
End of Year Librem 5 Update - mikenew
https://puri.sm/posts/end-of-year-librem-5-update/
======
calvinmorrison
2019, the year of an open source phone. I almost can't believe it. I'm super
happy they're not reinventing the entire wheel and are using an ecosystem that
already exists (GNOME). Much of the non librem specific work is being done
upstream which is great.

~~~
dogma1138
An Open Source phone would only be actually beneficial if there will be an
automated transparent and trusted global support infrastructure for it that
would require zero user interaction.

I use an iPhone because it’s the most secure hardware and software combination
you can get and you are guaranteed to receive support for 5> years.

I don’t want to have to compile my own kernels, set up my own chain of trust
or deploy my own patches. It’s too cumbersome which would lead to
procrastination that is if you don’t screw up something in the process to
being with.

Also as far as the hardware goes I have currently more faith in Apple being
able to get and secure its supply chain than a small company which completely
relies on Chinese OEMs for its design.

The baseband will not be open source, it will have to use blobs as such other
than running a more vanilla flavor of Linux I don’t see it being any different
than any phone that can run AOSP.

~~~
yjftsjthsd-h
Strong disagree; progress is progress, and not yet being perfect does not make
it pointless.

~~~
tptacek
Being imperfect relative to the flagship commercial phones _is_ a problem,
because ultimately end-users have to use these things for them to remain going
concerns, and it's hard to see which users are better served by a less secure
phone stack.

~~~
yjftsjthsd-h
That would be imperfection in terms of features, not security. And yes, users
do need to be able to actually do what they want, but the bar isn't that high
and it certainly isn't uniform; some of us are happy with web browser, SMS,
and a shell. Further features will widen the appeal, but for starting out they
seem to be doing fine.

I believe that it is at least an _equally_ secure phone stack vs most Android
(granted, with the root of trust in the user rather than manufacturer, which I
think is a good thing), and only might lose against Apple and Google flagships
thanks to hardware features.

~~~
tptacek
"Versus most Android" is, of course, a dodge, because the Android ecosystem
ranges from comically insecure phones to expensive devices that asymptotically
approach the security of iPhones. Achieving parity with commodity Android
devices doesn't help end-users; every user who uses a Librem device to obtain
that weak level of security has probably been harmed by the project.

This isn't to say that it's impossible to build a device that is _more_ secure
than an iPhone! It isn't. Librem simply isn't doing it; they have other
priorities, including feature parity with modern smartphones. They're not
willing to make the serious tradeoffs needed to get security given their
circumstances.

~~~
yjftsjthsd-h
By "most Android", I mean "everything without a Titan chip". I'm not convinced
that it's meaningfully less secure for anything but targeted attacks by
abnormal skilled attackers. Should be better, if its kernel is better
maintained.

~~~
dogma1138
Considering the plethora of ARM trustzone and bootloader attacks against
Android devices I don't think an abnormal skilled attacker means what you
think it means the average repair shop can extract data from the majority of
android phones today.

You also have successful key recovery/bypass attacks against most non-hardware
backed crypto Android devices as well.

Like Thomas said it's not impossible to build a secure device, it's not even
impossible to build a secure open mobile device but it doesn't seem that they
are doing it.

Their focus is on having feature parity, using commodity hardware and just
having an FSF approved stack. Having an FSF approved stack doesn't make you
more secure by default.

And usability has a great impact on security, I remember the early android
days where getting a file off the device was PITA so myself and many others
were running an FTP server on the phone, and since most of our phones were
rooted im pretty sure it was running as root.

The other side is things like permissions while mobile operating systems
aren't that great still they've began taking application permissions really
seriously going through the Librem documentation I don't see anything that is
even remotely close to the level of granularity that Android and iOS offer
today.

Sure they might add that in the future but the point being is still that there
is little chance that the first phone they launch would be more secure than an
android phone yet alone a modern iPhone in fact I would bet at least one
paycheck that they would be considerably less secure at least initially, and
then it's the question of how they would be able to maintain and support their
platform given their size to begin with.

I don't doubt the intentions of the developers I just highly doubt that
anything they set is even remotely achievable.

------
turblety
The work puri.sm are doing and the way they are doing it is just fantastic. I
really hope they manage to get the phone out sometime this year. If they can
make a project as big as this work, then it could really show the industry
that you don't need to make restrictive, secret, proprietary software to make
a success.

------
aesu7
so some of the "hurt" GNOME used to introduce on major versions will pay off
in user friendliness in a hybrid user story on handheld devices? the long con
! - I wish them luck, the presentations are impressive. So too the kde-neon
folks had a convincing technological argument last I checked them out end of
2018.

Smartphones always were a downer to me. Having flashed some devices and using
f-droid exclusively I sure saw good apps by good folk, but "desktop computing"
always felt friendlier. The slick Apple and Google ecosystems never attracted
me - and with the breaking-news stories on whatnot App SDK had some data
sending somewhere I think the browser is a better sandbox for some companys
and use-cases than deeper OS integration. Not that it is benign, but still.

I'm incredibly thankful to the people driving the GNU/Linux effort and foss
ecosystem, offering their ingenuity for inspection by a wide audience.
Computing got actually simpler as I got older and discovered tools sometimes
made before my time. I never had that feeling with handhels - but this might
change soon.

------
_red
One thing that I think is a strategic mistake, they should've used UBports for
the OS, instead of also developing their custom OS for the device.

This market is too small and fragmented to have the wasted effort. Its
difficult enough to build the open hardware device, no need to split energy /
IQ by also worrying about the OS.

~~~
calvinmorrison
They're not building their own OS, they're building a few apps and dealing
with hardware specific driver issues - but otherwise a lot of stuff is
projects that already existed and needed improvements (which they have done
upstream) or working directly with those upstream projects.

~~~
abrowne
And updating libraries so they can re-use existing apps in a phone context,
like GNOME Contacts and Web.

~~~
eudora
I LOVE this approach. Responsive gnome. It seems essential to me anyway,
allows for tablets and any form factor you like.

That, and they take advantage of decades of work put into GNOME.

Collaboration!

------
4d66ba06
Happy to see lots of progress in this update. Each month I'm saving towards
purchasing the Librem 5 after I hear confirmation that it works on T-Mobile
networks in the US.

~~~
ocdtrekkie
I'm sitting in the same boat, but for Verizon. This blog post actually comes
with some hope, with the specific statement that the SIM7100E is supported.
Verizon has already approved another SimCom chip, the 7500V:
[https://opendevelopment.verizonwireless.com/design-and-
build...](https://opendevelopment.verizonwireless.com/design-and-
build/approved-modules/module/6073)

One could hope that the code used to support the former could be adapted to
support the latter. And as long as the Librem 5 is able to support an already-
approved Verizon module, it shouldn't be a problem to activate the phone on
Verizon.

------
sir_brickalot
Anybody knows if this phone is "fair" as well?

(Eco-friendly/fair worker conditions.)

~~~
Vinnl
It's very unlikely to be. The Fairphone is one of the only phones making an
effort, and it's a lot of work [1] and even then they're still long ways of
from being actually fair. I can't imagine Purism to have the time to invest in
this, nor to do that without even so much as mentioning it.

[1] [https://www.fairphone.com/en/blog/](https://www.fairphone.com/en/blog/)

~~~
acct1771
Indeed. Hopefully one day two projects in these spaces can converge once
they've learned all they need to for each niche.

------
adsche
I'm very compelled to pre-order one but has anybody heard any news about the
touchscreen or the CPU issue? I worry that there is no word on either in the
recent update (like what is being done, what is missing...?)

