Hacker News new | past | comments | ask | show | jobs | submit login
A mobile phone that respects your freedom [video] (ccc.de)
241 points by Smudo on Aug 27, 2019 | hide | past | favorite | 156 comments

Skip to 20:06 to see the first public images of the actual PCBs that are going to be going into phones!

I'll still be flabbergasted if they actually manage to ship phones within the next 34 days, but they haven't yet admitted that the shipping date will have to change.

EDIT: At the end, the speaker briefly tries to demo the devkit, only to find that it has inexplicably turned off, and she states "it's pretty hot -- power management is still an area we have to work on". I can't wait to receive my Librem 5, but there is no way this is shipping Q3 this year.

One of the things I have started to feel as I read their recent design posts is that the phone will ship but be described as in a basic dev state and not ready for consumer use.

I have written and seen written several posts on twitter at purism that have consistently been replied to as recently as last week saying that pre-orders are still on track to ship before end of Q3.

It makes me feel like the hardware is ready and built and they are working through software management issues like power management before a launch date.

The same thing happened with Openmoko. Neither company focused on a single UI stack, and (last I checked with purism) instead shipped 3+ semi-working UI demos (gtk, qt and enlightenment).

If they focused on one stack, they’d be much more likely to ship solid product, which would lead to revenue. That would give them runway to build support for a bigger ecosystem.

i can't agree enough. i got an openmoko second hand after a friend who got it gave up on it because he couldn't use the device for actual phonecalls and messaging. he was very frustrated and disappointed. i managed, after trying a few stacks to find one that mostly worked (it was the qt one).

i am now using /e/ which tries to add more privacy to lineageOS, and they manage to produce a much more polished experience than raw lineageOS.

it makes a huge difference. things that i was struggling with on lineageOS, like searching addresses and getting directions suddenly work out of the box and if anyone asks for recommendations for a privacy oriented phone i'd point them to the models that e.foundation sells with /e/ preinstalled.

i do hope that someday i'll be able to recommend a purism model too.

Excellent talk. I can't wait for this phone (Librem 5) to be available. Only wish the specs were slightly better (higher screen rez for ex). But the privacy and security features more than make up for that.

I can't see it working unless they support WhatsApp and friends. No network effect means it will die. Unfortunately.

The Librem 5 isn't designed for people who use WhatsApp. Signal and some other actually private messengers should work as they already have official Linux clients.

That said I currently don't plan on buying it, simply because right now I'm not heavily relying on the phone. It is however the first phone released in the last ~5 years that I'd call interesting and unique.

Signal's Linux client uses Electron. I wonder how well it will work on a resource-constrained phone.

Also, Linux signal was missing video chat support the last time I tried it.

In many regions, using WhatsApp is not really a choice.

There was life before WhatsApp. I can confirm there is life after WhatsApp. Join us.

This is one of the problems the Librem 5 is designed to solve.

How? If you are stuck in one of the countries where more than 90% of citizens use WhatsApp, your choices are not to use WhatsApp, or to get an Android or IOS smartphone.

Individuals might be willing to contact you via other channels, but group chats won't move to another platform unless you are dealing with people who actually care about their privacy.

I don't use WhatsApp (can't use it due to not having an approved smartphone, and not wishing to accept Facebook's terms of use), and I miss things. Not a lot, and nothing critical, but my partner and I do miss out on some social things.

> How? If you are stuck in one of the countries where more than 90% of citizens use WhatsApp, your choices are not to use WhatsApp, or to get an Android or IOS smartphone.

So you decide for the former.

That is fine, but it doesn't answer the question how Librem is purportedly solving that problem.

> That is fine, but it doesn't answer the question how Librem is purportedly solving that problem.

By not supporting WhatsApp, it forces the user to solve the problem that he/she makes a very bad decision with respect to his/her privacy.

I fully support that approach, but this effectively means accepting that the majority uses a tool you cannot or will not use. Librem is never going to be in a position with sufficient market share to counter the network effect of WhatsApp in countries that are hooked on it.

Hence my question in response to gregknicholson's statement:

>> This is one of the problems the Librem 5 is designed to solve.

> How?

By providing a coherent set of easy-to-use, privacy-respecting alternatives.

It makes it easier for those who _want_ to switch, but don't have the confidence/skill/energy to figure everything out on their own.

Similarly, Disroot made it easy to switch away from Google, by providing a complete (for my purposes) drop-in replacement; Ubuntu made it easy to switch from Windows.

Quite right, but they still need enough buyers to stay in business, which looking how things in FOSS hardware and software business go, that isn't a guarantee.

> Quite right, but they still need enough buyers to stay in business, which looking how things in FOSS hardware and software business go, that isn't a guarantee.

The problem rather is that many FOSS advocates are not willing to pay a multiple of the money (i.e. they do not put their money where their mouth is). If FOSS advocates were a very financially lucrative clientel, companies would care a lot more for them.

This is because the vast majority of "FOSS advocates" are really "i dont want to pay for stuff" advocates - or to put it differently, what they like is the "Free as in beer" with the "Free as in speech" being a convenient excuse that also allows them to be preachy about their choice despite its shortcomings.

All those people who work in IT / development etc and advocate FOSS, do you really think that they couldn't pay for commercial software if they wanted? I certainly could.

It isn't about "could" is about "would", notice that i wrote "i dont want to pay" not "i cannot pay". After all that money you save on buying XXX is money you can spend on something you actually value.

In other countries, the salaries in the IT/development sector are not that great.

Purism already sells 2 Linux-only laptop models and seems to be fine. Smartphones are definitely a different market, but I think they have higher chances than most past attempts. They're actually selling something unique, which already makes it more interesting than e.g. the Ubuntu phones or FirefoxOS phones back then. And because in theory you could run anything that runs on Linux the app support problem isn't quite as extreme.

I don't think this phone was built for the masses. It's a boutique device offering functionality for a tiny niche audience.

it's a great step toward chipping away at the sad stuff everyone currently pays for

If I can install Signal or use bridges in the Matrix client, I don't see that being a problem.

There’s a WhatsApp bridge?

I haven't tried it, but it looks like it[1]!

1: https://matrix.org/bridges#whats-app

There is but it's powered by Whatsapp Web.

Essentially, you scan a barcode which means notifications are received via Matrix but only so long as your device is on.

If you have a physical server, you might want to opt for a cheap device that can sit next to your server, essentially meaning you're online 24/7

If you use a VPS, notifications will still be forwarded but only work while your phone is powered on. It's not a true replacement for Whatsapp as you still need it running on a device somewhere.

Or stick it into an Android emulator. It uses hardware virtualization extensions and works pretty fast these days.

That is definitely true! I have no idea about the logistics of running an Android emulator headless on a VPS. Maybe you'd have to use VNC or something at first otherwise just host it locally?

To the average consumer it's slower, bigger and more expensive than the alternatives - I suspect that'd kill it even if it had WhatsApp. They seem very aware of both issues though. In the talk their CTO mentions that they see it being used alongside another device. She also mentions they are only making 10,000 units so mass adoption clearly isn't the target.

I think this first version is for getting the infrastructure in place to go on to the next which should be easier to develop and possibly have a bigger audience.

> To the average consumer it's slower, bigger and more expensive than the alternatives

I do not believe that they target the average consumer.

Assuming that community is actually behind them, those 10,000 should sell out as hot cakes.

Then they can focus on improving other stuff.

A collogue worked for Conaonical. Apparently they tried to build a Whatsapp client, but Whatsapp wouldn't let them and insisted they pay them a few million (can't remember the exact figure) to implement a client.

What's "and friends" here? Not everywhere WhatsApp is unavoidably strong, and many competitors can be used on "weird" devices like this.

One of WhatApp competitors, which is quite strong in some Eastern Europe countries, Viber, just dropped GNU/Linux support.

The executable is still there to download, it barely works though.

101 videos from the CCC 2019 ? This is a good day.

CCCamp was last week, I believe.

I surely hope you are not going to watch them all in one binge... :-)

The phone is relatively thick compared to typical modern smartphones, which I assume is primary due to the separation of the cellular radio onto an M.2 card. I wonder whether it would have been possible to avoid this by putting the M.2 card to the side of the mainboard with an edge-to-edge connector, or re-embedding the components into the mainboard. I imagine flattening out the design would also help to distribute heat.

I wonder if they used an off the shelf cellular radio on m.2 card or maybe if they're planning on making it available separately which would be sweet.

Edit: I see the dev kit uses a 3rd party modem, not sure if the final production Librem 5 phone will as well. It looks like the website for the modem they're using that they link from the Purism dev kit page is broken as well.

The phone also has a removable battery (if I remember correctly), removable batteries require a stable frame to keep them from rattling in the main phone body this typically adds significantly to the bulk of the phone.

i hope it materializes; i try to avoid pre-ordering but the quality of their tech updates and blog posts, along with this talk have nudged me into ordering.

thanks for the work you are doing Purism

If you want true freedom, get a Nokia 8110 - I felt a weight off my shoulder using the device. Atleast for the week I've used the device.

Then, life caught on. You can't manage kids' activities, work schedules and your social life without a smartphone these days.

You can't manage kids' activities, work schedules and your social life without a smartphone these days.

May I ask where you live? Or did you mean 'without a computer'?

Works perfectly for me in Western Europe.

My office requires 2fa login. You can set up text notifications but all our documentation mentions smartphone apps. My bank used a smart phone for 2fa, no text or card reader options available. My credit card is app only. Parking in my city is discounted using their app. Real time transport information (bus and taxi) is app only. It’s possible to do without but things are much less painful with a smart phone.

> My office requires 2fa login.

Do they use TOTP? That can be done with a browser extension as well.

> My bank used a smart phone for 2fa, no text or card reader options available.

That sounds rather exceptional, which bank is this? I know one of the twelve or so Dutch banks does this (Bunq, a newcomer), but if any of the larger ones would drop non-smartphone authentication it would run into political trouble.

> My bank used a smart phone for 2fa, no text or card reader options available.

Switch your bank.

Why? TOTP is the one form of 2FA I would want to be the only option, were I limited to one.

In my city you can't park your car in a lot of places with a an app that's only available in the Apple and Google app stores.

Over the past few years cash payments between people have been replaced by something that's also only available as an iPhone or Android app.

I'm sure there are other things. The next iteration of our government's single-sign-on solution will probably also been an app, at which point owning a smartphone will in essence become a legal requirement.

Beyond this model, Nokia builds amazing phones lately. They don't have the best specs so they are only average in tests, but I don't think those are focusing on things that are important, to me at least. They have really good update policies and their Android version is very clean.

OTOH, beware of who's accessing your data [1]. There was more than one incident, if I recall correctly.

[1] https://www.zdnet.com/article/nokia-firmware-blunder-sent-so...

Obligatory mention of PinePhone which

● has a very similar CPU (but at 1.152Ghz instead of 1.5Ghz),

● also runs free software,

● also has hardware kill switches,

● also has USB C with video out

● has less memory (2GB vs 3GB) and

● has a similar screen size and same resolution (720x1440)

● has a 2MP / 5MP front/back cameras (vs 8MP / 13MP w/ LED flash)

● will cost only 150€ (vs $699 - was $599)


This project is clearly still super early days but looks very cool.

It feels to me like these phones have very different audiences.

They've already shipped dev kits (like Purism), and they're building on a platform they already understand (previous ARM boards).

They've also made what I think is the sensible decision to focus on producing open hardware, and leave the problem of software to the community.

Why do you say they have different audiences?

> Why do you say they have different audiences?

> They've also made what I think is the sensible decision to focus on producing open hardware, and leave the problem of software to the community.

That ^ is my guess.

With all those hardware switches, would adding one more for locking the bootloader be a good idea to increase security?

What would realistically be the point of that? Doest that defeat the purpose of "locking" a bootloader, if it can be unlocked with a hardware switch?

I mostly dislike operating devices with unlocked bootloaders because the boot process can then possibly be changed without my knowledge. Ensuring the boot process cannot change without a massive error being thrown helps ensure security of my device. However, it would be nice to easily disable the bootloader lock, make the changes I want, and then just hit a switch and it commits the latest changes. If anything changes in the boot process from the first way it experienced after the physical toggle, refuse to boot until I physically do something about it.

It could protect you against a rootkit.

Hi, I have firmware rootkits (I think they hide on hdds, nics, etc) So if you can help me I could pay you (a little) with criptocurrencies. Email me please nais.thc at gmail.com

or even better : a bios rom

How do they ensure that this modem (Gemalto PLS8 3G/4G) is truly respectful of your freedom?

probably failing to explain this with total accuracy but any chip on the board for which they don't have 100% control of the firmware runs through in isolation through a proxy. The talk mentions the modem firmware as well as some initialization firmware for the DDR4 as being specific problem areas that they had to isolate.

How does it compare to UbuntuPhone?

it has been said various places that the hardware will be able to run Ubuntu Phone. That being said I would guess they are behind Ubuntu Phone in polish but that as a company that has already built a number of FOSS hardware devices they are probably in better shape at a lower system level.

so how do you get a phone number for this phone, do you just buy service / sim card from a regular carrier and then plop it in or what?

Never bought a phone outside of a contract?

i suppose not, so how does it work?

You buy a SIM card from a wireless provider, register your service, and you're connected to that provider's network. Depending on which country you live in, you may be asked to provide evidence of your identity to varying degrees.

For example, to set up my service in Australia, I bought a SIM card in a little packet at a corner store for A$40. The SIM card was from a specific wireless provider (Telstra, in this instance), but it was sitting side-by-side with SIM cards from other providers in the store. It came "pre-loaded" with 35GB of data to use on their network, plus unlimited SMS and voice calling, which was described on the packaging. When I put the SIM in the device I was prompted to go to a website to register my service, where I input a code from the SIM card packet to link the SIM itself. I was asked to provide my driver license number or passport number. I was then able to choose between three pre-selected phone numbers that were displayed on the screen. Click Finish, and my cellular service started working on my phone. Every month I have the option to renew my plan under the same terms, or choose a plan with different terms (more or less GB of data, for instance), or throw the SIM card away and switch to a different wireless provider.

thanks for the detailed reply

You just buy a SIM. Nothing special about it.

and do you have to pay for service from a cell phone company for the voice calls?

When you pay for cellular service, you get a SIM card, which contains everything the phone needs for connecting to the cellular provider's network.


If we ignore prepaid options it really is identical to your current bundle of phone contract plus smartphone loan - minus the loan. You sign the contract, get sent a SIM card and pop it in the phone you bought elsewhere and off you go.

yes, pre-paid or plan.

prepaid = go to quick-e-mart and by recharge/credit when needed. plan = set up payment details through web portal or over the phone.

Actually in Europe for example, most prepaid sim cards also offer setting details through a web portal, and it just automatically takes money off your card on a set date in a month to recharge the SIM.

> do you just buy service / sim card from a regular carrier and then plop it in


I was being downvoted for my comment:

- the modem is for data and not for voice

- they use matrix for calls


"The Librem 5 will be the first ever Matrix-powered smartphone, natively using end-to-end encrypted decentralised communication in its dialer and messaging app."

I recall:

- the modem is for data and not for voice

- they use matrix for calls

(I may be out-of-date)

"What do you need to build a phone?"

The answer forgot to mention software. That was the main problem with the Ubuntu phone.

Kabelsalat ist gesund.

Entschuldigung, was?

The pentagram at the bottom left of the video is an instant deal-breaker for millions of regular folks...

being aware of social sensitivities is a big part of being successful for projects that aim for broad adoption.

What? A regular, upright pentagram?

And also, you know some of us are actually practicing Ritual or Ceremonial Magick, and this is actually a sacred symbol for us?

I'd understand if it was upside down, which is part of the laughable LaVeyan Satanic cult, but I assure you there are likely people you know who may be members of very serious Magical Orders.

I will not mention my specific associations with any of these Orders, but even Freemasonry, which I was involved in for years, if studied carefully, has its roots in Ceremonial Magick.

Their use of the pentagram was highly attractive to me - and, furthermore, funny, and clearly educated in Magick to an extent - the I/O symbol at the top is an adorable nod to that being the node of the Spirit.

I studied and practiced Wicca for years before settling into Buddhism. I've personally got no quams about the presence of this symbol.

but I also have lots of family and friends in rural, conservative, christian USA. I assure you, upside down or right side up... If I tried to show them this video, they would flip out. There would be no talk about privacy or cell phones. All discussion would be hyper focused on the presence of this symbol.

Yes, the would equally flip out if the symbol had been a Star and Cresent (Islam), or Swastica (Hinduism, Buddhism, et. all).

I know this debate isn't new (safe spaces, trigger warnings, etc.) but the only point I'm trying to make is that some people will always find the choice to include any religious symbolism in a technical talk divisive. (which sometimes is fine if we are aware and choose deliberately...)

-- Hopefully I'm allowed brief tangent back on topic - just in case anyone associated with the project/talk notices this post (and grandparent post): I'm super excited about this phone, and as soon as there's concrete data about comparability for US carriers, I would love to purchase one.

> If I tried to show them this video, they would flip out.

Flip out because the Wiccan CTO is using a pentagram, or because the CTO is Wiccan?

I certainly understand the desire to separate religious iconography from technical slides, but I don't think your example has much to do with that.

The pentagram at the bottom left of the video is an instant deal-breaker for millions of regular folks

Yeah, it's a little tone-deaf.

I understand it's meant to be tongue-in-cheek and all that. But if, for example, they used a swastika, even if they were using it in the context one of the dozens of cultures for whom it's a normal symbol, it would still be tone deaf.

A lot of people here are saying it's just a symbol, etc... But if it was a Christian cross, I bet a lot of HN readers would flinch with "I'm not supporting some fundy company!"

> A lot of people here are saying it's just a symbol, etc... But if it was a Christian cross, I bet a lot of HN readers would flinch with "I'm not supporting some fundy company!"

I... sort of agree with you. It's generally desirable to make your products acceptable to everyone you can, and so the decision to include a pentagram is probably poorly calculated.

But on the other hand, the sort of people who would put a cross symbol in the corner of a video are probably for-real fundies, while it's obviously extremely unlikely that anyone involved in the making of this video is a for-real Satanist (in the religious sense of the term). So I think there might be some justification for differential treatment on the basis of this context.

Alright, once again, stepping in here to be clear and specific: in no way is an upright pentagram 'Satanic'.

The upside down pentagram 'symbol of Satan' isn't even the symbol of Satan. It's a symbol of the goat's head of Baphomet, which, yes, is on the cover of the LaVeyan Satanic bible, which, um, claims Satan doesn't exist, and worshipping 'Satan' is ignorant and stupid.

The upright pentagram is used in Ceremonial Magick, in fact, as part of a banishing ritual, the aim of which is to literally banish any negative energies or entities.

It baffles me to think of the upright pentagram symbol as anything but sacred.

>in no way is an upright pentagram 'Satanic'.

Broadly speaking, though I think it does depend on context. For instance, if practicing Satanists have attached a sacrificial victim to an upright pentagram, in order to worship Satan, then even if there may be a symbolic error on their part, that particular upright pentagram could safely be called Satanic and Satan would probably overlook the oversight.

But...Satanists don't worship Satan.

The Church of Satan doesn’t believe in the devil. It doesn’t even recognise ‘Satan’ as a physical or spiritual being. As far as the Church is concerned, there is no such thing as heaven or hell.

And human sacrifice? Like, that kind of thing might happen in the Highest Orders of the Left-Hand Path, the Skull and Bones-type societies George W. Bush was a part of - so conspirators claim - like, I want to be expressly clear that suggesting Satanists make human sacrifices is akin to saying all Muslims are terrorists. Seriously. You're just discrediting a group of people who have enough troubles being recognized as valid to start.

I assure you, I have visited branches of the Church of Satan, and they are actually filled generally with very good people, whose philosophy is mostly that of self-love and not taking any bullshit, combined with the dogmatic practice of Ceremonial Magick.

It just wasn't my cup of tea. I have enjoyed more of what I've seen from Thelemic orders, which do not identify as Satanic.

I know that HackerNews isn't reddit, but I couldn't resist.


The Church of Satan is just a way of selling libertarian humanism to the dissaffected children of middle class Christians, by inverting some biblical tropes and going woo a lot though. I tend to think of actual Satanists to be more like the mental ones found in European royalty during the medieval period.

Hey - not my cup of tea, either, as I said - but I am saying lumping Satanists and human sacrifice together is like lumping Muslims and terrorism together.

Sure, it might happen, in only the most extreme cases, but it's certainly not the norm, and it makes people who try to take their faith seriously - even if, yes, LaVeyan Satanism is simply libertarian humanism combined with, quite honestly, a fairly weak system of Ceremonial Magick, if it makes them happy, let them do it.

I don't agree with Catholicism, either, but I'm not running around saying all priests rape little boys, even though there is far more evidence of that, than actual human sacrifice in Satanism.

I think the clearest distinguishing line that can be broadly drawn, is between followers of theistic and non-theistic Satanism.

The latter do tend towards being the awfully nice people you've been describing, who are always making sure that everyone is fine in the mosh pit.

The former, however, can conversely tend towards the type of person who is far too enthusiastic about the technical details of the blood gutters in their unnervingly large collection of ceremonial knives.

In my years of practicing Ceremonial Magick, in and out of various Orders, and my studies of Satanism, I have never met such people, would consider them an extreme rarity, and again, would draw the Musilms are terrorists parallel.

There are plenty of theistic Satanists I know who are also great people.

One of the clear messages I get from looking at the past couple of thousand years of history is that I should really try and avoid getting hung up on symbols. Also looking to history, it is remarks such as this that will probably lead to that outcome.

That's great if you're Mr. Spock and the rest of the world is a bunch of Vulcans who can control their brains in the most logical way. But human beings create connections in their brains, and the whole purpose of symbols is to create a connection.

If you use a symbol that has a particular widespread meaning, then people are going to think of that meaning when you use the symbol, even if they then figure out what you really mean a second or two later.

That's why companies trademark logos, and why other companies trying to associate themselves with those companies try to make their logos look similar. (Think of all the knock-off Starbucks-themed coffee shops around the world.)

Oh this is fun. I'm going to wait just a little longer...

This section of the comments is... interesting. I wasn't expecting to read about this kind of stuff on HN today. But it's not over-the-top or obnoxious, so it's interesting to learn a little about what other people do/believe/practice.

As to why it became occult, one of my favourite versions is that phi was used for engineering and one of the easiest ways to get phi is to draw a pentagram, but this was a trade secret, so one of the first things you do when drawing plans for a new church is draw a pentagram, measure off phi, then erase it.

This. I learned this, to my amazement, in Freemasonry.

I got a giggle, since it's inverse is the symbol of Baphomet, and all that.

Most of Freemasonry's really useful secrets got revealed during the enlightenment, I suspect.

No, most of Freemaonsry's really useful secrets come from an extreme measure of self discipline, and through the correspondence courses you work through with your Sponsor.

The Rituals of Freemasonry are something millions of people are shoved through, in the interest of what we call 'knife and fork Masonry' - this is the typical image of usually the largest Lodge in your City or Town, where businessmen congregate to drink beer and make connections.

There are few who take Freemasonry seriously for its rituals, and even fewer who choose to make it past the Blue Lodge (3°), and move on to the Scottish or York rites, which can go all the way up to 33°.

The 33rs Degree is basically an honour. There are very, very few of them. When someone tells me they had a friend of a friend who was a 33rd Degree Freemason I just smile and nod.

Freemasonry is about making 'good people better'. How much you get out of it is entirely dependant on how much you put into it.

I don’t mean to be disrespectful but I find this view weird. The pentagram is on the slides for this technical presentation. Millions of regular folks won’t be watching this video I would think. Maybe I find it weird because I don’t place any significance on that symbol, but you’re talking about slides on a pretty obscure talk.

If the star in the bottom corner was a Star of David instead of a pentagram and you said the exact same thing what do you think the response should be?

The same thing?

If you want mass appeal you must appeal to the masses. Using loaded symbology is a good way to torch your hard work.

So that explains why religion, rock music and the dollar never became particularly popular. I did wonder.

Clearly, this phone is not intended for mass appeal, so I don't think this is an issue :)

If you check their website, the symbol isn’t anywhere to be seen (at least, I couldn’t find it)m so its clearly for the CCC talk only. CCC talks aren’t exactly meant for “mass appeal”.

I dont get it, can you explain?

For many people, it's a Satanic symbol and thus they want nothing at all to do with it.

It's clearly not a satanic pentagram but apparently some sort of authors inside joke. Sure, it's based on it, but as you can see there's more elements added https://imgur.com/PxKw5Yw

Throughout history five pointed star or its variations have been used in various cultures, ideologies etc. so I don't see it as a "deal breaker".

That's pretty hilarious, then again I'm not the masses. Still awesome though.

Looks like a ritual to protect against nasal demons.

It’s a CCC talk, millions of regular folks are not going to be watching CCC talks.

Maybe the developers are from Morocco?

(I have no idea, but I've never seen bad association with an upright pentagram)

it's just a pretty design, anything else is rampant superstition


She is the CTO. So, let's rephrase your statement: "If she were your boss, ...."

Honestly I find people more trustworthy if they don't feel the need to dress like Mr. Burns.

It's a tech talk, not a catwalk.

That talk was at CCCamp 2019. I'd say most attendees looked like that.

Not exactly on this topic as it appears to be a hit-piece about the company making the phone. There's been a few hit-piece comments here on HN made by new accounts on other Librem 5 posts too.

Anyway, I'm not an expert about most of that stuff, but they wrote:

> They aren't shipping firmware updates.

Uh... the phone hasn't even been released yet!

They have ensured by design that what remains of proprietary firmware on the phone can't be updated, because they want a FSF Free hardware certification, and that's the only way to get that and have non-free firmware components. Not updateable non-free firmware is tolerated as being "part of the hardware" in a way, updateable firmware is software and required to be open.

Which proprietary firmware?

Parts of the memory interface have been mentioned previously: https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...

Similarly, they seem to have choosen the Wifi and Bluetooth chips as well because they have no downloadable firmware, and the isolation for the baseband probably ensures the same there: https://puri.sm/posts/librem5-2018-09-hardware-report/

If those would have meaningful updates is a good question, and clearly it only applies to some of the firmware, but I suspect that's what the exagerated original claim is based on.

Okay, thank you.

Is there any way to mitigate this if one wants to keep Wifi and Bluetooth?

I guess if one really wanted to be pure then, they could just keep the second (of three, see below) hardware switches off, and even possibly de-solder a connection, to ensure they aren't accidently flipped on.

Hardware Switches:

- cameras and microphone

- WiFi and Bluetooth

- cellular baseband

(When all three switches are off, power is also killed to sensors a la "Lockdown Mode")

> When all three switches are off, power is also killed to sensors a la "Lockdown Mode"

Personally, with all these switches off, I'd still want GPS for offline navigation.

Maybe there are two contacts you could bridge. Are you good with a soldering iron?

this article is probably worth reading.


Purism can't guarantee someone won't try to flash that firmware. so the best solution they came up with was to create a parallel chip to store the firmware they have vetted to be safe and to overwrite the modem or wifi firmware with their version of the binaries anytime a change to the other firmware is pushed through

People: So how much security and privacy will we have on the Librem 5?

Purism: Yes.

If you're going to boil anything, it better be the ocean, eh?

Their mirrors are forcing my mobile browser to open the video file instead of downloading it. That's not very helpful. I'm surprised they didn't offer a torrent for the video, that would actually help me (and help them on costs/mirroring).

EDIT: Another user provided the solution: press-and-hold/long-tap the video in the new tab to get an option to download.

Once I get the Librem 5, I hope to be able to do just that!

He is on mobile ^

Termux is the answer to many problems:)

Hmm... if they're on Android there are apps in Fdroid or Play Store that let you download arbitrary files. Kind of annoying Firefox doesn't have that function

Since this is an article about an Android phone, I realise giving an iOS solution for this may not be that helpful. For anyone using iOS, the Apple Shortcuts app has an action "Get Contents of URL". You can use this to make a shortcut to save the contents of any URL similar to using wget. I often find this useful, and highly recommend the Shortcuts app in general. It's not perfect, but helps add missing functionality.

Been a while since I used Android regularly, but there will be a similar (easier) method for a shortcut to download the contents of a URL.

> Since this is an article about an Android phone

It is not an Android phone. It is built on top of PureOS: https://puri.sm/products/librem-5/

In iOS 13, due to release next month, one will be able to simply tap-and-hold on a link, then choose to download the file. Safari on iOS will finally include a download manager just like the one on macOS.

It's actually an article about a GNU/Linux phone, not Android.

What browser are you on? Safari -> hold touch over link -> Share.. -> Save to files. Or click the video to start playing it and then hit the share -> save to files.

Firefox on Android

let the player open, long tap on the video, click save video

Thank you!

It immediately starts playing for me when I press the download button (Safari on iOS), with the amount downloaded showing in the bar at the bottom like YouTube (edit: and saving it to iCloud Drive through the share sheet works as intended).

I'm not talking about loading/caching, I'm talking about downloading to watch offline later.

Last years camp had a 500Gbps uplink, somehow I dont think they are struggling.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact