My dream for the future Librem desktop PC


#1

I would be in computing heaven, if some time in the future I’d be able to buy a PC that combines all the social goodness, non-trackedness, backdoor-freeness, corebootness etc. of Purism with hardware sweetness of the new MintBox3.

The machine should have enough graphics power to play the latest or close to latest 3D games with high settings, and naturally be able to execute CPU-heavy tasks with respectable speed. Silent cooling would also be a must.

Although I don’t have much money, I’d be ready to pay quite a lot for that PC.

P.S. I was going to post to the following topic, but the page warned me about the thread being old, so decided to start a new one:
https://forums.puri.sm/t/librem-desktop-idea/2116
This comment may be moved to the above thread, if it’s a better place.


#2

Super-impressive that they can get that much grunt in a fanless (silent) device.

The ‘Pro’ version has nVidia graphics which means that it could be somewhere between troublesome and non-starter as far as Purism is concerned. Not sure I need 7 by 4K displays either. LOL. This is a high end device, with for example a 1TB NVMe drive. It comes with a hefty price.

The ‘Basic’ version is probably more realistic. Still plenty of grunt but at a price that would appeal more widely.

One minor observation on CPU horsepower: this is high horsepower through multiple cores (6 in the Basic and 8 in the Pro). If your application or application mix can use all those cores then that’s great. If your application really needs one CPU to run fast then there may be better options. That is not a criticism of this device or any similar device from any manufacturer. It is a general statement of where CPU implementations are at today, basically hitting a wall on true CPU horsepower and hence expanding sideways into more CPUs.

Just putting it out there - I wonder whether the two companies could work together. Clearly they are working with Mint at the moment but maybe that’s not an exclusive deal.

General wishlist topic: Your Purism products wish list


#3

look under the block diagram > https://fit-iot.com/web/products/mintbox3/mintbox3-pro-specifications/

all that 8c-16t intel madness with no active cooling ? my Blender renders will be the death of this machine …

also the lower levels of the code (BIOS, vBIOS, firmware, cpu-microcode, etc.) are locked tighter than the devil’s anus …


#4

Strike nVidia for anything resembling openness. I am afraid graphics card capabilities and openness are inversely correlated…


#5

I think the point is that @Ademeion is wanting to combine the openness of Purism with the hardware spec of the Mintbox 3. Whether that is because Purism produces comparable hardware or because the two companies cooperate is unspecified.

Let’s say we put the ‘Pro’ to one side for a moment, as it has a dedicated nVidia graphics card. How does the ‘Basic’ differ from existing Purism x86 hardware in terms of blobs?

The obvious one is the WiFi card. It’s an optional(?) M.2 card in the ‘Basic’. So shouldn’t be a problem to replace with Purism’s Redpine M.2 card (from the Librem 5). Famous last words.

Coreboot would need to be worked on.

(As an aside, the ‘Basic’ is a more modest 6c-6t.)

Who can say? I’m not stumping up USD 2500 to find out but this company has been doing fanless for a long time. Perhaps the CPU throttles to keep the temperature within spec. So your Blender renders won’t kill the machine but could take longer than you expect.

I would be more worried about the heat dissipation if you fully loaded the storage with 6 disks.

Or, as I wrote initially

somewhere between troublesome and non-starter


#6

Blockquote I think the point is that @Ademeion is wanting to combine the openness of Purism with the hardware spec of the Mintbox 3.

Yes. The performance and the performing parts don’t have to be exactly the same, but the performance should be high. I would be even happier, if Purism would be able to use fully open, non-Intel and non-AMD processor and graphics card. It may not be currently possible, but as it says in the title, this is my dream.

I’m not dreaming just of a small and powerfull, backdoor-free PC. I actually might already be able to build one from components (Power9 etc.) offered by Raptor Computing Systems. I dream of a small, powerfull, backdoor-free, freedom-respecting, fully silent, fan-free, very high build quality, estetichally very pleasing (as I think MintBox is) PC with good selection of thoughtfully selected and placed connections and buttons. A readily made PC would be easier for me than building one myself, and the end result could be better than what I could achieve, as the example of MintBox shows.


#7

When experimenting with Pureos on my laptop, I realized that using such a secure OS on relatively open hardware is very difficult. You need drivers and patches that can be difficult to get and install. After installing them, you have to ask yourself if you’ve just compromised the enhanced security. I assume that installing applications would cause some risks too. After a while you have to ask ‘what’s the point?’. I can just install a reputable anti-virus program and an anti-snoopware program if it’s a PC, and it’s probably all good.

Unlike a PC, a smart phone was never free to begin with. Without Admin privileges we’re locked out of any reasonable security by design. So the Librem 5 (for example) is a big improvement. I see Pureos as almost a proprietary OS in some respects because you have to be careful not to break the Security if you want it to protect you. You can’t just do anything without abandoning Security. So this limits to some degree what you can do in some cases. Similarly, you wouldn’t want to buy a brand new sports car and then drill extra holes in the dash to install a CB radio, or put several bumper stickers on that same car. You want to keep it like factory new and only do the officially supported upgrades and only a few minor customizations that are safe. In this case and with Google and everyone else hammering to get in and disrespect your privacy, it’s worth it to me to keep Pureos on the phone and to keep it uncompromised, and to limit what I do with it, to stay protected. So for this reason, you’re still going to be limited in some ways what you can do with your Librem 5 (just speculating).

So for these reasons, I can see why the allure of a Librem PC is less enticing. A standard PC running Ubuntu with a few tweaks and customizations and you’re good. Viruses can exist on any OS but after leaving Windows, the odds of your Security being compromised are so much lower, especially if you close the ports you care about and stay informed about Security risks of your given OS. The same can’t be said of your Android phone.


#8

I think you have a bit of confusion, but i want to focus more on the most important topic: A real secure pc.
You can use the most secure OS with the most advanced software hardening, BUT if your hardware is a blackbox as x86 and most ARM are, you are not safe at all. You could be more safe with linux than windows for viruses, but you still running things that could arm your pc making all this effort useless.

I suggest you to watch this video to understand better what’s happening

That’s why we need an openpower pc, raptor are already selling it, but there is still some missing points, not all the program work as expected, i.e firefox do not have JIT, some stuff is not user friendly and need to be improved, and the market still miss from an advanced 2d gpu to run DE and video 3d acceleration, they are using ast 2500 on their motherboard, probably some arm gpu with open firmware integrated on the mobo (panfrost, gallium i.e.) could fix this issue, and this is what i’m waiting from purism.
I think a matx motherboard like the raptor’s blackbird but with a more powered integrated gpu will be what we really want, a machine with open firmware everywhere, i think purism could do what raptor imho failed, make this system user friendly with a more powerfull open integrated gpu ( a discrete one will be good too if is open ofc ).

I hope when all the effort needed for the librem 5 will be addressed purism will redirect all their man forces to this project


#9

Don’t you mean relatively closed hardware? Open hardware makes it easier.

Everyone always seems to forget that rootable Android devices exist, and it always really bugs me. I have admin privilages on my OnePlus One.


#10

Yes, but the last software update for the OnePlus One dates from October 9, 2016, which is a big security hole in my opinion. At least there is a LineageOS port available for your phone, and you can unlock the bootloader to install it, but most Android models don’t have the combination of those two options.

Huawei is the second largest phone maker in the world and none of its recent phones are rootable. I have a number of Android devices that I can’t root. For example, I bought a used Galaxy Note 10.1 (2014) tablet two years ago and I discovered that it is the Verizon model that can’t be rooted and the bootloader can’t be unlocked. It is basically junk as far as I’m concerned.


#11

I already did that as soon as I got my current iteration of my phone (⌐■ω■) (this is a hand-me-down phone after my previous handed down OnePlus One, running Omnirom, was stolen and destroyed).

True, and I avoid those like the plague! Most Android devices are propreitary house-arrest jails (since at least they are more free than iOS). My point is that there are exceptions to the rule, not that Android devices in are free in general, which they usually aren’t.


#12

I’m not sure what you mean by “open” hardware. If you mean “your random choice” then you are correct. Once you insist on blob-free, secure hardware, you do automatically rule out a lot of hardware. That doesn’t mean that the approach that Purism is taking with the Librem 5 and with the existing Purism laptop models cannot be extended to a desktop model.

What it would mean is that you would be limited to a small range of hardware components - and you would be paying a premium for Purism to find and wrangle those components. You wouldn’t get the free-for-all, mix-and-match that you can probably currently get with a generic x86 PC tower case and mobo. Or at least, if you chose to exercise that freedom to install any random hardware component then you might be compromising the high level of security, as you say, if the component works at all.

This level of restriction is not unlike the Mintbox 3 that @Ademeion refers to. Its fanless nature and its compact size already mean that expansion is limited by the manufacturer.

(However limited doesn’t need to mean poor performance or crappy spec - i9-9900K CPU 8c16t, nVidia graphics for a total of 7 by 4K displays, 32GB RAM standard and up to 128GB RAM, standard 1TB NVMe disk, with room for another NVMe disk and also 4 by 2.5" SATA disks, optional WiFi+BT, dual GbE, optional 4G modem (M.2 or mini PCIe), redundant power, integrated OLED display … is actually a pretty nice rig.)

Would it work for you? Apparently not. Would it work for @Ademeion and me? Apparently so

Although the price of the ‘Pro’ is likely out of my comfort zone and more than I need anyway. The ‘Basic’ is closer to the mark for me. I saw on the fit-iot web site that a mid-range model is also under development. I assume that means somewhere between ‘Basic’ and ‘Pro’.

Windows is a virus. The only anti-virus that deals with that is - Linux. :joy:


#13

I think everyone understands that. Even without random Intel firmware, even without the homunculus CPU within a CPU, the Intel CPU is closed (ditto the Intel integrated graphics). It could be hardwired to do anything and you wouldn’t know about it, thereby theoretically undermining all security added at all upper levels.

I myself don’t think that means it is pointless to run Linux, or pointless to buy a device from Purism that uses that CPU. You are still making it harder for the intruder.

It does mean that we have to be realistic about exactly how pure (how secure) a system we can buy today. You can choose to buy nothing or you can choose to accept less than 100% purity or you can choose to accept other limitations. Those are your choices today.

I don’t speak for Purism but I think that they have said that when the component ecosystem and performance are there for an alternative open CPU, they are “open” to that alternative.


#14

i meant from a marketing stand-point if you’re going to have a ‘PRO’ in the name of the product you’re trying to sell then it better have a dedicated PRO GPU (nVidia-Quadro or AMD-pro-WX) in there … yes Autodesk Maya is available for linux machines - NATIVELY and it DOES take advantage of the improvements … altough i would NEVER invest in a AUTODESK PROPRIETARY license when i’ve got Blender … speaking for myself here.

and yes they did say that it has a 300w capable CPU in there and a PSU to match that but i simply don’t see 300w worth of heat eliminated in a timely manner through natural convection alone … prove me wrong

also not having a dedicated PRO graphics card and a temperature-handicapped CPU in there at such a high price while NOT offering anything else except a customized Linux-Mint experience out of the box is a serious let-down (at least Purism offers hardware sustainability, digital-freedom, privacy and security out-of-the-box for the shit ton of money they charge)


#15

Compulab has been making these impressive machines for a couple of years now. Glad to see them focus on Linux. If I did not already have so many desktops / servers I would be all over something like this. I don’t personally care about whisper quite performance, but I’m sure I wouldn’t complain about it being quite either.


#16

I agree with you, something it’s just better than nothing, but just a little.
I think it’s important to let people understand why for the sake of the market rule demand and offer, push on the complete open platform is something important, and vital in some case, in the age of surveilance we are, i think it’s really important to give the right devices to journalist and whistleblower to make their work to spread different voices, informations and make our life better.

I.e. when i read comparison or sh*t on the librem5 and his price i think people are too much used to buy piece of hardware not a vision of for a freedom on the elettronic world, i’ve ordered the librem5 also because of that and i will also order a pinephone when will be available because i think it’s important give money to people who try to break the android/ios duopoly, and i understand why their price are different, and i want to support both because are both important to succeed.

We are a niche, we know that, and imho it’s important to this niche to be aware that a corebooted x86 with linux is a nice to have, but we must asking for the true open system, and talk about it, to let understand to everyone in the niche, and maybe after to others, why this is important.

We don’t really know what the future will deserve, everyone hope to live in a future where the unicorns will fly over the rainbow and everyone will be just happy, but the history has already teached us that some nice or “normal” moment could just became orrible pieces of history, think about world wars or nazist, and in this moment let to brave people to have the right devices to fight against it it’s vital for the entire world, but this products woundn’t exist if people aware of surveilance, snowden, etc etc do not ask for it.


#17

There’s no little - there’s mitigation of particular vector which contributes to overall mitigation of the risk. Each vector has its own probability/likelihood which contributes to overall risk urgency.
How may vectors you have on current android or locked down OEM laptop?
Let’s calc.
We have

  1. FAB (manufacturing/suppliers)
  2. intel (of course)
  3. OEM (vendor)
  4. microsoft (of course)
  5. Applications (x times)
  6. 3d party which exploit any/all of the above

If you put linux on it - you may get rid of 4 and 5 vectors.
If you move to Purism (and you trust purism and their security model) you close 3 and partially 1 & 6. Does it close the risk? No, there are still vectors. Does it mitigate the urgency (de-risk it)? Yes, you have now much lower likelihood of being compromised and you can focus on those by applying external measures (physical security, perimeter security, etc.).


#18

In a less technical pov and to be more at 360° in our days where companies make money from our data and governments hold their power spying citizen around the globe, even if they are not terrorist or person of interest, where what all that matters are money, well i think it’s not enough to live with freedom and keeping the free speach alive.

You talk about vectors i call them backdoors, but it doesn’t matter, because what microsoft or 3d party apps can’t directly harvest could just buy your data from intel or any kind of black box inside your pc.
We just need ONE door to access our own home, they have multiple door to break inside our life, and since there will be one, i think someone could have a false sense of security, and this in some situation could be even worse than no security at all


#19

A false sense of security is only worse than no security when it affects the attitude and behaviors one takes as a result of thinking they’re more secure than they actually are. The idea is to have what security you can while still remaining vigilant. Failure to do so is on the person who’s not remaining vigilant.


#20

Marketing is all about perception and if that’s your perception, fair enough. You are right that this is not a top-of-the-line graphics card. If it really bothers you, the fit-iot web site does say:

The user is welcome to open MintBox3 to add, remove and upgrade RAM, storage, add-on cards and even the graphics card.

(my emphasis)

For my purposes (if I was going to spend USD 2500, which I am not), the integrated graphics are good enough. I wouldn’t even need a graphics card - which we all know also is difficult to reconcile with purity.

I wonder too.

Even if 300W is eliminated perfectly, I don’t like the idea of having to have a 300W heater on a lot of the time (winter OK, summer not so much), never mind about the power consumption cost / CO2 emissions.

I suspect that one of the target markets of this device is as a home server (minus the graphics). If it is on 24x7 then that is even worse.

Note though that 300W is peak (fully loaded) and the CPU itself in the ‘Pro’ is ‘only’ 95W.