mad at pine years ago when I
bought their first product. There was definitely plenty of hype. They seem to
have learned from that though.

I'm not doubting the things you said in the interview which certainly make it
sound like a difficult place to work but it is easy to see that resentment
colors your perspective. I might feel the same myself were I in your place.

------
teddyh
> _The phone_ […] _will have proprietary blobs_

That statement is hard to reconcile with the fact that the phone is allegedly
compliant with, and is being submitted for, RYF certification¹, which it would
never qualify for if the phone has binary blobs.

1\. “ _And we are compliant with, and submitting for, the “Respects Your
Freedom” certification from the Free Software Foundation._ ” —
[https://puri.sm/posts/librem-5-shipping-
announcement/](https://puri.sm/posts/librem-5-shipping-announcement/)

~~~
gHosts
Where does say Binary Blob end and Compiled to Silicon begin?

For example most CPU's are written in something like verilog or vhdl and
include internal ram on the chip and include a prom with a little bit of code
that handles start up tasks.

From what I can see Librem 5 is a general purpose computer with 2 sealed black
box modem modules.

Yes, there can be any level of proprietary evil inside those seal boxes... and
inside your disk drive controller of your PC.

The question then really is can that proprietary evil control the functions of
your computer.

With the disk drive controller, probably pretty hard, with intel ME, probably
pretty easy, with the Librem modems? My guess is probably pretty hard.

~~~
megous
Yes, all kinds of these isolated controllers can control your computer in a
meaningful way.

Modem can record audio or location and send it out on remote request when it's
powered on. When modem is used to access internet it can add JS code to html
pages and execute code that way.

Touch controller can record touches that look like pin entry (it can observe
touches, and make some guesses about frequently repeated touch patterns after
powerup/wakeup) and replay them after some secret swipe gesture. If UI
patterns are known, touch controller can probably tap information out to a web
page somewhere and hit submit.

Just because there's no direct access to memory, doesn't mean even these
"sealed black boxes" can't affect/use software running on the main CPU via
other channels.

Also if the drivers are not written in a manner that they consider devices
they control hostile, I would be surprised if modem would not be able to
return specially crafted/unexpected messages over USB that would allow for
arbitrary code execution in the kernel or in userland.

------
jancsika
> Cloudflare (which was blocking Tor and users were rightly unhappy with this
> because saying you're a privacy oriented company and blocking Tor access was
> just not right)

 _Huge_ loss of credibility right there.

Me-as-CEO: We're shipping "only dozen or couple of hundred orders per month"
and hemorraging money. We must prioritize.

CTO: Well you currently have no backups whatsoever.

Me-as-CEO: That certainly sounds like a priority. What do you propose?

CTO: Let's move away from one of the largest CDN in the U.S. to accommodate a
potential Tor userbase

Me-as-CEO: Well, it's been great working with you.

~~~
ldng
Then you are a bad CEO not understanding your target audience

~~~
dogma1138
Since you can’t anonymously purchase anything from Purism I don’t think it was
that much of an issue.

People aren’t going to use ToR to purchase a device from a store that collects
PII that defeats the purpose of using it its right there with using ToR to log
into your Facebook account.

~~~
rasengan
Still, using tor will help prevent yet one more data point from being used to
construct a character profile of you.

Between privacy and less privacy, I think the answer is always privacy.

