All from scratch? Calm down… Purism is doing a great job but let’s not loose the sense of science and community here: “ PureOS is a GNU/Linux distribution based on Debian. …PureOS uses free and open source software exclusively and is endorsed by the Free Software Foundation.”
I said I believe the person not Purism. I was speaking generally. Don’t put words in my mouth and there won’t be a need to calm down.
We’re talking about two cellphones (and every one involved) here and you come up with that? A person that makes it all from scratch? Sorry! I couldn’t foresee that turn!!! Man!!!
Sorry you misunderstood. It wasn’t intentional and I can see how you made the mistake.
If you want to be specific there isn’t a computer of any kind built today that is truly made from scratch.
just so we’re clear, he was ONLY 29 years old back in 2013 when he PONDERED what to do and how to proceed … i dare anybody to do better than he did including myself … those of us who are STILL here i mean …
One of the reasons why Purism publishes both the schematics and x-rays of their phone is that customers can independently verify that nothing has been added to the phone’s hardware. It is planned that the Librem Key will eventually support the Librem 5 to detect tampering in the software.
PINE64 operates out of Shenzhen, Allwinner is headquartered in Zhuhai, Guangdong and Quectel is based in Shanghai, so the companies that designed the PinePhone and made its processor and its cellular modem are all Chinese. However, I don’t think there is much risk of the Chinese government slipping chips into a PinePhone, like it did with Supermicro servers, because important targets are not buying a phone designed for Linux geeks and modders.
Knowing that people are going to be looking at the schematics and playing with the hardware, it would frankly be stupid to try and slip something onto the PCB of either the PinePhone or Librem 5. There are much easier targets in world.
Foolish argument, IMHO. None of us know the options he really had. None of us know the people he knew .Furthermore we aren’t aware of all the stuff he really had access to.
We can form our opinion on what was reported and that is it. So insinuating that he made the best decision simply because we don’t have a clue about his options is pointless.
probably. i wasn’t THERE with him to KNOW if that’s what you’re saying but does that make your counter argument any less foolish ?
I’m not going to make a strong argument either way that the Chinese government will or won’t be compromising any of the relevant chips (in either phone). I can make the following comments:
- it is possible therefore it should not be discounted
- compromises at the lowest level make it harder to be specific about what you are trying to achieve and to achieve it - for example, if you compromise a generic, widely used CPU - how do you trigger it? how do you prevent an avalanche of intercepted data?
- in theory the cellular modem does not need to be trusted - since the phone network leaks like a sieve anyway, any “interesting” material would be communicated encrypted over a data call, thereby making it opaque to the modem - although the modem would still be useful for location tracking
You would hope so.
So much easier to put something into a blackbox operating system.
reC, your not alone. My BQe with Ubuntu Phone is 5 y old and still up and running. Observing my wife’s Huawei 9, i’m so glad of NOT having Whatsup, it takes all your time and mem space.
Think about this from the perspective of a Chinese government spy agency. If you are going to spend millions of yuan developing a secret spy chip, are you going to spend it on a phone model that only has 10k orders per year? Are you going to waste your resources on a phone that uses an NXP or Allwinner processor that no other phone model in the world uses, and has a BroadMobi or Quectel cellular modem that no other phone model uses (because it was designed for laptops)?
Frankly, I doubt that a Chinese spy agency is going to target phone hardware in the first place, because the technology changes every year, so it makes a lot more sense to target server hardware that doesn’t change often and can collect data from thousands of users, rather than just one user. Second, the Chinese spy agency would target a phone model that lots of business and government leaders are using. I doubt that the PinePhone will ever be used by anyone important who the Chinese government cares to spy on. The Librem 5 might eventually be used by relevant people, but it will be several years before there are enough apps and PureOS is good enough to attract users who are worth spying on.
However, if you are going to spend the time and resources to develop a secret spy chip for a particular phone model or modem and then infiltrate the assembly plant, you are not going to do all that work for some oddball phone that uses bizarre hardware and software that no other phone model in the world uses. It is simply too much trouble and there isn’t much reward. Also, you never want to be caught, because companies and governments are going to be alerted to your secret trick, so you have to start over from scratch developing a new spy chip that targets new hardware. Why risk all that on a low-value target when there is a high probability of your secret spy chip being discovered in the Librem 5?
I know that this is about pinephone etc,
But, I see Snowden described as a low level IT guy etc, but reading of his book doesn’t support this. It appeared to me that he climbed the IT ladder to a pretty high level. I mean just look at the access he had (yes, I also know how he sneakily gathered his info). But if you’re going to dis his skills…
I never dissed his skills. I also did not say he was a low level IT, but rather that he was a lowly IT. IE: not head of the agency.
My argument was that of his motives. Never his skills.
the lower the level of the IT guy the more he can access it would seem … computers are like hookers - all you need is one good PIMP
i’m not sure it’s them assuming anything at this point but maybe rather the fear of the social credit system hitting 0 or bellow zero … remember the HUNGER GAMES films ?
it’s kinda hard beeing alone in such a big world don’t you think so ?
I don’t know about other chips. But as an embedded controls engineer, the brand of chips that I use can change the function of the nRESET pin to disable it during initial programming of the fuse settings. In some chips, these ‘fuse settings’ can be written to from executable code (as opposed to initial programming). One possible result is that the chip could be programmed to allow executable code to disable your kill switch. If the chip manufacturer publishes the device data sheet, you could read that data sheet to find out what the chip can do.
Not in the slightest
Hi…i have a good review about the both. Having a FOSS telephone with equipment switches for mass parts is wonderful, as is assembly, and they are submitted 200% to it. My point is, and I state that as a resigned Firefox OS giver, they thought little of the work expected to clean an item, and there will be a great deal of bugs, accidents and issues.
The good, the bad and the ugly …
Interesting to read his assessment of the two phones.
In response to his criticisms of the Librem 5, it is worth noting that Phosh will be adding swipes in place of taps in many places in the future. Also worth noting that Ubuntu Touch’s keyboard is based on plugins that use the Maliit keyboard, which is used by Plasma Mobile, LuneOS and SailfishOS, so I doubt that the Ubuntu Touch keyboard is that much better than the others.
I also notice that there’s a lot of folks who are very ripe to jump in and defend Purism at a moment’s notice. Saying things like: “mobile linux wouldn’t exist without them,” or “I am doing this for despite the fact I disagree with their lack of transparency.” I think this is a bit of a toxic way to approach it. Look, I have the phone, I left my money with Purism and still want mobile linux to succeed. But the community at large has to call this sort of behaviour out if they don’t want it to continue happening.
…parts of the community has a lot of work to do to stop sounding like some crazy uncle at Thanskgiving; or at the very least, show the more positive aspects rather than permit lengthy diatribes around how we should support them despite Purism’s horrible communication, and think strategically about what we really want.
Since ThatGeoGuy specifically linked to my Reddit post and cited it as an example of “sounding like some crazy uncle at Thanskgiving,” he should have a blog that allows comments so the “crazy uncle” can respond.
ThatGeoGuy characterizes me as a crackpot because I point out that the dev work for the Librem 5 is essential to the future of mobile Linux. My argument is that support for the i.MX 8M platform is essential for creating all sorts of future RYF devices and that Phosh is the mobile interface with the best shot of making mobile Linux a success. I ask critics of Purism what kind of future do we have without mobile RYF devices based on the i.MX 8M platform and how likely is mobile Linux to succeed without Phosh.
My argument is not that Purism shouldn’t be criticized, but people should be thinking about the strategic importance of Purism’s work when criticizing the company rather than simply trying to harm sales or drive the company out of business.
I point out that all the other mobile Linux interfaces have serious drawbacks. ThatGeoGuy praises Lomiri in his review, but he fails to address the fact that UBports only has 9 volunteers registered to make commits to its codebase on GitHub and Lomiri has only received 90 commits in the last year. UBports has to maintain a huge codebase without any outside help from other organizations and any corporate support, and it simply isn’t sustainable, as is clear when looking at the number of commits to Lomiri since Canonical abandoned the code in May 2017:
What this means is that the code is basically on life support and people like ThatGeoGuy are deluding themselves when they expect Lomiri to keep improving when there is so little dev work being done on the code. These are exactly the issues that I raised in my essay about the strategic advantages of Phosh for mobile Linux which ThatGeoGuy totally fails to address in his review of the two Linux phones.