Purism Raspberry Pi replacement

I think you’re missing the point that it’s the Raspberry Pi Foundation at fault here. Not M$. That’s quite a fantasy you’ve created about Microsoft, but the proper response is to put pressure on RPi Foundation to stop doing what they’re doing.

1 Like

The Libre Computer Project already has several boards that respect principles of freedom. Like “Le Potato” https://libre.computer/products/boards/aml-s905x-cc/ The fact none of the posters here have brought up the name and seem not to be familiar with them… speaks volumes about difficulties making and marketing such SBCs.

I think… I thiiiinnkkk… Purism has a bit of better brand recognition than “Le potato” and quite a few users and followers already, plus a fully libre and great OS.

(minus the display and battery and maybe cellular modem and maybe WiFi)

That should give a usable computer but would that give a good computer? Maybe, just maybe, it’s OK for a V1 but gee if I’m going to take out the cellular modem and free up an M.2 slot, I would like to be able to put in an M.2 (SATA) drive for storage and ditch the eMMC but the M.2 slot is likely not keyed or wired to support that.

One of the gripes about the Pi is its reliance on a slow and unreliable (albeit removable and hence replaceable) uSD card.

For some purposes WiFi is wanted but for other purposes I would not want WiFi and I would want ethernet - but the L5 would need some kind of USB-C dock / hub in order to offer ethernet (and that would also be needed for external display unless other design changes were made).

Every time this topic comes up I remember that the L5 dev kit was an SBC with some extra parts: the display and the modem.

I’m curious about how many people would have bought them if they were being sold again.

6 Likes

And as stated in this other thread, there are no more L5 dev kits. Those are long gone!
https://forums.puri.sm/t/the-librem-micro-a-sbc-whod-be-interested/11109/21

Also, nicole has said it’d cost well above $300. I’d still pay it. Well worth it. Remember, RPi’s aren’t all that cheap after getting all the parts. I imagine there’d be a little more at the baseline.

You’re right about who was wrong in this case. But the idea needs to be to keep Microsoft’s toxic closed-source apparatus away from anything Linux. That needs to be especially true anytime network trust telationships are involved. If we can’t see under the hood, we don’t want any part of that vehicle.

1 Like

No easily accessible GPIO pins?

No provision for “hats”, “shields”, etc.

I’m trying to understand what they (techrights) mean by that.

Here is what I think they mean: we assume that people regularly run “apt update && apt upgrade” and they do that with root privileges, so binary executables can get downloaded and installed. Then, if a malicious person controls a repository from which updates come, then that person can build malicious versions of programs and get those malicious programs installed as updates.

So then I sort of understand what they mean, but I think it only works when you have at least one package installed from the malicious repository. If a repository is just added but you have no packages installed from that repo, then nothing from that repo will get installed when you do “apt update && apt upgrade”.

Then, for the malicious person to be able to install their malicious code on my computer, the following needs to happen:

  1. The repository is added
  2. I install something from that repository

Is it true that the second point is needed, or is there some way around that, some way that software from that repo could get installed without me directly asking for it?

1 Like

That’s not sufficient. If the repo has a package named the same as one you have but with a higher version, that one will get installed.

4 Likes

Unless you de-prioritize the repo (which I believe has been done in this case).

2 Likes

As above, I suggest poisoning packages.microsoft.com so that nothing, intentionally or unintentionally, gets installed from that repo - between the time that it is added without your consent and the time that you remove it.

Even though your second item (install something) is still required, don’t forget that a malicious post-installation script may make it irrelevant as to whether the program being installed is itself malicious.

Thanks for the links, but I just lost 45 minutes of my life I’ll never get back, or was of any use. The articles are not dated either so when it starts off with “A few days ago…” could be any year or a few days ago…

That said. I read here, somewhere, a person of Linux experience is using a Pi to run their own DNS, and I understand that Pi is also good as a proxy, and/or blocking ads. I am still trying to track down who and where that was. So I dropped $400.00 on the Pi 400.
I unraveled it and got it started in very short order. Then, today I read that Microsoft has infected it with something about “repos” and “images” and other geekineze summing up that the Pi calls home.
That story appears to be a year or more old, meaning M$ has had one toe in, and I’ve no doubt that history will repeat and we’ll be their little minions running about gathering and sharing/selling data about it, and when M$ decides to, they’ll let us use our device - for now.

Now to put up a ad someplace to sell brand new, infected - probably, Raspberry Pi 400.

YES for the M$ assimilated - I do use Chrome, and forced to use Windoze but that is a totally caged-in and separate from Linux rigs. And since M$ is too untrustworthy, these rigs are not connected in any way.

For those that think M$ did nothing wrong being injected into Pi’s everywhere, I remind them of the
Pssst - hey little one, wanna free OS?" and in tiny micro-print, /It will only cost you your right to privacy/. (In Wordpress-fad grey text on grey text might state Well, no matter, you’re getting it any way.

It’s gosh-darned hard to sell my fiends and businesses on Linux (flavours) if M$ is involved in any way. That and tell them “repo”, and “images” doesn’t mean M$ will repossess their car and take pictures too. Just their soul :slight_smile:

~s

Yes, that is annoying. The dates in reddit are mostly useless too. However it seems to be basically “Feb 2021” i.e. discussion started here straight away.

The good news is that you can tell whether you have this problem on your Pi and you can take steps to disinfect your computer. No need to sell your brand new Pi.

1 Like

You spent $400 on a Raspberry Pi 400?

There are already some options in the market:


Another good and a little expensive RPi replacement would be a pinephone. It is extendable by its pogo pins.

2 Likes

I stand to be corrected - sorry Pi
I got the budget $400. The cost is $317.84. Since most tech stuff in Canada is based on US dollar, I gathered exchange would come at months end statements.
Many Canadian stores show prices, but one hunts it down, it’s USD. That way, they bonus up. I didn’t hunt it down. To my surprise after you asked, I was glad to be wrong. I especially don’t like the stores that use Euro when they’re based in US.

Won’t know grande total till May 6. But I think everything was included - shipping too.

Corrected: “So I dropped $317.84 on the Pi 400.”

I’m very happy if it will do as I read - be my DNS and/or ad blocker.

~s

1 Like

I have this one:


Unavailable right now, but you can also get it from other sites.

You’ll need a keyboard, mouse, and monitor, or look for instructions on setting it up “headless.”
After setup, you can ssh into it for updating, etc.

For DNS/tracker-blocking, install Pi-hole, give the RPi a fixed IP address on your network, then instruct your router to use the RPi for DNS lookup. Note that some routers continue to advertise themselves for DNS lookup, which can prevent the RPi from doing it. Hopefully your router allows you to turn off that advertising. (I had to install a 3rd party open-source firmware to enable that option in my router.)

Load one or more of the available block-lists into Pi-hole to block ads and trackers for any device on your network (including video streaming boxes, IoT stuff, phones, computers, etc.) Check often to see that everything you want to block is in fact blocked. Manually add any others you want to block.

Note that your VPN will bypass the Pi-hole DNS service (and therefore tracker- and ad-blocking) unless you have the option to make your VPN service use your DNS instead of theirs.

P.S. You don’t have to use an RPi for Pi-hole, but it makes it simple, and it uses very little electricity, unlike an always-on (other) computer.

And after setup, you can log in to the Pi-hole app and control it in your computer’s browser.

Also, I had a struggle with my Roku, which apparently comes with Google DNS hard-coded. I eventually made it obey, though.

The topic drifted a little bit. But I would honestly not recommend most of the kits.
Instead of a fan and plastic case I would suggest the Flirc case which works as a fanless heatsink and looks well and compact too.
And as a MicroSD card often you can buy something better then the ones offered in such kits. Or you could even try this eMMC which would be more suitable than a MicroSD if the Raspberry is going to be switched on 24/7 at home:

4 Likes

I bet you can believe it, that after I unpacked everything, I hunted all around for the MoBo (Pi) and later found out it’s inside the keyboard. :unamused:
Thanks for the tip on PiHole.
BTW, I won’t try to take out the MoBo :slight_smile: