Librem 5 concern

pzelenka · July 13, 2019, 1:23am

I personally do not like to go fishing, but, I some times stop along the river and watch folks who do. Some times they have interesting stories, sometimes not.

Tatatirci · July 13, 2019, 2:10am

Couldn’t find the PDF yet - just the screenshot, which helped me look for the title

pzelenka · July 13, 2019, 5:57pm

PDF:

tracy · July 16, 2019, 8:11pm

Seen on slashdot today:

Full text.

Android app developers intentionally delayed updating their applications to work on top of Android 6.0, so they could continue to have access to an older permission-requesting mechanism that granted them easy access to large quantities of user data, research published by the University of Maryland last month has revealed. From a report:

The central focus of this research was the release of Android (Marshmallow) 6.0 in October 2015. The main innovation added in Android 6.0 was the ability for users to approve app permissions on a per-permission basis, selecting which permissions they wanted to allow an app to have. […] In research published in June, two University of Maryland academics say they conducted tests between April 2016 and March 2018 to see how many apps initially coded to work on older Android SDKs were updated to work on the newer Android 6.0 SDK. The research duo says they installed 13,599 of the most popular Android apps on test devices. Each month, the research team would update the apps and scan the apps’ code to see if they were updated for the newer Android 6.0 release. “We find that an app’s likelihood of delaying upgrade to the latest platform version increases with an increase in the ratio of dangerous permissions sought by the apps, indicating that apps prefer to retain control over access to the users’ private information,” said Raveesh K. Mayya and Siva Viswanathan, the two academics behind the research.

Links:

Slashdot story

ZDNet source

Some_dude36 · July 16, 2019, 9:30pm

I feel like I did in 2011 when I used windows for the last time installing my first full time linux distro .

Look at that article up there. Android app builders delaying so they can get more app permission data .
BYEEEEEEE

tracy · July 18, 2019, 11:18pm

Thanks! (Someone read my latest post, woohoo!)

pureman48 · October 9, 2019, 10:19pm

anon4488778 has the right idea. People are way to quick to go bananas. But I do not think my original post was unreasonable. I am sorry but I have friends and family that use specific apps that you guys deem “bad for privacy” and in order to be able to communicate and conduct business with these people I rely on certain apps. Additionally there are three aspects of security that are built into the phone such as OS security and hardware kill switches, then there is app security, and privacy, then there is carrier privacy/cellular privacy. These are three different things. Not having app privacy does not necessarily correlate with not having phone privacy or security especially with the right settings/permissions. None of these solutions help with cellular privacy.

If you guys truly want privacy the best option is to probably not even have a phone. While I value my privacy I don’t value turning into an Amish person to achieve these goals. It is not worth it in my opinion. Even with this phone the baseband is not secure and nor is the phone lines that I still rely on to communicate with people. I am sure your carrier is still tracking you and sending all this info to the government. Thus I am not getting this phone. If this problem is solved I will consider it. It is not reasonable to expect everyone I know to switch to things like signal or Matrix thus app privacy is not solved.

Some_dude36 · October 9, 2019, 10:31pm

Is matrix going to be required at both ends to message ? Or will it only be secure if the L5 is the only one using it ?

Anybody · October 10, 2019, 2:08am

I think your original topic was expecting things that cannot be reasonably achieved. If you want to go to the moon, you cannot just send someone there on the first rocket. It has to start with engine tests and psychological evaluations, perhaps send a dog into space etc. etc…

Let me state why I think most people are here. For me it started with the first tablet I ever bought. I chose my tablet, it seemed to be to be a computer of sorts, I paid real honest hard earned cash and then brought it home. I switched it on and was absolutely shocked with what I saw. In order to get the programs I had to give my details over to start an account. I thought no! But in the end there was simply no choice, You cannot get the apps without ‘belonging’ to the corporation. An “agreement” came up on the screen. I thought hang on…THERE WAS NO AGREEMENT WHEN I PAID CASH!!! now an agreement appears AFTERWARDS!!! I gave in and gave out my details - what could I do. from then on I saw that everything I did had the same slimey deal - money up front… get home, open the box… AGREEMENT+ GIVE OVER DETAILS…OR NO USE!!! My lumia promised me windows, I bought it in good faith, It was not windows at all - it was windows ZOMBIE, that was the version - honest! it couldn’t do anything like a word processor or basic windows functions at all. My Galaxy core prime gave me android 4.x it got updated only as far as 4.4.4 NEVER to get a reasonable update. My computer never ever got an upgrade to windows 10, I forced it but the GPU was totally uncatered for, after numerous requests to windows, AMD, and HP I got nowhere, not one of them thought it was a responsibility to give me a GPU driver - In other words “buy new hardware” NO I WILL NOT. I became a Linux user at that point and will never look back. That is only the corporations. Now my government has done something that only North Korea and China have pulled off - both extremely oppressive states - legislation to get a front door key to every form of encryption anywhere. It is called spying. Do the governments of this world regard it as a crime? OH YES THEY DO! World wide, history shows the standard penalty to be…torture, and numerous examples can be found with footage from the second world war of summary execution on both sides. Now we are their bosses - they are public servants. Whatever they consider the crime to be between servants, how do they reason when the servant does it to the boss IE the public that gives them the mandate (but actually never gave any mandate)? Apparently it is OK! Did they think to ask our opinion? Er no - because they have forgotten their place! Not one person voted for it. Just go and google up the five eyes and you can’t believe the boldness of governments that have no mandate!

So I am willing to start off with the basics - a phone, calculator, sms, calendar, internet browser, and a few other things, If for once I can just get some honest dealings and truly own what I bought and have security. The Librem 5 task is not easy, It has to start from first principles, Check each chip, each bit of code, make the OS universal so that the phone IS for the first time a REAL computer when it gets given a monitor. They have to lay huge foundations. As long as they promise to keep going and giving me upgrades(LIKE NOBODY ELSE HAS EVER DONE FOR ME) I’ll buy into the first model arriving well under par. The people who come here I believe are fed up with the evil status quo and want a better world. They don’t need a “tinder” app, besides, If the phone can use a browser, there is “tinder” anyway! And this one will do it on the big screen which most cannot at all. You cannot reach for the moon and expect the first rocket to just go there.

kieran · October 10, 2019, 3:20am

With all that background, you’ve been in the wars and you will appreciate the Librem 5 all the more.

You don’t need a tinder app because you are already getting screwed.

As am I.

Some people are listing their basics here: Apps you want on the L5

wimdows · October 10, 2019, 6:24am

Hear, hear!!!

ruff · October 10, 2019, 7:45am

Yes, me too, and that applies not only to the librem phone but to any phone or personal computer in general. If i consider something breaching my privacy - i don’t use it. Regardless of the platform. I’m really looking forward having the platform which is private by default for not to spend too much time on tightening the seams.
And yes those friends of mine and relatives are complaining they cannot reach me via their convenient means. And my only response is - sorry, if you want to reach me please use channels I use, i’m not going to compromise my privacy/security for your convenience.

2disbetter · October 10, 2019, 8:19am

Personally I think it is a shame that Anon left, his opinion unlike many here has some meat to it. I’m not a fan of Purism because I believe their products are super secure (I do however believe that they are genuinely working to improve security on them), but rather because of their slant on hardware. Hardware you can truly own and repair is crucial.

I do think if Linux had the same user space of uninformed naïve computer users as Windows it would drown in malware, same thing with OS X. If it is software it is vulnerable. If it is software that connects to the internet even more so.

Period.

patch · October 10, 2019, 10:09am

I think you and I have similar reasons for backing this product.

There is a trade-off between “idiot proof” and “something you can truly own”. If you have the freedom to do what you like with the product, then you have the freedom to infect it with malware! There is only so much that can be done to prevent that by having secure defaults and user interfaces that discourage insecure actions. With freedom comes responsibility.

rekotc · October 10, 2019, 10:40am

I’ll be ‘100% Librem 5 proof’ as soon as i can get rid of whatsapp Everything else was abandoned a long time ago.

2disbetter · October 10, 2019, 2:06pm

amosbatto:

I write code for a living and I know the kind of sloppiness that happens when coders don’t think that anyone will ever see their code, which happens in a lot of proprietary code. Being open source isn’t a silver bullet, since there is a lot of code sitting in the repositories that was written by one person as a hobby and it has never been reviewed by anyone. However, most of the open source code which is mission critical and is widely used has been looked at by a lot of eyeballs. 4,300 developers from over 500 companies contributed to Linux 4.8 - 4.13 (which is roughly 1 year of development). There are 900 developers who contribute to GTK+ and GNOME, and 3000 who contribute to Debian (which is the parent distro of PureOS). Maybe some of the code currently being written by Purism (phosh, libhandy, Chatty, squeekboard, etc.) hasn’t been looked at by many people, but that will change once the Librem 5 gets released and more people get interested in the project and want to start writing mobile Linux apps.

Most proprietary code gets reviewed by two people before it is committed and then it gets a pass by a profiler and security scanner, and then it never gets looked at again, until someone is hunting for a bug, which is why open source code is generally better because it gets more scrutiny. The code security scanner Coverty found that proprietary code in 2013 contained 0.72 defects per 1000 lines of code compared to 0.59 defects per 1000 lines in open source code. The results of the Coverty tests match my own experience. I’ve worked on both proprietary and open source projects, and the open source code was looked at by more people and better tested for bugs.

Fellow software engineer here as well, and I have one question regarding your take on the pluses of open source software:

If OSS is so superior to proprietary programming efforts, than explain to me why proprietary software is consistently more polished, feature rich, and functional? Why if the collective efforts on a OSS project are so important, do those projects never really measure up to proprietary software? GIMP and Blender are two great examples. They are both excellent pieces of software, but try comparing them to industry leading software. (Photoshop and 3d Studio Max, for example) They don’t hold a candle to them based on feature set, usage, etc.

I know this might be a hard point to fathom by many of the more seasoned FOSS community but just because they’ve never used this software out of principle.

Think about it: If OSS software was really so much better than proprietary software, why wouldn’t the whole industry instantly switch to it? They’d have every reason in the book to do that!!

OSS is not a clear cut better way of developing software and the reality of software development today is evidence of that.

Aberts10 · October 10, 2019, 2:16pm

Blender does infact hold a candle to other software, as not only is it free compared to the other products, but it does nearly everything those do and more in some cases (i mean at one point it literally had it’s own game engine in it too… and it’s used for much more than game models). And yes, photoshop still has more features, but it also has alot more money to go around compared to gimp or krita.

Photoshop has also been around much longer than Krita and even Gimp.

Further, there are plenty of areas that FOSS is ahead in terms of features, performance, and security. Not to mention it’s free. Your paying for other products, wheras you don’t need to pay a dime to use FOSS software.

2disbetter · October 10, 2019, 2:23pm

There is a chasm 1,000 miles wide that fits into that statement. Also have you ever used any of the proprietary software that are used for similar purposes?

With the hive like nature that OSS trumpets, time would be a diminishing factor as you would have exponentially more (in theory) people developing it. Your argument of Photoshop being older as an excuse undermines OSS more as it disproves this notion. (I’m not saying that more people working on something doesn’t speed development, I’m saying if you can’t get people to work on a project, it doesn’t matter.)

Give me an example, and I’m fairly certain I can show you a proprietary version that is better (better meaning more features, more polish, more functional, etc.).

Aberts10 · October 10, 2019, 2:34pm

Exponentially more people developing it when it’s a free program that is being worked on by people donating blood, spit, and tears?

Foss runs on donations (of anything people can spare), that don’t measure up to the level of funds that a big corporation pushing such software to make money off of would get.

Just because it’s not got every bell and whistle imaginable, doesn’t mean it’s bad. Maybe one day it will have all those bells and whistles, but most people in foss aim to keep things simple and make sure they work, while respecting user privacy and freedoms.

If it’s missing something, add it. Don’t just sit and complain it’s not there. Donate to it, contribute, and push it forward. That’s how it’s prospered, and why it’s valuable.

Further, time doesn’t mean a program is magically going to get 10x more contributors than the project before it. In the case of Foss it’s much more likely the project will take some of the ideas from the existing project and improve it while preserving the Foss ideas, not go out on a crusade to add more features than the original or beat it in some way. (which does have it’s downsides, but at the same time it has upsides)

And if you still can’t get over a free peice of software not having as many features for whatever your edge case, then use the propeitary stuff and go back to windows. You don’t have to use it, and that’s a right too. But i know plenty of people who find free software much better for their use because it’s free, and because it’s still plenty useful. Your probably never going to get everything you want (XYZ may need something, but alot of people don’t), but you’ll likely find things you can’t live without too.

wctaylor · October 10, 2019, 2:41pm

I think Pixar now makes heavy use of Blender. Here’s one of the first links I can find where a Pixar employee says Blender does pretty much everything their own software could, and they even open-sourced parts of their own software.

Additionally, while I believe Matlab has certain areas without much FOSS competition (yet), in my field (physics) everyone is ditching Matlab for Python. I don’t think Matlab has much staying power.