Opensource Auditing of Purism's Products

After a similar post about my recent experience trying to get convergence working on my Librem 5, I suddenly have several questions about if/how Purism is willing to share information.

Theoretically, every product that Purism sells should be auditable by anyone in the public. If it can’t be audited by the public, it can’t be trusted, no matter how well intentioned Purism might be. And per my understanding of Purism’s social purpose, that is why people buy Purism products. My first post was an attempt to see if anyone else knew where I could find the information that I am looking for. This post is to explore the ethical and practical issues involving why I want the information and how the people at Purism might see the issue.

For several reasons, the lapdoc product that is offered by Purism doesn’t interest me. But the convergence features of the Librem 5 very much interest me. Using my own skills and abilities, I believe that I can build a prototype of the hardware that I want to use for Librem 5 convergence for around $50 to $100, and in higher quantities, for around $50 each. I didn’t really plan to make a business out of doing this initially. But considering the retail cost of the NexDock 360, compared to the cost of building my own device, the idea of going in to this business unavoidably presents itself. The only barrier to entry might be found in obtaining Purism’s secret propetary engineering information, if Purism does not allow the auditing of that information by the public.

So here is the dilemma. If Purism does not allow the public to review the NexDock 360 schematics and all associated software and firmware code, how do we know that we can trust it? Maybe the NexDock 360 opens up a huge security leak that affects everyone who uses it, but that no one knows about because the schematic and code are proprietary and secret (if they are proprietary and secret).

Then on the other side of the issue, there are people like myself who do not want the product the way it is and want to alter it. I want a small cradle the size of a bar of soap that plugs in to the Librem 5, a keyboard, mouse, and monitor, the same as any laptop pc and dock would connect. I want to pay much closer to the $50 cost of components for such a device, not $550 for a physically much larger product. With the cost of circuit boards, I can get ten of them fabricated for almost the same price as having only one of them fabricated. And getting a hundred of them made wouldn’t really cost much for the average person. If Purism allows the auditing of their products, then any competent Engineer should be able to copy and alter the critical technology, to make products that compete with Purism’s product offering, if not just copying Purism’s products without even altering them at all. A Chinese made NexDock 360 could easily sell on Amazon for $100, leaving plenty of profit margin for the Amazon seller.

Are there ethical issues involved here? How does Purism feel about this issue? If Purism is willing, I would really like to audit the schematics and code that go in tobthe NexDock 360.

The NexDock is made by a company other than Purism, you should contact them. www.nexdock.com

Well, $200 is better than $550. So that’s a start. It is interesting that a 5.8Ah battery is built in to the NexDock 360 and that the screen is only 13.3”. Apparently, driving a larger display must take a lot of power. That would explain why my 25" display caused my Librem 5 to get hot and shut off in less than one minute. What if you want to drive a six foot image from a projector to make presentations that last for well over an hour?

Perhaps the convergence device should host a small transformer instead of a battery. With a transformer, a wheatstone bridge circuit (made from a few diodes), and some capacitors to filter out the remaining ripples (all small surface-mount components except for the transformer), and you can have as much power as you need to satisfy the Librem 5 and any sized image. That would take up much less space than a 5.8Ah battery.

Theoretical question, if puri.sm products were auditable by the public, and to take it a step further: by you. How would you go about it?

WWSRD (WhatWouldSteveRDo)?

I would use the term “audit” lightly here (facetious), perhaps to avoid using the word “copy". If you don’t want to spend a lot of time, creating and validating new electronic designs, you can just copy known good circuitry from an existing opensource design, in to whatever it is that you’re building. In the world of proprietary intellectual property, that would be a bad thing to do, which is why proprietary designs are not shared. When Purism is selling opensource products as they also impose disclosure duties upon themselves, it’s worth asking if they mind having someone else taking their work and using it to eat their lunch. As it turned out in this case, the NexDock 360 is a proprietary product manufactured by another company. Purism just more than doubles the price and resells it. But any time you see an electronic product (like the NexDock 360) that is similar to another very similar product except it’s 20x or more the price (compared to a $29 cradle from Amazon), you know that someone is either violating a patent or someone is making too much money, if not violating a patent. Putting aside the value of intellectual property, electronic products are extremely inexpensive. Granted, you get a keyboard and mouse with the NexDock that you don’t get with the $29 Amazon cradle. But still, almost 20x is too much to charge.

Decades ago, I sat on a Open Source organization board and one of our goals was to obtain source code for an expired HP (albeit proprietary) product. We finally obtained the code, then realized, what the hell are we going to do with it? We couldn’t sell it and there were other organizations with more resources that could play and bench with it. (Those other organizations had also obtained a copy of the source from HP.)

We gave it back.

At work, we make regular use of a commercial electronic device product that costs us hundreds of thousands of dollars per year. The OEM charges us an amazingly high markup and this has gone on for several decades now. We have always paid because we have no better choice. I have always told myself that if a lower cost alternative becomes available that we would take it. It’s a niche product and the market is primarily commercial electronics. But a bigger company can spend quite a bit every year on this product.

About three months ago, I found an opensource project online that makes a very similar product. But the electrical design is very different. I had someone who reports to me, download the github project file and build the device and test it. The results were flawless. The opensource license allows commercial use. So I sent a link to the project file and my Engineering assessment, stating the differences between the commercial product and this opensource product, to the legal department. I told them that we plan to only use the new device for internal use. They replied back stating that saw no legal reasons to not use the opensource version of the product.

My message to management and to my colleagues had a subject line that said “99.5% Cost Savings on…” (the product name). I also messaged the opensource project owner to start some relationship building. In our exchange of ideas, I told him that my colleagues and I are making an initial build of 200 of the devices that he had developed, just enough to see how wide-use adoption of the device at one location would affect us. If all works out, we’ll probably make thousands more of them. I felt bad that I wasn’t authorized to pay him anything (at least not yet). I’ve got a plan in mind to get him some compensation later if I can, after everything proves out. But he didn’t seem interested in getting anything from us. He said that he felt honored that someone is using his product. Then he offered to add more features to the next revision and asked if we would also use those features if he added them. I really felt humbled by my interaction with this individual. He seemed more interested in being a part of something big and is quite generous with his work. His project forum has several members. Most of them are hobbyists who have contributed to the product development. So suddenly, I am a big believer in the benefits of opensource projects. I told him that if we make any improvements to it, that we would give those improvements back to his forum.

Sound like you have the situaltion well in hand.

At my job we use an old software package for production that is originally fifty years old (thirty if you factor the version they’re on). It it has a limited lifespan of course (max 2038 when the hardware clock dies). The eventual goal is to migrate to something else. Meanwhile they keep holding on to what they have because the license, (more or less) is a pittance of what other proprietary software costs.

Or a different angle on that: if Purism resells someone else’s product then that should be disclosed e.g. the original dock that they were selling and e.g. the lapdock. Unfortunately Purism won’t have the leverage to get sources and/or schematics released by the actual manufacturers of those products.

I’ve known subcontracted source code that wasn’t released because the subcontracted vendor wouldn’t release copyright.

But I’m guessing this doesn’t apply in puri.sm’s case, given their policy.