I’m curious why you are expending so much effort in a Purism forum to troll people that ACTUALLY have a vested interest in the project, when as you stated you do not. Like literally the definition of a troll. I don’t get it, please enlighten us.
3 Likes
Great response.
As I mentioned at the start, but I’ll underscore now. The only reason that I used the phraseology of “Purism fans refuse to remember” is that the OP used the phrase “Graphene OS fans just refuse to remember”. I find that assumption offensive and I wanted to demonstrate how one could be offended by using it "in kind*. Of course I assume that most Purism fans do know those things about the Librem 5.
The link you provided is a link to an FAQ written by amosbatto. I’m not at all a fan of
amosbatto. The Graphene OS dev has repeatedly told amosbatto that he was incorrect about some/many of those assertions in regard to GrapheneOS. amos reacted poorly IMO and in the moderator’s opinion and got a one month ban from the Purism subreddit.
Specifically the assertion that “you can no longer upgrade your Linux kernel” is not
necessarily true. The GrapheneOS dev asserted that the drivers could absolutely be recompiled to support another kernel —> that said, he also indicated that Graphene would not want to do the work to do so (they want to work on Graphene features and not provided
long term support).
My point was different. It was the same point as the intro. I absolutely hate it when
Purism fans assume that non-fans don’t understand HW, Software, firmware, Free Software and such. I’ve been using Linux since late 1994 and became aware of Free
Software around the mid-to-late 80’s. I can understand Purism and dislike them even
though they are FOSS friendly.
My point was that if you take out the cellular modem, you have a tablet and not
a phone.
That said, there are tons of tablets that can run exclusively free software (modulo firmware
and maybe the wifi driver). De-googled android ones are plentiful, but you can also
find GNU/Linux one’s too. Duck-duck-go it.
Yes. Which is why you would want to use an Open Source OS like Graphene, right?
If you’re talking about cellular modem and wifi, I can use a faraday bag.
If you’re talking about trusting software, currently the security of PureOS is much lower than the security of GrapheneOS on a Pixel6. It’s not even close.
You can’t run GrapheneOS on a Librem 5 because GrapheneOS requires specific
IOMMU support. The Librem 5 does not have that support.
Yes I gave an example with the WiFi because I wanted to show the principle and not to strip every possible attack vector.
I don’t agree that the arguments against the isolation in Graphene OS don’t hold water.
I just don’t trust the hardware. That’s it. I can trust Graphene OS, but I don’t trust the hardware below it.
I don’t trust that a Google pixel is really offline when I want it to be offline. It might be. It might be not.
2 Likes
My first point sounded offending precisely because as we see you don’t accept that I would just never accept a Google Pixel with Graphene OS as the solution. No matter how many words are written.
I will always accept and praise its merits. It is a great solution for many people. But not my product.
If you put Graphene OS on a modern Sony Xperia, I would buy it.
(It would still not offer the option to throw away the modem, but at least it will not be made by Google in China).
P.S. I would recommend Graphene OS to other people who seek alternative to Android and iOS but would not be satisfied with Librem 5.
2 Likes
You don’t trust that the IOMMU functions as specified? We’re not talking about a software-controlled-power-switch here. We’re talking about an IOMMU which is made be a different company (Samsung) and it controls interaction between each device and the DMA bus (the IOMMU has an open source driver xynos-iommu.c). You’re aware that this IOMMU is used in other devices and that, perhaps, those device makers have tested it?
That’s fine if you understand what you’re saying. I’m just trying to see if you’re going that far and you know what that means, because that seems way out there to me.
Graphene + Pixels just terrible choose. I know that opensource-android fans will defend.
Librem 5 is the king for gnu+linux.
3 Likes
I have not investigated the topic on this technical level. My comment is based on the pure philosophy that the hardware might not behave as claimed.
I will take my time in the future to do a deeper dive into the topic.
1 Like
I prefer to use the courtroom and Congressional hearing phrase: “I don’t recall.” Keeps me out of trouble.
1 Like
Plausible deniability, good call.
Seriously, why are you here? You’re shilling other Foss phones in a purism forum and you have stated that you will not be getting a librem 5. What are you hoping to achieve?
1 Like
I read some of those discussions and I did not understand most of the arguments from the GrapheneOS developers. They are simply too technical, unclear for non-professional like me and the developers are often going to personal attacks. On the other hand, @amosbatto’s writing style is pretty clear and he always provides a lot of references to backup his claims. He also accepts it when he’s wrong. I never saw the latter from the GrapheneOS team. By the way, this is not our first discussion on this topic.
You mean that place where almost everyone doesn’t understand how Librem 5 works / delivered, spreads falsehoods about it, searches every tiny opportunity to destroy the image of Purism (even when these are totally misplaced and wrong claims)? All such posts get upvoted, but only people who defend Purism get banned.
By the way, the Pine64 subreddit was also quite hateful they say, so Pine64 created their own official subreddit.
I have no idea how proprietary drivers can be recompiled by the GrapheneOS team, could you provide some details? Even if it’s technically possible, this is irrelevant, because the actually important thing is upstreaming, otherwise support gets impossibly tedious very quickly. Only Purism is doing it on a big scale AFAIK, and soon LIbrem 5 will work on the mainline Linux kernel.
This is a deal breaker for me. I do not want to buy and reconfigure a phone every couple of years. I care about the nature and about my time and freedom to run what I want (e.g. mainline kernel). Also, it’s suspicious to me that GrapheneOS developers come into every Librem 5 discussion with claims that it’s not a secure phone. It’s disingenuous, because it depends on your threat model.
You are certainly entitled to your opinion, but you should tolerate that others have different opinions.
Consider my threat model: I assume that my smartphone’s software might be compromised. I need to attend some private meeting and talk to sensitive people, and I want to be sure that it’s a private talk. I also want to be able to call emergency if needed. With Librem 5, I can just use the kill switches.
I expect to use the smart card to access my email without leaking the password; can I do it on GrapheneOS?
I expect to run the same software as I do on my desktop, without learning or relying on new tools. I want to be sure that the manufacturer of my hardware is on my side, not trying to put me into a walled garden for their profit. You can read more reasons in @amosbatto’s FAQ. I agree with all those points. If you have any arguments against them, I would be interested to see them (and not arguments against @amosbatto).
With GrapheneOS I have to trust the hardware from China or software from Samsung and Google. You should understand that these companies and country have a huge incentive to track me, because this is how they earn their profits. Purism doesn’t. Follow the money.
In summary, my my criteria for the phone are the following: lifetime support, mainline kernel, desktop software, FSF endorsement, control by me, no walled gardens or planned obsolescence and so on.
This is disingenuous. I can’t run GrapheneOS on a Librem 5 because GrapheneOS chose not to support it. I would be fine with less security without IOMMU but with more freedom. Why do I have to follow your own threat model? The GrapheneOS promotes hardware that I cannot trust and intentionally excludes hardware which I prefer. For this reason alone I will never use this OS.
Having said that, I agree with
and I did recommend GrapheneOS to some people whose threat model is more in line with it.
@raenrfm
To save people from the danger that Purism is? 
4 Likes
I remember the Watergate hearings. My jaw dropped at the repetition of “I do not recollect.” My thought was that they had “brains of Swiss cheese” rather than a strategic ploy to keep themselves from going to jail – but I recognize now that I was young and naive.
1 Like
With PureOS on the Librem5 I have to trust the hardware from China and software from Purism, Debian (let’s face it Purism isn’t reviewing every line of all the projects in the Debian repository they pass through), Mozilla, OpenBSD, and countless other developers with varying incentives and goals.
And before the “oh well you can review the source because it’s open and available, you don’t have to trust it” no… I cannot. That is infeasible to learn the skillset and actually review in any meaningful way in my lifetime, I have other time commitments as do most people. We have to trust others, and it’s OK for people to have to trust others including trusting open source OR closed source. Not everyone’s threat model includes samsung/Google as threat actors and some might argue the more entities you have to trust the less they trust it.
And the argument that open-source allows for more eyes on it therefore its more secure I find inadequate when you see things like the OpenSSL vulnerability that existed for years basically because nobody bothered to actually look at a section of the code (yes an oversimplification for brevity but not so oversimplified as to invalidate the point). The more accurate viewpoint, from my perspective, is that OpenSource allows for more eyes therefore its more likely an issue will be resolved quickly once announced, but it also invites complacency in that “everyone else already looked at this so I don’t need to”. Just because someone else could doesn’t mean they did so you’re trusting if you’re not actually reviewing it yourself, and most people just don’t have the capability in knowledge to do that review in a meaningful way.
1 Like
This is a fundamental problem. In theory open source software can be audited. But the difference between theory and practice is always larger in practice than in theory.
Software developers cost a lot of money so I guess quite a lot of stuff in the open source world is not as perfect as in theory just because people had no time and budget to audit as much as needed.
Btw. if I was a state level actor wouldn’t I dedicate time and money to create backdoors precisely in the hardware that is often used by people who try to be more private or anonymous? So Google Pixel would be most likely the number 1 choice for the state to tackle as it is beloved choice for all Android forks. Others are less interesting because of lower numbers.
1 Like
Yes, you cannot. This has nothing to do with you personally. It’s about the community and scientific method. Any person can independently verify the free software (or pay someone to verify) and ring the bell. Anyone who found a bug can spread the knowledge about it and anyone who has incentive can fix it and distribute the fixed version. In this way you do not have to blindly trust the companies but the whole community is able to verify all relevant claims. This provides no guarantee of perfection but it shifts the trust from one single entity seeking profit by all means to the community in which the members can have completely different incentives, including fame, curiousity and usability/security of their own devices.
Such approach makes it much harder and more dangerous (to the company) to hide backdoors in the hardware or software. See also my other reply to you on a similar topic. Transparency is the key.
Same as above: This hardware has open schematics, which “everyone” can check. Also, you can buy Librem 5 USA if you trust China less than USA.
You are saying this as if trusting FLOSS and proprietary software are the same things. They are completely different trust models. For-profit companies pursue profits, which do not necessarily come from good security or privacy. For this reason, I generally do not trust closed software whenever I have a choice.
I never said otherwise.
There is some logic in it, and I would agree if all else would be equal. However here you ignore that you compare many non-profit entities providing FLOSS and single for-profit entity working in secrecy. Consider Intel as a good example why it does not necessarily lead to a good security.
This is a strawman. Nobody ever said that FLOSS provides perfect security. We say however that hiding backdoors is much harder in FLOSS than in closed software. We still don’t know what every Intel CPU runs with unlimited privileges.
2 Likes
My personal experience with amosbatto is that he seldom accepts when he is wrong.
The underlying issue is that amosbatto inappropriately shifts the burden of proof.
While the burden of proof for an assertion is on him and he should retract if he
can’t back it up, his MO is to keep the misinformation there until a ridiculous amount of
contrary information is provided to him. It’s frustrating, hurtful and wrong.
Your reference to “personal attacks” is simply Micay voicing exactly the issue I’ve
had with amos. He presents misinformation as facts and doesn’t retract/revise even
when he’s told it’s wrong and/or even defamatory.
It’s just not true. You asserted that as a fact, but you’ve offered no proof.
Retract or rephrase. I know of someone (who is on this forum; jay little) who also
has had temp-bans (at least one, probably more) from that subreddit.
Ask yourself why would you assert something as fact when you don’t know it’s a fact.
I’m serious here. I expect you to retract, rephrase, or apologize.
IMO amos was out-of-control when he was banned. I’m glad he was.
I thought that the reason for the pine64official subreddit was due to scams regarding fake-resell of pine64 products and wasn’t due to issues with Purism basing.
What evidence do you have for your assertion?
That’s fine. Of course the Pixel 6 will have 5 years of support. To many people that’s
sufficient.
In terms of reconfiguring: I hope you’re aware that since there are not OTA updates
for PureOS, that you’ll probably being having to wipe+reconfigure your phone when
you update versions anyway.
In terms of security: There is a dependence on a threat model, but that doesn’t mean anyone was being disingenuous. Thankfully, as I’ve already linked, they specified exactly what their security concerns are: https://madaidans-insecurities.github.io/linux-phones.html
I only come in and comment like this when I think people are spreading misinformation and/or insults. Echo chambers are ugly.
Perhaps I’m misinterpreting the assertions of the GrapheneOS dev. Here is part of that from the dev themself: https://news.ycombinator.com/item?id=30761693
GrapheneOS and AOSP are Linux-based and there are no closed source kernel modules.
Of course you are involved in that thread, so you’ve certainly read it. Maybe some other points to underscore that he made in the follow up:
As stated earlier, there are no closed source kernel drivers for AOSP, GrapheneOS or even most mainstream Android devices running the stock OS.
The reason for using an LTS kernel branch with 6 years of support from kernel.org is stability. Porting forward the drivers to each new kernel release is entirely possible and isn’t a lot of work when it’s done incrementally. Not that many changes are even required. The issue is that there are substantial regressions in each Linux kernel release and it takes at least 4 months or more to get a production quality kernel for a specific hardware target with nothing break, the massive CTS/ITS/VTS passing, etc. Pixel 6 uses the Linux 5.10 kernel branch which was the latest at the time, and those LTS branches have 6 years of support from kernel.org and expanded support with more bug fixes / security enhancements / other improvements via the AOSP common/generic kernel. It’s entirely possible to move to a newer LTS branch. There are no closed source kernel drivers.
…
There are already people who have gotten the mainline 5.15 kernel working with the Pixel 6, but from 5.10 to 5.15 there are a lot of regressions, and there’s a lot of new attack surface. There’s a reason that ONLY the Pixel 6 among the Pixel family has been vulnerable to several serious core Linux kernel vulnerabilities disclosed in the past few months including the branded dirty pipe vulnerability. There are both advantages and disadvantages to using a newer LTS branch.
Can you refute him? It seems he should know what he’s talking about, right? Certainly more than amosbatto. Do you think that amosbatto won’t still make blanket statements
to the contrary???
You love the word “disingenuous”. It’s accusatory and confrontational. Knock it off.
Perhaps I should have simply said: “I can’t speak for them, ask them” or “Google it”. My impression was that they they don’t support GrapheneOS on a Librem 5 because it doesn’t have proper IOMMU support. Instead, I’ll point you to where a GrapheneOS dev answered that question ( https://www.reddit.com/r/Purism/comments/pcos2x/would_it_be_possible_to_put_grapheneos_on_the/halzhkb/ )
See https://www.reddit.com/r/Purism/comments/pcos2x/would_it_be_possible_to_put_grapheneos_on_the/halurxk/?utm_source=reddit&utm_medium=web2x&context=3. It’s anything but secure hardware and firmware. That’s the main reason it won’t be officially supported. People are welcome to make an unofficial port of GrapheneOS. It won’t be able to offer proper firmware security updates, verified boot, hardware attestation, A/B updates (missing support for A/B firmware updates and firmware support for the OS updates), the usual hardware encryption support, Wi-Fi anonymity, proper IOMMU isolation for all components, etc. The OS can be ported, and the hardening could be ported to a kernel for supporting it, with all drivers similarly built into it with LTO + Clang type-based CFI and so on. However, not much can be done about lacking full firmware updates, firmware that can’t be updated, lack of hardware/firmware security and lots of missing functionality.
People don’t need our approval to make an unofficial port. It just has to be clear that it’s unofficial and what’s lacking about it if it’s not complete.
Shill:
- a person who poses as a customer in order to decoy others into participating, as at a gambling house, auction, confidence game, etc
- a person who publicizes or praises something or someone for reasons of self-interest, personal profit, or friendship or loyalty.
To be clear: I am not posing as a customer of anything. I don’t own a Librem 5 a pinephone or use GrapheneOS (or Sailfish). I have no connection to any of those projects.
I am not a shill and would appreciate it if you would stop accusing me of that. I brought up pine64 and GrapheneOS when people asserted that there were no other options. If I knew more about the fairphone I would have brought it up.
I am here because this forum sometimes becomes an echo chamber of misinformation/disinformation. I think the world would be a better place if misinformation was more openly confronted.
2 Likes
So you’re here arguing with people who have spent money on this project out of altruistic reasons? Don’t you have anything better to do?
If there are other options or not purely depends on the individual criteria of the individual customer.
You can always set the selection criteria in such manner that Librem 5 is the only option.
I can speak for myself that for me Pixel, PinePhone, and Fairphone are not an option.
And I perfectly realize that for other people it can be different.
For example I try to avoid made in PRC as much as possible and this already eliminates the 3 options you give even when we don’t consider other factors.
Obviously made in PRC is not completely avoidable, but I try to at least reduce it in my consumption. So I recommend Sony Xperia for people who don’t want a Librem 5 USA and Librem 5 USA for people who are appropriate for this product.
This is actually the only reason why I have not ordered Librem Mini or Librem 14. I am very curious to try PureBoot with Librem Key, but I don’t want to buy a Chineese Notebook/PC when there is Fujitsu on the market (I even found in Germany a PC Fujitsu Made in Germany).
And when I add also other factors that you don’t accept as arguments (like the removable components like modem and WiFi card) then the Librem 5 USA is the best option on the market for ME. It is always an individual choice in an individual context.