What's better for Librem 5 - PureOS or Mobian?

PureOS, simply because you are getting first-class support from Purism themselves throughout the entire stack.

I do not know the answer to the second question, but I assume they are the same, minus binary software drivers and firmware blobs.

What about postmarketOS?

1 Like

Yes, postmarketOS also includes software that does not respect your freedom. However, they have a tool, pmbootstrap, that makes building your own images relatively convenient, and that tool asks if you would like to exclude non-free software from your OS image, so there is a way you can exclude it. PostmarketOS specifically targets android devices that can be used with a mainline linux kernel, and these devices require a lot of proprietary firmware. So, allowing proprietary firmware is a tradeoff that will hopefully allow people to get more years of useful life from their old android devices.

PureOS is much superior, because it does not include any of the mystery firmware that runs arbitrary code on your phone without you being able to effectively audit what it is doing. PureOS is much better for freedom, privacy, and transparency.

2 Likes

I guess that depends on how you see the wifi firmware in the firmware jail that is included…

2 Likes

I think what I said is correct. PureOS is much superior because there are not mystery blobs in the OS, meaning that when you install or update the OS, you are not adding or updating arbitrary code that you cannot audit. That is why PureOS is recommended by the Free Software Foundation, but Mobian is not.

4 Likes

An important condition for FSF endorsement is rejecting nonfree applications, nonfree programming platforms, nonfree drivers, nonfree firmware “blobs,” and any other nonfree software and documentation.

1 Like

:100:

Mobian is a Ridiculous-Opensource.
Normally Opensource mean Gratis but Gratis is pretty far for Libre.
I will never use it cheaper things like Mobian/Opensource.

1 Like

I think you may be confused or misinformed, this is included in the install provided by Purism for current Librem 5’s and if I remember correctly the Librem 14’s as well.

1 Like

I guess you are confused or misinformed, PureOS “STILL” Libre of Blobs, so what is happened is that Purism is sending machines with Blobs embedded through a JAIL, however when PureOS Boot, the BLOBs it already moved to lib/firmware so in the sense PureOS is not more Libre or security nor privacy. So that JAil together with Librem 11 meaning that Purism is not Good anymore… we will see it the future how Purism is falling into the abyss.
I not supporting anymore Purism even if Purism made a Real Gnu+Lnx phone as at the moment still has big issues that Purism maybe do not care or will not address anymore, etc.

Any purism-blob-installer does not part of PureOS, but Purism :wink:

1 Like

Not quite. The firmware jail is mounted into the file system as part of the boot process, as I understand it. So the operating system install on the disk (/ the entire disk) is “clean”. If you use something like Jumpdrive, you may be able to verify that i.e. examine that path from the host computer and perhaps it will be missing from the file system on the disk. However this is just an assumption on my part i.e. that Jumpdrive makes no attempt to activate the firmware jail and present it to the host.

Also of course you can use the older Redpine card if you really really don’t want the firmware jail. When I look on my phone at /usr/share/firmware-librem5-nonfree/firmware it is empty - not even the subdirectory (brcm), let alone any firmware files.

To clarify that … firmware jail? Yes. With the same behaviour as above.

But it’s a different WiFi card (Intel rather than SparkLAN), so the actual blobbery is different. Only on very recent Librem 14 laptops of course.

And again you are free to use an older (and less functional and less performant) WiFi card in your Librem 14 if you really really don’t want the firmware jail.

For sure, these distinctions are subtle and people’s care factor will vary.

2 Likes

The point was that the firmware blob is provided as part of the OS even if placed in a jail, the jail limits how it runs but it is still a provided blob that is running on the CPU.

Pointing out that it can be removed doesn’t change it being provided… I mean by that logic all Linux distros are free of blobs because they can be removed.

2 Likes

No, it isn’t. It is provided by Purism but it is not provided as part of the operating system.

No, it isn’t. (It is running on a CPU, the CPU inside the WiFi card. It is not running on the CPU - and this is not a subtle distinction - since running blackbox WiFi firmware on the CPU would completely compromise the system.)

Which WiFi card do you have in your Librem 5? If it’s the SparkLAN card then I suggest you actually look at the implementation.

I guess that in the limit, to cater for the most demanding customers (adopting a position similar to the quoted text), it should be an option at order time. If you order without a WiFi card or you order with or for a WiFi card that does not require the firmware jail then the firmware jail is non-existent or empty.

However I think that Purism is not currently offering this.

Also, it is not enough just to remove it … the system still has to work afterwards.

1 Like

That broken fsf rules and Pureos it can be considered Evil and removed from FSF.

Opensource SPARKLAN: The Blob it running on main user CPU not wifi cpu because card missing cpu.

Purism not care Libre things anymore, because solutions exist.

2 Likes

Of course, it is disappointing that Purism products include components that require non-free firmware. However, the Free Software Foundation makes, IMHO, a wise distinction between mystery binaries that are updated as part of the operating system and those that are not.

If a mystery blob is not updated as part of the operating system, it can be thought of as similar to hardware: there is no practical way for the hardware in your device to be transparent (no reproducible builds + hashing/signatures), BUT it cannot be silently updated, so you have that advantage in terms of studying it and controlling it.

The difference comes down to something like this: mystery blob firmware that cannot be updated as part of the operating system (e.g., Purism’s firmware jails) can be thought of as similar to a black-box piece of hardware. You can’t audit its code, but it is limited in what it can do because it cannot easily be remotely updated. Mystery blob firmware that is updated along with the operating system (e.g. non-free software included in Mobian and PostmarketOS) is more like giving the author of the firmware (some malicious corporation) perpetual access to run arbitrary code on your computer components.

This distinction is why Purism created the firmware jail and why the firmware jail is meaningful to the Free Software Foundation.

2 Likes

Maybe the WiFi cpu could be referred to as the WPU as in GPU, APU, CPU :thinking:? Might start a trend.
~s

2 Likes

Hey you are fully smart for catch it. Yes WPU could be for.

1 Like

That’s where things start to get grey.

If Purism supplies you with a computer and that computer incorporates a WiFi card and that WiFi card stores its firmware on flash memory that is inside the WiFi card then … Purism still “provided” (distributed / encouraged use of) the firmware and it is still blackbox firmware - which we all agree is a bad thing.

If Purism supplies you with a computer and that computer incorporates a WiFi card and that WiFi card does not store its firmware on flash memory inside the WiFi card but instead requires the driver to load the firmware to the WiFi card’s volatile memory via the interface from the host to the WiFi card (e.g. USB or SDIO) and the firmware is stored elsewhere on the computer in flash memory then … Purism “provided” (distributed / encouraged use of) the firmware and the firmware is blackbox - which we all agree is a bad thing.

As I said, these distinctions are subtle and people’s care factor will vary.

If the FSF rules require all possible efforts to be made to avoid using any hardware that requires visible blackbox code then, yes, Purism has breached those rules. Purism would have made a trade-off. In the case of the Librem 14, the gain is better performance and support at all for recent WiFi standards. In the case of the Librem 5, the apparent gain is better driver support under Linux.

For all that, they have not taken away your choice to have 100% Libre WiFi arrangements (if you need WiFi at all).

In one respect they have strengthened your control over your computer because if you empty the firmware jail then you will be disabling the WiFi card in a way that is not possible if the firmware is stored on the WiFi card itself. (PS Don’t do this unless you know how to unempty it and you can do so without using WiFi.)

2 Likes

Good point, but this way is permitted by FSF because it still permit to have GNU+Lnx System fully Libre of Blobs.

FSF does not permit this way because Gnu+Lnx can not be fully Libre of Blobs

If Peoples cares differently that is OK BUT They need to Respect Gnu OSes Rules like PureOS, if peoples do not like FSF Rules through PureOS then They need to Go far away to Opensources OSes like Debian, Manjaro, Fedora, Whatever. why? because PureOS is for Free Software Peoples like Me, Why? why not?.

As i said above Rules are Rules to Protect of the end user from Enterprise what fits.

If Purism want to do whatever for user like Opensource does then need to removed from FSF.

Even if remove the Firmware blobs from Jail there is no guarantee that it will be completely disabled through an Easter-egg microfirmware into controller but luckily it exists a h.k.s. :wink:

1 Like

That is a possibility. (In fact, I would assume there is embedded microfirmware because something has to fire up e.g. the USB client device to the state where the host can download the actual firmware.)

Security is always a game of defence in depth (or, if you prefer, belt and braces).

If you want to get truly paranoid, the WiFi card can have an “easter egg” e.g. supercapacitor - so that it still has power after the HKS is operated, and the WiFi card can continue to function in low power stealth mode doing who knows what for how long. (May work even better for Bluetooth.)

It is good to have choices about what measures you deploy in order to manage your security and privacy.

It depends what you (really the FSF rules) mean by “system”. The computer as a whole? Nah, it’s not free of blobs. The disk / root file system / boot file system? Yes, it can be free of blobs. Some other carving up of the computer so as to make the statement true? Yes, the statement is true.

3 Likes

:joy:
Well a Capacitor is just a volatil energy what could happen is a hidden battery disguised as a capacitor(supercapacitor).

Well Userland is already Libre next step for FSF through RCS will be Rootland Libre, but if opensource does not matter get Libre Useland, Rootland(firmwares) will be never, so yes FSF is the only Real Freedom,Security and Privacy for user.

1 Like