Check out the Above Phone:
That’s paying a lot of money just for someone else to install a degoogled OS.
1 Like
You are right that you don’t know me.
You are wrong in regard to what I know about software+hardware+privacy.
I’m very well aware. I almost certainly have been aware about such things
long before you became aware and, at least at the software level, probably
know more about it than you do.
I disagree. They are bad in different ways and are not comparable. Purism’s search for profits has resulted in what is, IMO, a company that I should not and will not trust.
1 Like
Its interesting how they don’t know you but you know them.
4 Likes
Your own opinion is always be respectable. Stay for Purism.
1 Like
You might have noted that I said “almost certainly” and “probably”. Also, I’ve paid attention to what they’ve told me about themselves. Thus it was more about an expression of what I know about me vs. what they have told me about themselves:
For example: I'm giving up on the Librem 5
Also another example shows that their concerns started in 2003 and I happen to know my concerns and experience started much earlier than that (e.g. I started using Linux in 1994. My main OS before that was NeXTStep (mach/unix) on the NeXT and SunOS Unix on Sun. I was an early supporter of the EFF in that time frame. I started programming in the late 70’s, which was fairly early vs. most people) . Here’s where they say that their concerns started in 2003:
So I think I was well-justified in my statements. I know you were intending to be sarcastic and dismissive. Again.
1 Like
Ok, lets try a different approach: What do you think about monetization over a behavioural surplus on and over Systems from the Companies i mentioned above and on the opposite purism?
Not fair to say I was being dismissive. Or sarcastic, for that matter, I did indeed find it interesting. Also I think presuming my intent in such a fashion is itself dismissive, so if it wasn’t the pot and the kettle before, it certainly is now.
1 Like
Didn’t I already tell you that I am not interested in discussing @amosbatto? This is not a forum for discussing individuals. Also, you didn’t provide any evidence about his “wrong” behavior, which means you “are spreading misinformation and/or insults”. I saw no misinformation in my references. I expect you to retract, rephrase, or apologize.
I expect that nobody here cares about your personal opinion on individuals. It looks as if you have no technical arguments to defend your point of view, since you go to personal attacks instead.
I know that u/amosbatto and u/Adwaitian were banned from the Subreddit and the same happened with someone else (before adwaitian) defending Purism. I offered proofs that people trying to destroy Purism with misinformation get upvoted and not banned on the Subreddit. It seems you are fine with that, aren’t you? Are you fine with the spread of misinformation as long as you agree with its goals? Now, it’s your turn to show us which accounts spreading lies about Purism also got banned (show at least a few), if you want to present a reasonable evidence that I’m wrong.
One example. Now, you should also provide some evidence concerning the “fake-resells”.
This is only partially true. Yes, you will get the security updates, but AFAIK you will not get feature updates, since the kernel will be very old.
I don’t understand what you mean here. PureOS can be in-place upgraded to a new version, just like Debian.
Did you read my post above? I said that
They do not mention your link when they say that. One cannot reasonably say that it’s an insecure phone without explaining your threat model. One cannot simply say
The OS they use has a near total lack of any systemic overall privacy/security work or privacy/security model
This is completely wrong, it’s misinformation. Librem 5 with PureOS is more secure than a phone with GrapheneOS for me, according to my threat model. I stand by what I said: The wording in the latter quote is disingenuous and suspicious.
Yes, I read that thread and I still have no idea what strcat wanted to say. Did you understand them? Can you explain in simple words, how proprietary drivers can be recompiled, without a wall of text? Or can you link to the soruce code for all free drivers for any single GrapheneOS-supported phone? I see that you are defending strcat a lot, so I expect that you can do that.
I have no idea what that means. Why is Purism not having such problems with Librem 5 or devkit?
4 Likes
I disagree here. It’s easy to spot malicious code in a popular FLOSS, unless it’s very well obfuscated/hidden. Developers of a proprietary software can hide malicious code trivially.
Upd: Also, FLOSS doesn’t mean anybody can submit code to it.
Yes, it doesn’t mean more eyes. However, it gives an opportunity for that. It’s a less strong improvement, but it’s a one nonetheless.
I do not see any evidence for that in the real world. See Windows tracking and seeling your data, its forced upgrades, NSAKEY, Safari spying on Chinese users, iPhone blocking legitimage app upgrades – all of those look like like malware to me.
2 Likes
This is nice OpojOJirYAIG, i follow fsflover in his post and say: No, closed source code, will use the power of the surplus i mention above to leak as much as possible Data from your devices, without paying you and sell your furfural behavior on the Marketplace for that, for more money you will ever spend on Programming or that kind of Product.
We just do not see this on open source, cause we program, copy and compile/use that software, because we can and have a choice. Others won’t have. Cause you get more money if you let someone pay and do it anyway, in cases someone can not proof.
I see fsflover and me in the same situation today… like Shoshana described on her Unfinished 2022, Talk in New York.
In Addition: Its fine Gavaudan, i have a language barrier, so its difficult for me to express complex stuff to convince Privacy2. I think he or she is one of the good people and not payed to set our, spoken as community, project on fire. Like have a future with democracy and computer systems which we use as a tool for daily knowledge, instead as a service guide to push ourself to a more efficient indirect external controlled better Version of us, like the Big Tech wants to see.
I mention 2003 Privacy2, cause this was the time when Google invention, and solve from their view the “How to create Money from our free service” Question, cause in the Beginning nobody wants to pay for Information. Its still here in Germany that most folks do not care about privacy and the mainstream will not pay 2 Dollars for the Service. But its just cause they do not understand where that lead to. I think you are good in programming and have more skill there then i have. However, i think you have missed that step of code in that direction, Cause nobody can Read (alone) 2 Million new Lines of Code, from 2.174 payed Programmers a Day, Google, Apple or Microsoft pay… However Small, simple Code will ever Survive, cause it is transparent easy to understand and still in the wild. Ok just except Bugs. But i think you get the Point. We need a Community to do and understand this and a movement in the next large Classification of “working together Humans”. And everyone needs to hand over that knowledge to the new Generations.
Even if you do not trust or like puri.sm, give them a Chance. Maybe i think back in 40 years - ok it was just a Company paid from the SC Industry to have some alternative, but i think that is not so. And even if we are on different Mind sets right now. We have to work together, or the A.I. on the SC Side will kill us before we invention… like in the Movie of Terminator 2. 
I would like to support your loved Pine Project and GraphenOS, too! And maybe we have to bet on more then one horse, so we should not dispute about it, but push money on more then one, even some will fall. We can not afford to miss that point about free and self programed computers as a tool or be controlled by computers and magic Network … we have to … really! To Design our Future, right now. And an alternative to the SC Systems. Its already a fight in burning world.
1 Like
IMHO I seeing amos batto talking a some wrong things. Most to PP and L5. Anyways i thanksfull Amos for the enormous effort in helping & together.
This is a different threat model than the one I presented, the one I presented was it is harder for a malicious actor to submit malicious code and have that get past the developers.
Changing the context is a dishonest argument.
.
Again, changing the context. Let’s at least have an honest conversation. The argument about whether or not companies spy on their customers is a different conversation and trying to change the conversation is a dishonest approach at best that diminishes the legitimate points you are trying to make.
1 Like
I financially support both Purism and Graphene teams. The powers that (shouldn’t) be will use our disagreements to divide and rule, like Julius Caesar once did with Rome. The fact of the matter is that both teams should treat each other with respect and continue to work in the same vector as they do now. It goes without saying that every individual has unique threat model and its great that the end user now has options to choose between Librem 5 + PureOS and Pixel + GrapheneOS.
5 Likes
I don’t care if you’re interested in discussing amosbatto. You brought him up by
linking to his screed of a FAQ. I’ve had personal experiences with him
and those personal experiences have shown me that his writing is not worth my time.
I linked to plenty of discussions with him as a participant. Some of which he was banned exactly because of bad behavior. That’s proof enough. I owe you nothing.
You asserted “only people who defend Purism get banned”. I showed that your assertion was wrong by giving you an example of /u/jaylittle who was banned at least once (I think twice) for poor behavior toward Purism advocates. i.e. You were wrong. Everything you said, above, is just you deflecting from the fact that you were wrong. Why not just admit that you had nothing to back up your absurd assertion that “only people who defend Purism get banned”?
You’re confused. It wasn’t the assertion that /r/pine64 had “hateful” comments that I cared about, it’s your assertion that those hateful comments was that reason why pine64 created /r/pine64official . I thought I remembered a different reason so I asked you to support your assertion. You still haven’t.
Your link doesn’t support why /r/pine64official was created. You made the assertion, I was just asking for evidence. You still haven’t provided evidence for your assertion.
It turns out that the answer is addressed in the following thread. ( It was /r/pinephone and they were behaving in a way that was contrary to pine64’s interest by badmouthing pine64 (not Purism) [ " Don’t buy a new pinephone from Pine64’s evil communist factories in China. "] ). https://www.reddit.com/r/PINE64official/comments/fxcipk/psa_refrain_from_using_rpinephone/
Feature updates? WTF are you talking about? This is the supported life of GrapheneOS on that device. I don’t care about the age of the kernel as long as it is getting security updates. Also, although I don’t particularly care about kernel version, strcat has indicated that the kernel can be updated. You were in that discussion ( https://news.ycombinator.com/item?id=30761693 ).
[strcat] The reason for using an LTS kernel branch with 6 years of support from kernel.org is stability. Porting forward the drivers to each new kernel release is entirely possible and isn’t a lot of work when it’s done incrementally. Not that many changes are even required.
…
There are already people who have gotten the mainline 5.15 kernel working with the Pixel 6, but from 5.10 to 5.15 there are a lot of regressions, …
… It isn’t better from a security perspective to use the 5.15 LTS rather than the 5.10 LTS, especially with the additional changes backported by AOSP including security enhancements like mitigations, not just bug fixes. It may be a good idea to move to the new LTS branch once it has matured for 1-2 years, but definitely not months after release.
Discussing “security” of the Librem 5 vs. Graphene you said:
I disagree. I think that they have been clear. You criticized them for that … and they
created that link to make sure they were clear. It certainly wasn’t “disengenuous”.
Regarding strcat’s quote (also quoted below), you said:
Who is being disingenuous now? What they said is clear and I think you understand what they said. You simply don’t believe it since you don’t understand how it
can be true. That’s different. And that’s your problem.
I already said that I’m not an expert and I’m certainly not strcat’s keeper. If you want
to understand how it can be true, I suggest you read up on the kernel structure of the android kernel https://source.android.com/docs/core/architecture/kernel (pay attention to the HAL Implementation) and then look at the graphene build structure to see any details in regard to the drivers. Or, as I’ve said before, if you want to question what strcat said, ask him.
But what I will point out is that there is one Purism supporter whose name you don’t want mentioned who repeatedly asserted the opposite and didn’t stop when he was told he was wrong. Burden of proof is on the not-to-be-named supporter … and if he can’t show it, he should stop asserting it as if it’s a fact.
I think the HAL Layer is Software and the IOMMU is good but not perfect. Look at VMware Research Center Quote to this:
Since we see in the past attacks against CPU-Firmware like Spectre,Meltdown and at RAM Data integrety… Rawhammer - i like to see Linux on Smartphones instead of Android. Android have to trust the Drivers more, and with each year and an not open Source driver we will see more wholes and issues.
Not sure if Purism choose the CPU well, cause it used in Cars and more. Its already a target, or if its good cause so many are using it.
As you can read on my Link, the IOMMU set the Kernel at Risk, cause the Driver for your Modem (i think the Mobile Network Provider can Update them remotely**) can steal some Kernel-Pointer and “the device drivers expose sensitive callback pointers, which may be overwritten by a device to hijack kernel control flow.”.
So i like to have the ability to shut down the Modem by Hardware on my Librem5 ;D
(Yes i know i may have an offline Computer without WLAN, or i use a additional LAN or Docking Device. I think its just a step forward. And i hope we have the ability to Monitor Drivers on the Librem5. Even it have to be a black Box due to the have to regulatory.)
Personal i think it make no difference. If some smart Folks with enough Money like to watch you they can, and do. Which is kind of right. I just want to have a reliable phone in times of Cyberworldwar-Hygiene.
And maybe i can make a Back-Up of a 100.000 Dollar worth exploit, just kidding. 
I think the Sound-Card have the ability to make Modem Sounds or receive if the Modem is down…
Oh one Edit: Graphenos use only Google Hardware… that’s kind of sad, even its a low hanging fruit. I just think about that undocumented Micro in Nest-Devices… Just do not get me wrong. Graphenos are some of the good one, too. Would just be better have more Driver developers out there, even if it takes years like on the Linux Desktop.
I think you’ve missed the point, but there’s enough of a communication gap (you’re a non-native speaker) that I can’t even tell.
My bringing up HAL (Android HAL, not GNU/Linux HAL) was in regard to the architecture of the interaction between the kernel and devices drivers for Android systems and was to help direct fsflover to understand how one could update kernels on Android systems as claimed by strcat. As I said, I’m not an expert. However, I don’t have any idea why you mentioned HAL to me … or what your point was.
The discussion of IOMMU in regard to GrapheneOS was not in regard to general DMA attacks. The discussion of IOMMU was in regard to how GrapheneOS can completely shut down transmit/receive requests for devices like the cellular modems, sound processors, etc. There’s
no attack I’m aware of when the whole channel to/from the device is shut down by the IOMMU. Are you aware of any?
Of course it is a separate issue that the IOMMU and memory attacks (DMA or otherwise) are relevant when the modem is “on” for either of the devices. In those cases, having an IOMMU is still arguably a better for isolation (kernel USB stack + IOMMU) than simply (USB2 stack in the kernel). This is discussed in the links below. [I argued *against* this with one of the Graphene devs since I thought USB2 should be safe since there is no DMA. He pointed me to several USB2 --> memory attacks via the USB2 stack. ]
I should note that in regard to all of the other attacks you mention, Pixel+GrapheneOS should be more secure than Librem5+PureOS in general usage. See the previous link from a GrapheneOS dev: https://madaidans-insecurities.github.io/linux-phones.html . Also relevant is the discussion of Linux security in general: https://madaidans-insecurities.github.io/linux.html
As I mentioned above, I’m not sure if it is a language barrier (you’re a non-native speaker) or something else, but I have a difficult time figuring out what you’re talking about and/or whether you even understand the details. In that regard, please let me know if you have a good understanding of DMA attacks and IOMMUs. If so, maybe I’ve missed something. However, I had already seen/read all of the references you provided above before, so unless I’m missing something, I don’t think your link was relevant to me previous discussion about how the IOMMU was used in
GrapheneOS to shut off rec/transmit for the cellular modem.
1 Like
You post a Link to Android Docs and said “pay attention to the HAL Implementation”, that’s why i quote HAL. And you are right, i am just a Hobby Developer. I do just read and compile Code cause of Fun and some kind of have save and already patched Software.
Thank you for be here and take care on free and Open Source Software. Sometimes we need to have a Job and to earn Money for stay living. That’s why purism take this kind of journey. Do not judge so hard about them. I am sorry that i can not express better, about my concerns and why i think that you not understand the S.C, maybe because you work with computers and Turing machines, and do not think that a computer or a Neural Network, can use knowledge about you, to tell you not the truth. Just to nudge you to another direction for own profit and change your behavior to a finite future behavior… for the future behavior Stock Marked.
The issue with the Internet and the self driven Individuals, is that you turn their decisions - you/someone can earn some Money.
Right here, we need to have and understand folks why we not just need this Money or Power from them, cause its sometimes good to have a self controlled future and some individual purposed choose targets to create/be something new.
I just see how TicToc, Microsoft Windows, Android and Google just Nudge people like they want to chance their Mindset. To Vote for X, betray someone who want to hide… cause of Y… …
You know its just about Information. And the World and other have to share their Mindset for truth. … Just. you know in the 2 World War the Nazis are the Bad one, cause you know. And now i am not sure if we, or the System might say that the ugly truth came true. … I am just not sure if this is the Truth. Or just Algorithm.
This is not so easy to answer in philosophy. I think personal: We have to keep privacy for our own, to be able to find an opinion about our believes without too much interruptions. And Time to carve opinions. To commit a lager value to the system. However Internet and Computers accelerate this kind of process.
And i am just not sure if the physical and the informational environment, play’s fair. Or try to nudge ourselves to change the future or way we behave in future.
Its kind of a big Mystery, in Informatics, Mathematic and Biology.
By the Way. I do not trust 3erd Party Algorithm and Drivers, since Shoshana Zuboff teach about that way about how someone else got Money cause the Smartphone, can change over personalized Display Information the behavior of folks. Like an Ad could do in the 1990th.
I think we have reached a new Time cause we lost Data about ourself through that device in our Hands… and yes… we have to chance this for a new century with free and open source systems. So we are here, together.
2 Likes
It is indeed my pleasure to gladly learn from you, to come back here because of your kind thoughts. And thanks for sharing those important/inspiring thoughts of yours here with us!