Librem 5 concern

I see this phrase used here often. And while I could reply at-length it really comes down to Economics 101. I’m a consumer and not one who cares much about the greater philosophy behind the device. The concept behind the Librem5 has more or less been discussed, and even tried in the past, and yet here we are 15 years later.

That phrase is just used to summarily dismiss the limitations being pointed out. According to the logic here, if the phone turns out to be a brick, then oh well, so be it because it was all in support of the movement.

If I want to support the Linux community, then I can make a $650 donation to any of a number of organizations.

I’ve been around, ya know. I’m not going to invest $650 into something that is sure to have quite a bit of problems during its first few iterations.

I’m a consumer. It’s a product. It’s not an investment. And it’s not a pet. However, that is exactly how some people here treat the Librem5… as if it is some beloved pet. Say something about the Librem5 that does not fit the agenda, and it is as if that poster went to someone’s house and kicked their dog or cat.

Based upon years of experience, I would bet heavily that Purism products will never grow beyond the geek and those “committed to the movement” markets.

Yes, due to Linux’s low usage, it will likely remain quite secure compared to Windows and Mac, but that argument is like saying “water is wet.”

If all of a sudden Linux were targeted to the same extent as Windows, then Linux would be smashed. There’s a lot of yet to be discovered vulnerabilities within the Linux ecosystem. Like I said, Linux provides security via obscurity - which is fine. Remember, I do this for a living ?

However, since people here are so emotionally involved in this project and they want the stated aspirations to succeed so badly, I know from experience that it is pointless to get into a long running debate about even obvious facts. That’s why I am signing-off after this.

That you spent so much time and effort creating your reply about malware and the state of Linux security with statements and data that are slanted to support your agenda is proof of the truth that I speak.

Peoples’ emotional responses will keep them biased and closed-off from discussing things within the basis of reality.

I am not here to convince anyone of anything. I don’t care what people decide to do with their money and whether or not they support some agenda. I know I don’t care about the philosophy behind the phone as much as what I will get for my money. I’m just a lowly consumer with money to spend.

However, most people here are trying to convince everyone else about things that just aren’t quite accurate. And I think they are trying to reinforce their beliefs by constantly evangelizing. In my profession it is common to see this kind of behavior whether it applies to hardware or software.

People here seem focused on Facebook. Facebook software should be the least of peoples’ worries. Applications within the context of the way they are so heavily discussed here are not the primary attack vector whether it is on Windows, Mac or Linux.

A message from your mother’s phone can result in your system being pwned. Scanning a malicious QR code is another. Exercising prophylaxis is a good start, yet it is not enough.

I am going to close my account, but watch… people here will continue to respond vociferously and emotionally to what I’ve posted.

All arguments exchanged. Good time to close this chapter.

As excited as I am about the Librem 5, it won’t be the phone for everyone on day one, and you should probably wait until it has been on the market for a year or two before buying it. By that point, you can read the reviews and look at the apps that have been created in the PureOS store to see if it fits your needs.

I fully expect that even if Purism can’t find another cellular baseband besides the Gemalto PLS8 to run on a free software driver, the community will have tested alternatives like the Quectel EM06, and can tell you exactly what to buy (as long as you don’t mind using a binary blob).

As I explained in a previous post, the Vivante GC7000Lite GPU is pretty good. Only if you are doing some serious gaming (not many options there) or using the L5 to run a Linux desktop are you likely to notice the older CPU cores, because there won’t be much software that needs a better CPU. 1.5GHz 4xCortex-A53 is plenty fast to run the Linux/Wayland/GTK+/Phosh stack. What you are mostly likely to notice is poor battery life, and you will probably have to wait for the software to be optimized to save power and for a future version using the i.MX 8M mini at 14nm to address that issue. I expect that the L5 will have a thick case and be heavy due to the fact that it needs a big battery and the kill switches and the M.2 card will take up more space.

As for whether the phone will last 5 years or more, the phone’s software will clearly be supported for a long time, because NXP is going to produce the i.MX 8M for the next 10 years and NXP engineers have been submitting to the Linux kernel, so we are virtually guaranteed 10 years of Linux updates from the company. Even if Purism goes bankrupt and NXP drops support, the nature of the L5 practically guarantees strong community support, similar to what happened with the Nokia N900 and Maemo 5, which people are still using 10 years after its release. The LineageOS community is still releasing updates for the Galaxy S II from 2011 and the Motorola Moto G from 2013, and the Librem 5 will be much easier for the community to keep updating than those phones due to the lack of binary blobs and Purism selecting hardware with the best free software support.

Most defects in today’s smartphone manufacturing are found early in the product life, so we should know relatively quickly if the L5 will hold up. Most of the notable engineering failures in recent years such as Apple’s bendgate on the iPhone 6 and Samsung’s exploding Note 7 were caused by engineers trying to make the phone as thin as possible, but Purism isn’t going to try to win any style awards. If there are any manufacturing issues, they should be found by the people like me who pre-ordered and are getting the first batches. If you care about longevity, then wait for the second production run or later to order.

Regarding your point on the target market. I think you see this first phone as a consumer device, which I agree the marketing lately does seem to be implying. Personally, I’ve looked at this gen 1 device that, at least at the time I bought in, was intended to be released before it was 100% feature complete as a device for early adopters.

Yes, early adopters are technically consumers, however we are a subset that expect a certain level of instability.

I have always taken the long term goal to be that of a consumer friendly device targeting the mass market, however, everything I’ve been an early adopters of was not the product it ultimately became.

I just wanted to share another perspective on that piece because while I do agree that saying someone isn’t the target market can be a dismissive way to not deal with something they said, I do think that there are also people who are not early adopters that are trying to get a device as an early adopter and their expectations are off because they haven’t been an early adopter of a product before. Personally I think the conversation should be more on resetting expectations than dismissal, but not everyone is open to alternate viewpoints.

Sorry this was so long-winded, hopefully it helps to see things from another perspective.

Actually, you provided no evidence to support your claims. You didn’t cite a single study or point to a single example of how Linux is insecure. The empirical evidence shows that the Linux kernel is very secure despite wide usage, as I demonstrated above. The security model employed by Linux user space has been tested since the early 1970s by systems running UNIX (including BSD, iOS and MacOS). I have tried to write code to allow the Apache user to get around that security model and I can tell you that it pretty hard to do.

I make no claim to be a security expert, but my day job is to write code for business process management web software where client data has to be protected. On a daily basis I have to think about whether the REST endpoint that I’m creating can be used to steal a business’s data. I’ve spent time doing silly things like looking at the code to create an MD5 hash vs a SHA256 hash, and tried to understand why one is more crackable than the other. I suspect that I know a bit more about security than you, but I can’t prove it, so let’s stick to the evidence, and frankly you haven’t presented any evidence that Linux user space is easy to compromise.

If you want to make an argument about why PureOS should be using SELinux instead of AppArmor or why Purism is choosing the wrong way to do end-to-end encryption in Chatty+XMPP or why running an HTML5 app in the GTK WebKit2 isn’t secure, then maybe we can have a rational discussion about Librem 5 security, but you haven’t presented even a single example to back up your assertion that the Librem 5 will be insecure.

From what we know, Linux is a generally secure platform and Purism is making good security choices, but there are so many implementation details that we don’t yet know that it is pointless to try and have a detailed discussion about Librem 5 security at this point.

this is the best answer I have read for years

This is getting circular…

This is another well thought out post that gets mostly ignored.

There’s the real problem. Noone knows exactly what the Librem 5 “will be” - because it isn’t released yet. We can speculate all we like.

Those that have put money down in advance of the release of the product are voting with their wallets, giving a vote of confidence. Those that prefer to know exactly what they are buying should hold off.

One observation on “security via obscurity” … there is no room for the literal meaning of this phrase in the open source world. Open source gives you no place to hide and no place for obscurity.

The real world is messier than this however. There is some validity to the point about percentage targeting but in the mobile space that works in the opposite direction from what ‘anon4488778’ may be implying i.e. the majority of mobile phones in the world run a Linux-derived operating system. On the desktop, anon’s point has more validity. If you are a ransomware writer, you want maximum bang for your buck. So on the desktop, you target Windows.

All that said, I am near certain that there are undiscovered vulnerabilities in the Linux ecosystem. I read the update stream that comes through for Linux desktop. It is very hard to believe that this morning’s CVE patches were the last ones ever. However the same applies to the Windows ecosystem and all other ecosystems.

That’s without even worrying about hardware level vulnerabilities (like the mass of speculative executive problems) that apply regardless of operating system.

This, incidentally, is a point in our favour. When those vulnerabilities get found and patched in the future, we can update immediately because our device will have mainline support in the kernel and as such we get those patches “automatically” (though if in a few decades time Purism no longer run a build and update service for the Gen1 Librem 5, we would have to build the kernel ourselves).

Android devices, on the other hand, stop getting patches after what could be a very short time. And since their hardware support comes from one specific version of the Linux kernel, every single patch needs to be backported (as opposed to just doing “git pull”, “configure”, “make”) and you don’t get any benefit from future additions to the code.

This is one part of what we’re buying - since Purism are trying very very hard to get as much as possible in the mainline source trees, part of our money is going towards long-term support.

Will the Librem5 be perfect? No
Will the Librem5 be a product for everyone? No
Will the Librem5 be a product for more than a niche? No
Does that make it a useless product? No

I backed the devkit and phone despite the sofware focus on “Linux apps”. I have my roots on the web (FirefoxOS) and I consider this effort to be tremendously important to allow others to have a hardware platform to experiment with and offer alternative software stacks. This alone has enough value, though it’s obviously still just a niche for now. If that ever ends up leading to a more “mass market” product, great, but that should not be seen as a primary goal for the Librem5 v1.

Apart from that, the PinePhone is also extremely important because their price point make it less of an “elite” device for the wealthy geeks at the price of a small compromise on open source purity.

I was also uniformed for 30 years, and got an honorable discharge!

Oh speaking of uninstalling apps on an Android, after I read this last week I tried uninstalling Chrome on my old Android 4. No can do, the best it gets to is the factory default. Just saying.

I’ve noticed a lot of people commenting about the Librem 5 not being a perfect phone, not that I am aware of any phone being perfect, then talking about version 2 being for the general publics use.

If the first version of the Librem 5 won’t be able to do what we want doesn’t that defeat one of its main goals? Not to have built in obsolescence. Not to be a throw away device.

The way some have made it sound is as though the first version of the Librem 5 should be considered a development system or prototype device.

I too have wondered about what version 2 will be. I expect it to be a mix of community and user feedback as well as more open hardware such as RISC-V. I don’t believe version 2 would be a continuation of version 1 but rather an evolution of the design philosophy.

I expect that the Librem 5 will be a perfectly usable device for making phone calls and web browsing, and I will be tickled pink to use it. However, the number of apps will be limited at first, so it will take some time to be as useful to the average person as an iPhone or Android phone. However, the phone has the potential to last as long as you want to keep using it, so even if it isn’t great in year 1 due the small number of apps, it will be great in year 3 and you can keep using it in year 5 if you want to.

There is no easy path forward, because I don’t expect NXP to make a better mobile SoC. I predict that version 2 will have something like 6-8 GB of RAM, 128-256 GB of Flash memory and a 16-20 MP camera, but the same i.MX 8M Quad SoC. I also predict that Purism will make a cheaper, thinner, and more energy-efficient model based on the i.MX 8M mini, which will have a soldered cellular modem and it won’t be designed for convergence, since the GPU and VPU in the mini is not very good. My hope is that the Rockchip RK3588 won’t require any binary blobs and the Lima driver for the Mali GPU will get good enough in the future so that Purism can use it.

SiFive says a RISC-V mobile SoC will be ready in 2 years (due to the Qualcomm investments), but SiFive is using an Imagination PowerVR GPU, which has no free driver, so it is basically worthless to us. For this reason, Nicole Faerber hinted a couple days ago that Purism might be planning to help create a free/open hardware GPU.

At this point, I see the Librem 5 as an investment in creating an alternative mobile platform that respects our digital rights. I think all this obsessing about the outdated CPU cores, the thickness of the case, and the lack of camera specs is missing the point. By buying a Librem 5, we are helping to establish mobile Linux as a viable mobile platform, that guarantees our freedom, privacy and security in ways that Android and iOS cannot.

Todd Weaver mentions the following goals of Purism in his interviews:

1. Driving change up the supply chain so that more hardware is compatible with free software so that we have viable alternatives,
2. Creating products that are convenient, so that ordinary people can make ethical choices when buying tech,
3. Educating the public about their digital rights,
4. Pushing regulatory reforms so user digital rights are respected.

Of course, none of this will happen quickly, but I’m willing to help finance a company that has these larger goals. More than any other tech company that I know, Purism is working toward achieving these goals, so I’m willing to deal with a little inconvenience in the short term to get a better future in the long term.

carefull ! you might be labeled an extremist

I agree completely. I don’t actually use many apps myself and there is only one I’ll struggle without. Both iOS and Android started with few apps and on occasion in the early days lacked basic functionality.

Do we really need a better SoC in the near future? For a long I’ve felt that more power allows developers to be lazy when it comes to optimising code. I will always appreciate a better GPU though.

As awesome as that sounds it’s a huge task. Even open cores with a global network of engineers and volunteers essentially failed at that task. I’m not saying it won’t happen but perhaps a better path would be seeing if a company that has a GPU would be willing to work with the community and even open source the core of the GPU.

Outdated is relative. Apple’s hardware is a lower spec than flagship Android phones of the same year, yet equivalent apps seem to run better on apple’s devices because of optimisation. Of course that is easier to do with essentially one target unlike the Android ecosystem. If the OS and software is optimised correctly you won’t notice the slightly slower CPU. I think RAM would be the biggest hurdle and that will just limit the number of apps you can run simultaneously.

You could say buying a PinePhone would also help establish mobile Linux as a viable platform. Unlike the Librem 5 it isn’t added another mobile Linux OS to the mix. I have nothing against pureOS, just making a point about diluting the mobile Linux OS space. On that there seems to be 4 ways the mobile space can be exploited. 1) Build an OS that can be deployed on many different devices. Eg. Android. 2) Build a device that can run many different OSes. Eg. PinePhone. 3) Build a device that can run many different OSes and an OS that can run on different devices. Eg. Purism (I am assuming the the mobile version of PureOS is portable). 4) Build an OS and hardware that are locked to each other. Eg. Apple. As for Android not being able to be secure I have to disagree. Aosp should be able to be safe and secure and private. I believe the problem is with Google’s Android.

The goals of Purism are noble ones. I think a problem that’s been highlighted recently should be considered a goal. That technology, regardless of boarders and governments, is available for all people for the betterment of the world.

Sorry for the long rants and if I seem a bit preachy.

Actually, that’s the other way around. Apple’s mobile CPUs are monsters. They can trade blows with some of Intel’s desktop CPUs.

That said, your main point is still true. A more streamlined OS will certainly improve responsiveness and you’d have to try very hard to get something which is more bloated than Android. Another example would be the various Nokia Winphones, which were by all accounts (I have never used one) extremely responsive when compared to flagship Android devices of the day, but often having slower CPUs and less RAM.

If Purism were starting from scratch like Firefox OS, Ubuntu Touch/UBports or Tizen, I would agree with you, but the goal is convergence with GNOME on the desktop. We probably would have been better off if TrollTech had been convinced to open source Qt in the mid-1990s, so there would have been no reason to create GTK and GNOME, but at this point we have 24 years of GTK software, and all that software needs a path so it can be used on mobile devices. By creating libhandy and Phosh, Purism is giving thousands of desktop GTK programs a way to eventually become dual desktop and mobile apps.

Since Purism has committed to supporting both Qt/KDE Plasma Mobile and GTK/Phosh, it is trying to strengthen the two major Linux ecosystems. I see KDE Plasma Mobile in the Librem 5 repo, so I assume that this is happening. Plus, the Librem 5 supports HTML5 apps, so the HTML apps created for Firefox OS, Tizen and UBports can potentially be reused (although it probably involves either switching the code to use new libraries or importing the underlying libraries of those systems).

Maybe Purism should have gone with KDE Plasma Mobile on the Librem 5, but then that means either switching PureOS to KDE on the desktop or having to support two different systems on the desktop and mobile, and that undermines the goal of convergence between the desktop and mobile. Todd Weaver in an interview on TWIT in 2016 remarked that they chose GNOME when the company started because it had better support for touch screens, so KDE wasn’t always the better choice for mobile devices. There is also the factor that GTK/GNOME is historically aligned with the Free Software Foundation, and Purism wants to promote user digital rights and the ideas of the FSF.

Purism is actually pursuing all 4 strategies to some degree.

1. PureOS with GTK/GNOME/Phosh can potentially run on any device (PC, tablet or smartphone), and we might see community porting efforts in the future.

2. Purism is trying to work with other communities to port their mobile OS to the Librem 5 (although I don’t know if the Librem 5 dev kit ever got to UBports), so it can sell to their niche markets, but it is not as focused on this as PinePhone and Necunos NC_1, because it is central to the marketing strategy those 2 phones to sell to different niche communities. The PinePhone will probably be sold with postmarketOS and KDE Plasma Mobile preinstalled and Necunos NC_1 will be sold with the choice of 6 different OSes and donations will go the OS which is selected.

3. Purism isn’t trying to lock the OS to the hardware like Apple, but it recognizes that hardware and software need to be sold together in a convenient package in order to break into the mobile duopoly. Ubuntu Touch and Firefox OS failed because Canonical and Mozilla Foundation didn’t have a strong hardware partner to push their software, and the two companies didn’t know how to produce hardware on their own. Canonical thought that it needed to raise $32 million to produce its Edge phone, whereas Purism said that it could crowdfund the Librem 5 for only $1.5 million, because it had experience working with inexpensive suppliers in Shenzhen. Purism probably underestimated the cost, but its strategy of one company producing both the hardware and software appears to be the only viable way to break into the mobile market if aspiring for more than the tinkerers and Linux enthusiasts who will buy the PinePhone or the security extremists who will buy a Necunos.

As the AV-Test data shows, there are a lot of Android exploits, but Android is inherently more secure than Windows, since it is based on the UNIX security model, and uses SELinux, sandboxing of apps and encryption of data. A lot of the Android security holes are in choice of apps, which can be closed by installing AOSP or a derivative like LineageOS and then only using software in the F-droid repo (which is what I do).

However, if you read the Android monthly security bulletins, you will find exploits in AOSP as well. I see several in the June report.

The big problems with Android are:

1. Google built up the 3.2 million apps in the Play Store by encouraging app developers to follow its business model of monetizing user data,
2. The Android software updates have to go through device manufacturers and cellular providers who are trying to minimize their costs by not providing those updates so millions of people end up running insecure devices that aren’t getting updates,
3. Android devices are locked down by the manufacturers and cellular providers, so the user has little freedom. If the user wants freedom by rooting the device and unlocking the bootloader, she loses many of the security features.

We have a good enough GPU, but for convergence to work well we do need a more powerful SoC with Cortex-A7X CPU cores. For better image processing in the camera, an SoC with a built in DSP and/or ISP would help, and an NPU would help if using AI in the future.

The i.MX 8M wasn’t designed for mobile phones and isn’t optimized for the kind of energy efficiency that a mobile phone needs. A 7nm Snapdragon or MediaTek is going to be a lot more energy efficient than a bunch of separate chips which are 28 nm:
i.MX 8M Quad + cellular baseband + Wi-Fi/Bluetooth + GPS.
The Snapdragon also includes a DSP, ISP, Quickcharging and DisplayPort alt mode, which Librem 5 can only implement with separate chips. Having a 7nm SoC would help reduce the weight, battery size and thickness of the Librem 5 and extend its battery life.

I agree that you probably won’t notice the older CPU cores when using the Librem 5 as a phone (unless you are gaming and there aren’t many choices for that), but every review is going to comment about how people are paying so much for older hardware, so it is a marketing problem if nothing else. The Cortex-53 is two generations behind today’s Cortex-A57, and the i.MX 8M Quad doesn’t hold a candle to today’s 6-8 core SoC (2-4x Cortex-A77, 4x Cortex-A57) in terms of the benchmarks.

We can counteract this to some degree with your argument that it doesn’t really matter for most uses of the phone, but it does matter for convergence. I also think that Purism should try to make a future i.MX 8M mini phone that is in the $300-350 price range with a soldered cellular modem that includes the WiFi, Bluetooth and GPS in the modem (so there are only two hardware kill switches), which doesn’t advertise as being for convergence and comes in a small case, because it will be a much easier sell.

It would be a regression in terms of free software and the device would lose its RYF certification.