Announcement

Collapse
No announcement yet.

Librem 5 "Birch" Linux Smartphones Begin Shipping To Consumers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by blackiwid View Post
    1. You say it's not the fault of the other companies that they used proprietary drivers, which is wrong because it's a question of priorities Librem had the priority to not use blobs and they got it done. You can say they just had the right timing, but I doubt that Mozilla would not be able to do so. The only hard problem to solve was the modem thing. The rest was doable 10 years ago, too. Even if that would have meant no 3d support like the Replicant phones showed.
    You need to remember that we aren't just talking theoretical concept. We're talking real product, and eventually the reality of world are going to catch up with you.
    Everything require compromises and balancing.

    - making a 100% opensource OS requires work, even more so if it is for a different class of use case where there isn't a giant install base. Smartphone are typical of that. It's not your usual server/workstation/laptop or embed router, and thus your garden variety Debian/Fedora or OpenWRT aren't 100% ready for the task.
    Having a good functionning OS is going to require ressources and time, even more so that there isn't a ready-to-deploy solution. You'd need to reuse the work of most of the "almost there" OS available (Sailfish is currently in full production and available on several product, but hasn't finished opensourcing everything and - let's be real - is probably a decade away from finishing this - if they're still around. UbuntuTouch, LunaOS, etc. are all interesting concept but are currently mostly in zombie state with only some comunity enthousiat installing them on 3rd party smartphones).


    - making hardware is also hard, specially if you're not used to ship hardware of this class. See the countless crowdfunding project that sound cool on the paper but eventually die out. There are very few community projects that eventually succeed and they all come from companies with moderate experience in shipping hardware (Planet Computer is an example). Even repeating success is hard (see Jolla Tablet).

    Wanting to tackle both of the above is a HARD task, that broke several companies.
    There's a reason why the Jolla Tablet fiasco was "too much" for Jolla and they decided to exit the hardware market and concentrate exclusively on software.

    (Fairphone is a different example: making an open hardware with modularity and environment firendly ness is hard. So they concentrate on the hardware part, go for a off-the-shelf "evil" qualcom chipset, and slap a standard AOSP Android OS on it. You're free to make a community build of your favorite alternative OS, but don't expect much support from them, they don't have the ressources)

    - wanting to make opensource-friendly hardware is even harder because suddenly you're adding extra constrains that complicates the task. You can't use the same chipset that the rest of the market is using. You need to go for more weird and excentic solution, which each come with their own drawbacks.
    (for historical example you can even look back at the original OpenMoko and their Neo1973 and NeoFreerunner. Interesting concept but over-priced, under-powered, weirdly architectured and eventually crushed by the competition)

    Librem is the prime exemple of what is difficult (and specifically how they are chasing too many rabbits at the same time).
    They wanted to have both the software and hardware all developped inhouse. Despite them having a little bit of experience shipping hardware (mostly laptop) shipping hardware is hard - even more so because smartphone are entirely different beast.
    They are suffereing from tons of delay, and by the time they finally ship their hardware, is going to be considered absolute shit by most people:
    - because they started it a long time ago, and there weren't many chipset available. Freescale iMX8 was about their best option back then and that CPU is at best "lack-luster".
    - now with the production delay they are releasing even later than expected and the CPU will seem even less adequate compared to other hardware on the market.

    You'll end up with a platfrom that not many will like, except for the most hardcore people who are ready to trade the extreme openness of the platform (no blobs at all on the main system, modem on completely separate M.2 removable module talking over standard protocols) for absolutely else (large form-factor, price, performance, availability - even app eco-system: afaik (but I might be mistaken) there isn't some android app compatibility layer - e.g. Anbox - available on that phone yet)


    I would love to have a "combo" :
    Something as freedom thinking as purism, as cheap while opensource and semi-decent performance like PinePhone, with a nice and polished GNU/Linux OS like Sailfish, and modular and fair/eco-conscious with devent performance like a Fairphone.
    (And I'm not even interested in the form factor. I happen to be born with gene giving me oversized hands, so I'm quite happy if the phone is a large slab).

    But that's a ginormous amount of constraints, that not a single company is able to realistically tackle on their own.
    If money was infinite, maybe, but not in the real world.
    Even more so given that 99% of users aren't giving a crap about these weird features. All they want is thin, cheap and fast.
    So the economy of scale only happens in these phone, not in my "dream combo".

    So I'll have to pick a compromise (and in my case, it's running Sailfish on a Sony Xperia XA2).

    Originally posted by blackiwid View Post
    Jolla had enough time to opensource their shit, if they didn't do it till now that was a active decision to keep stuff proprietary for evil reasons.
    Jolla is currently operating on a shoe-string budget and is just managing to sell enouhg license (mostly to business, but also to Sailfish X users) to meet the ends and stay affloat.
    They don't have the ressource to pay the extra man power to make sure that the open-sourcing goes smoothly while at the same time while keeping all their corporate licensee happy (and even less headroom to finish reimbursing the second half of "the scam" - common, let's be real, how many companies to even do the first half vs. "run away with the money" as real scams go ?)
    Even things like just upgrading the core system (GCC, LibC) enough to be able to update their browser (more modern Gecko engine) takes ages (but have started and might further progress with the updates planned for early 2020).
    Most of their investors (the business licensee) aren't even interested in the opensource (they're quite happy with the current status) and would be unhappy if Jolla "wasted" the money ressource they are paying on features that don't interest them.

    Whenever you fit in one of the niche I mentionned above (open hardware, opensource OS, modular fair/eco hardware, etc.) you're in a very tiny niche, there are very few users interested in, the market is small there isn't that much money:
    Thus it isn't a surprise that most of these company are small:
    Purism, Pine, Fairphone, Jolla, etc.
    Or even only loose community that aren't very active:
    UBTouch, LunaOS, etc.

    Originally posted by blackiwid View Post
    4. Yes the hardware is also hard to do, but it's solvable especially if you don't care about 100% free software and modem separation etc. As hard as hardware is to do, software for those things is harder.
    Pine has extensive experience shipping embed hardware, mostly SBC (where a lot of the engineering is closed to phones and tablet) and even they have suffered multiple draw backs that they have extensively documented on their blog and forums.
    They have the advantage of being extremely open and good at communitcation, and they have constitued a strong community thanks to multiple past success, that will be understanding.

    Raspberry foundation is the giant mamoth of SBC, and even they are suffering from problems at each new generation (borked charging port on Pi4, "flash-shy" charge manager on Pi2, etc.)

    If you think hardware is so simple, why don't you start your own crowdfunded campaign ?
    My prediction: 99.999% chance you'll fail and half of the internet will pile on you accusing you of being a scammer. Not because of your incompetencies, just because hardware is hard, and you'll hit multiple problems along the line (including manufacturer droping out support and availability for your main central chip of your project).

    Originally posted by blackiwid View Post
    2. You claim that android is not free because of Google play, yet you don't need it, I USE android without Google play and it runs fine, still has more functionality with it (more running apps) than Jolla as example. You imply that google play services or any replacement is needed but it is not, it's a perfectly functional system without it.
    huh... Sailfish runs more or less the same apps. It also has a Google-Play-less android compatibility layer, you know ? on XA2 and 10, the layer is compatible with apps targetting AOSP/Android 8.1 (Okay, that layer is proprietary and will *remain* closed souce)

    The problem is that nowaday a lot of the common apps are utterly addicted to Google Play Service. Without those, you're limited to a couple of app whose developper have gone to great lenght to make sure they run without, and you'll still be missing functionnality (e.g.: WhatsApp and Uber are able to run bare).
    Most of the critical day-to-day application (e.g.: banking) are going to be non functionnal on your stack.

    Using purely the opensource part of AOSP severly limits you in which app do work and is far from what the majority of users expect.

    Originally posted by blackiwid View Post
    5. I understand their idea that the community should write the software in history it just never worked. I bought a Cubitruck back in the past there existed a demo or for some players video acceleration worked that was I don't know 5 years ago if not longer NOW they got finally reasonable video acceleration stack.
    I haven't heard about Cubietruck. That just shows you how large and active its community is.

    People just completely under estimate the power of the Raspberry foundation (and to a smaller extente, effort such as Pine's).

    The actual hardware is only half of the story.
    Managing to gather and keep long-term a very active community is at least as important.

    (And even the Cubieboard has armbian ports running on mainline kernel).

    Regarding AMD: you clearly haven't been paying attention to the whole development of the drivers, despite the meticulous reporting by Phoronix (thanks MIchael !)
    Driver development started even before specs, mostly reverse engineered back than. The limitation has always been the speed at which specs and reference code got cleared through the legal department at AMD.
    Having devs on AMD's payroll certainly help, but it's far from being the main limitator.

    Originally posted by blackiwid View Post
    6. so expect the Nokia thing everything I said is true, you don't like my framing of the truth, because you make excuses for not making everything free, but factual I said nothing wrong.
    I'm just a little bit more warry of what happens when you hit the hard reality of the world.
    Having worked on some project where I have gathered relevant experience (developping software distribution for scientific HPC), I know that if you want to be real you need to make tons of compromise and find the right balance.

    Originally posted by blackiwid View Post
    that's close to criminal if their would be any evidence that they could know that before they did it they would probably go to jail.
    You know how crowdfunding works, right ? You're not *buying* a *finished product*, you're investing money into a project and hope they'll manage to complete. Setbacks happen and sometime there are big delays or even project getting cancelled.
    Sucks to be you, but you invested in a not very viable product. Short of stealing the money and running away with it, it's not illegal, it's just the hardships of trying to bring a project to completion despite all the unexpected problems that you'll encounter along the way.

    Originally posted by blackiwid View Post
    it's still worse than anything that Librem ever did, and they got less hate for it.
    I'm not hating Librem. I am just point that doing this type of thing is hard, doubly so for then because they want *everything* - both hardware and software - developped inhouse from scratch. This is guaranteed to bring tons of unexpected delays.
    This will force them to release much later than expected, and their final hardware to look completely craptastic compared to anything else in the same market, while costing an arm and a leg (because they need to cover all the R&D, while having very small numbers).

    On the other hand, I totally understand that for some people (not me, though) the premice of having such open hardware and software as *so* critical, that these people are okay tolerate the expensive price and lackluster hard for it.
    (I can understand, I felt attracted to the original OpenMoko despite it having nearly all the same drawbacks - I just had more expendable income).


    Succesfully finishing a hardware project is hard, tons of setbacks are going to pop-up. At some point some compromise are going to be needed.
    You'll need to lower your expectation, either at the current state not being perfect (I'm okay with only half-open Sailfish running on android drivers) or being okay to wait an enternity and final product looking like crap compared to everything else despite costing an astronomical price (which is probably what you're going for. Good for you if that balance point makes you happy).

    Comment


    • #32
      I'm looking forward to their "Chestnut" phone. As in, Librem 5 MKII.

      I'm tired of all of these privacy intruding phones and apps. I just want something that can do what a normal smartphone can and I can do without candy crush and fappy bird.

      Comment


      • #33
        Originally posted by DrYak View Post
        ....
        1. Releasing a OS as Opensource that you have created is very simple you put in a Lisense file with a copy of the gpl make tar.gz out of it and put it on your website or put it on github or another site you like. That takes at worst 1 hour. If it's harder than because you intentionally made your product proprietary in the past for evil reasons, and if it's hard for whatever reasons don't advertise with you wanting to opensource it. If you have in mind that it will take 10-100 years communicate that clearly, then everybody knows you are full of shit and we can go forward, but I learned my lesson if people promise to make something opensource later but not now it will guaranteed never happen there is no example I know of where such promises ever happend. Well I am not correct they did it with orgzly he did make it open probably the numbers of sells gone so low that he thought it would not matter anymore. But he teased it for months if not years. If he would have sold more it would have stayed proprietary forever I am sure of that.

        2. You bring up Whatsapp always but if you install that privacy invading proprietary software it does not matter that you have to install google play services you have given up your privacy already. So then all the proprietary os stuff doesn't matter anymore if you need whatsapp at anny cost buy a random android phone and you are good to go.

        3. When I said hardware is easy than of course as comparison to software. There are tons of small projects that did it succesfully often with only 5-10 people or so. There is some similar company to fairphones that released 3 phones already and hand full of people, in germany, Jolla, fairphone many others. But there is 0 Companies that created a 100% free operation system so far that don't needs proprietary drivers from android. Therefor that is the harder part else that would also been done 10 times already.

        4. having no privacy on this devices makes them unusable for me. I have notes, I don't trust any phone enough to put them there,

        5. I can separate my opinions from what I want, just because for me a product let's say the new 16 core AMD processor is not good because I don't need that for anything I do, I don't say it's a bad product. Therefor I currently not need a expensive Smartphone even if it would be the best hardware available I would not need such a smartphone from librem. I am cheap but I don't attack them for not presenting a cheap phone, what they deliver is exactly that a software basis for multiple phones and a device I might buy in 2 or 4 years used on ebay. who knows. It might as well run on that Pinephone. But the software is the important part, that is with arm always the hard part.

        I don't even need a modem I can use my cheap phone for mobile phoning and for the rest there is wlan, including sip calls or something like that.

        If you don't need privacy again then I don't see what's the problem with every android phone? Why not buy a cheap 50 dollar phone on ebay or 200 dollar on amazon and you are good to go, or if you think Android sucks to much buy a Applephone. The reason you don't want to use this products is simple privacy but if you install whatsapp that is gone...

        6. btw the Fairphone 1 was Mediatek as far as I remember so the vendor that has the worst software support of all of them, and they choose such vendor for a product that should be used by people longer than normal smartphones very clever.

        Comment


        • #34
          Originally posted by blackiwid View Post

          You are a hateful person that only can insult people in every comment block your garbage from now on, bye.

          Fuck is there no filter option in this forum?
          Look. Don't worry.
          danmcgrew is just a poet who has a profound passion to hatred and selfishness.

          Comment


          • #35
            Originally posted by blackiwid View Post

            You understand the name right? "Librem" it's a play on the name Libre aka Free software. And it's clearly privacy focused you pay a high price for that, and then you want to install a whatsapp? and make it again a spydevice. You don't need such expensive device if you give a shit about privacy. Buy a good android phone install some debian starter or whatnot and you are good to go.

            Librem never advertised their product for your needs (whatsapp) so why do you expect them to deliver that?
            So, lets get back to what a "phone" means. Communications tool. Your concept of "privacy" means, well, it means virtually unusable, and can't communicate with anyone. At this point, just don't carry a phone,

            Using the whatsapp network doesn't imply running their app, and as always there are privacy mitigations you can do. This is entirely no different than the phone network itself, which all phones are giant spy devices.

            So for your needs, just stop carrying a cell phone or anything else with a TX radio on it because that too is a spy device, in an exact apples to apples comparison, nonetheless.

            For the rest of us in reality, there is mitigation, based on threat model and then needs. If everyone you talk to is on signal, slack, whatsapp, or even just the POTS/Cell network which somehow you gave a free pass, you gotta be there too, otherwise, what is the phone for? Uh? Comms.

            At least back 20 years ago, on the desktop, we had projects like GAIM, later pidgin, than made a free, relatively trusted chat client that replaced the multitude of various proprietary ad-based IM networks and eventually ran on all of them. Later, pidgin strapped on OTR, so even relative privacy and security on AIM was possible.

            But you are right, I am good with lineage on android, for now, because fools like you don't understand mitigation, or even proper threat modelling.

            Comment


            • #36
              Originally posted by blackiwid View Post
              1. Releasing a OS as Opensource that you have created is very simple you put in a Lisense file with a copy of the gpl make tar.gz out of it and put it on your website or put it on github or another site you like. That takes at worst 1 hour.
              Oh, sweet summer child, you've apparently never worked on any project that is larger than your home-made 10-lines Perl script that you published on Github (or even Gist).
              In any company/corporate settings, you'd need to run the whole thing past legal department, who has to make sure that they actually have the right to do so, which implies tracking who has written what and check which external resource you're relying on.

              Also you need to make an official policy out of it, and make sure that your past clients won't complain of the sudden change of licence (imagine some B2B partner complaining that they paid licensing fee for something that is now free software), and make sure that marketing is okay with that too (what are we going to sell to our B2B customers ?), etc.

              It's not a blocker in Sailfish' case (it's clear: the actual proprietary commercial goodies are the Microsoft Exchange Server interop, the Alien-Dalvik android app layer, and the T9 predictive. Nobody is going to complain if the lipstick or mail client gets opensourced). But it's still probably a week worth of work. A week which needs to be squeezed into the schedule of a very small team that doesn't have much slack.
              Which could probably lead to:
              - B2B clients wondering why Jolla wastes money on doing "useless" work and not working on the feature that they ask, and they pay for.
              - Crowdfunding troll wondering as usual, why Jolla is wasting money on the payroll of legal and devs, instead of of blowing all the money they have exclusively onto refunds (and go bankrupt as a consequence of not having any money left to continue business).

              It will come eventually, but is a very bottom priority. Even more so since the actual code present on your smartphone happens to be human-readable anyway, and thus you can already hack it and write all the PatchManager patches to your heart's content anyway.

              Worse case, keep in mind that it took a decade for AMD between the moment they bought out ATI and announced they were planning to opensource and nowadays when finally the whole stack is opensourced.

              Originally posted by blackiwid View Post
              If it's harder than because you intentionally made your product proprietary in the past for evil reasons, and if it's hard for whatever reasons don't advertise with you wanting to opensource it.
              Reasons, such as deciding to consider some parts of your product "business intelligence" and keep it closed to have some commercial advantage, in order to have something to sell, in order to earn money, because at the end of the day you need to pay your staff, so they don't starve.

              Case in point:
              - see all the opensource project which have both an "EE" (Enterprise Edition) and "CE" (Community Edition) with feature slowly percolating from the former to the later over time. Eventually it's going to be opensourced, but right now it's considered a business distinguisher.
              - apparently, that was the major hindrance that slowed down GPU driver opensourcing effort. It's not only 3rd party middleware, it's also needing everyone (legal, marketing, heads, and investors) to agree to letting go some "secrete sauce" exclusivity.


              Originally posted by blackiwid View Post
              but I learned my lesson if people promise to make something opensource later but not now it will guaranteed never happen there is no example I know of where such promises ever happend.
              AMDGPU, Blender, StarOffice into Open/LibreOffice, any opensource product with distinct "EE" and "CE" (Docket, Gitlab, etc.)
              and that's just off the top of my head.

              Originally posted by blackiwid View Post
              2. You bring up Whatsapp always but if you install that privacy invading proprietary software it does not matter that you have to install google play services you have given up your privacy already.
              That's typically the type of rants where your friend will just roll their eyes, stop listenning to you and keep on using Skype, Facebook Messenger, Vibe, WhatsApp, Snapchat, Tiktok, etc. (depending on age group / generation) because that's where all their friends are.

              check "s://lmgtfy.com/?q=network+effect&s=dhttps://lmgtfy.com/?q=network+effect&s=dNetwork effect"

              At that point you're left with two choices:
              - find a way to get absolutely *all your friends* to move to a "better" platform "with more freedoms" such as Matrix (and be ready to fight against their complains that your proposal sucks great time, because it's ugly, not all the friends are there, has bugs, doesn't have feature that they consider absolutely vital for them (= stickers), and it looks like crap) be ready to lose some friends in the upcoming fights.
              - stay by your principle, refuse to use the same platform as everyone and be left out of most conversations and other socializing (Yes, socializing at the pub around some beer is the best form of socializing, but for that you need to get invited to the event. Most of your friend will get bored from needing to contact you personnally, or will completely forget that you can't get the group messages).
              - try to find compromises (the few apps you can avoid go in a special container - such as Aliend-dalvik, or other examples such as Anbox, Spur-V, etc. - with as little spying as possible inside - microG instead of Google Play). It's not perfect, but it's the compromise that let you use your favorite OS (Liberm 5's Pop-OS ?) while at the same time not losing contact for those of your friends who aren't ready to jump through tons of hoops just to please that weird guy with bizarre strong principles.

              And that's only the communication channels.

              Then there are all the apps that are mandatory in everyday life: 2-factor authentication used by banks, payment apps, apps used for public transportations, etc.

              Some have cumbersome alternative path, but I prefere to compromise in having the app working for me.

              Originally posted by blackiwid View Post
              But there is 0 Companies that created a 100% free operation system so far that don't needs proprietary drivers from android. Therefor that is the harder part else that would also been done 10 times already.
              (Actually: Openmoko FreeRunner is the historical example, and PinePhone has already shipped to devs).

              But yeah that's hard because you need to make enormous sacrifices:
              - you're going to need to restrict a lot regarding chipsets
              - you'll end up with a device that cost a lot per-unit (because there is very little demand for your peculiar thing and you don't get scaling benefits)
              - you'll end up with a device that has crappy performance, compared with what everybody has on the market (even further lowering the demande) because that's about the only chip for which your can have opensource drivers.
              - you'll earn very little money and will run out of dev funding before you could make a nice OS that is wort considering. Your OS is going to look half-arsed and even less people are going to be interested into it.

              Don't get me wrong, I understand why *for you* the above are acceptable compromise in the name of freedom (after, again, I did buy an Openmoko NeoFreerunner).

              The difficulty that Purism is facing is that they try to tackle all of the above at the same time, with a small team, on a shoestring (given the whole task) budget.

              At least Pine has it easy, because they have been tackling the opensource friendly hardware for years, they have plenty of experience and a very active community, and for them, making things like the PineBook Pro, PinePhone and PinePad are just little incremental improvement on stuff they already have worked upon.
              And they'll leverage 3rd party OS - so they don't need to directly pay for that neither, thus they can keep everything dead chip (~200, ~150 and ~100 USD respectively).

              Jolla, UBTouch and LunaOS went a different route, they concentrate on making a nice looking OS and all leverage libhybris for now,.

              Originally posted by blackiwid View Post
              4. having no privacy on this devices makes them unusable for me. I have notes, I don't trust any phone enough to put them there,
              There's a whole continuum between a locked phone with "modem as northbridge" and a separate airgapped Tails Linux Laptop in a Faraday cage in a well defended basement.
              Some people choose other compromise points along the continuum.
              Currently, having to tolerate a Qualcom chipset (whose northbridge runs code which was partially sent straight out of the Telco) is "good enough for now" for several people. For those for who it isn't, there's either the overpriced Librem which is going to be eventually released somewhere next year once they get everything in place. Or the you can start following and fetch the "Brave Edition" batch of the PinePhone - (the "Dev Edition" and previous devkits have already been availabl for some time and you can find OS in various state of readiness).
              (Also, in Sailfish's case, the Note app is entirely QML+Javascript. You can as of today check if it's doing anything nefarious with your data)

              Originally posted by blackiwid View Post
              Therefor I currently not need a expensive Smartphone even if it would be the best hardware available I would not need such a smartphone from librem. I am cheap but I don't attack them for not presenting a cheap phone, what they deliver is exactly that a software basis for multiple phones and a device I might buy in 2 or 4 years used on ebay. who knows. It might as well run on that Pinephone. But the software is the important part, that is with arm always the hard part.
              I am not *faulting* Librem for being extremely expensive and complete lackluster perfs. These are just the consequences of the goals that Purism have set for themselves, and said goals are pretty steep and highly ambitious (tackle everything at once, all done inhouse).
              Just saying that for a lot of people that is too much.

              Originally posted by blackiwid View Post
              I don't even need a modem I can use my cheap phone for mobile phoning and for the rest there is wlan, including sip calls or something like that.
              (Note: I was very late on the Smartphone bandwagon for the exact same reason - kept a battered old Ericsson phone for calling + modem functions for years, and used separate deditacted devices for the smart part - PDAs - though not opensource in my case : I most ran PalmOS)

              Originally posted by blackiwid View Post
              If you don't need privacy again then I don't see what's the problem with every android phone? Why not buy a cheap 50 dollar phone on ebay or 200 dollar on amazon and you are good to go, or if you think Android sucks to much buy a Applephone. The reason you don't want to use this products is simple privacy but if you install whatsapp that is gone...
              Different compromise points on the continuum of solutions.

              You're an "all or nothing guy". Lots more people are "Good enough for now and a right step in the right direction".
              Specially on extremely complex stuff like mobile hardware, where there are lots of baby steps involved.

              (Also, I never had an Android phone, I jumped straight to GNU/Linux based phones: Openmoko (as a backup), then Palm/HP webOS (main driver) and Sailfish now.
              So for me the OS part is a no brainer. For the rest - access to Android eco-system, semi decent hardware, etc. - I chose my compromises differently.)

              Originally posted by blackiwid View Post
              6. btw the Fairphone 1 was Mediatek as far as I remember so the vendor that has the worst software support of all of them, and they choose such vendor for a product that should be used by people longer than normal smartphones very clever.
              and also Fairphone 1 was a lot less modular than subsequent iterations.

              but that chip was about the cheapest that they could manage, and the overall design was good enough, which enabled them to ship, while keeping price low.
              Thus enabling them to ship a somewhat attractive (though not perfect) product and thus sell, earn money that they could then invest into a somewhat better product (chipset with slightly longer support, more modular, etc.)

              baby steps.

              Comment


              • #37
                Originally posted by GI_Jack View Post
                Using the whatsapp network doesn't imply running their app,
                Actually, it does: WhatsApp is actively fighting and banning any attempts to NOT use the official client.
                but as you say

                Originally posted by GI_Jack View Post
                and as always there are privacy mitigations you can do.
                Yup.

                Originally posted by GI_Jack View Post
                This is entirely no different than the phone network itself, which all phones are giant spy devices.
                for most phones with "Cell modem as chipset's Northbridge" configuration (mostly Qualcomm's stuff).

                For the few projects that try to have the modem as a separate, switchable component, that only talk over standard protocols, the phone isn't necessarily.

                That's what Librem tries, but at great cost (because they do the whole software stack at the same go).
                That's also how Pine builds their products (though in the Pinebook Pro's case, it's the firmware running inside the keyboard controller that switches relays on and off on key presses, no actual physical switches).

                Originally posted by GI_Jack View Post
                For the rest of us in reality, there is mitigation, based on threat model and then needs. If everyone you talk to is on signal, slack, whatsapp, or even just the POTS/Cell network which somehow you gave a free pass, you gotta be there too, otherwise, what is the phone for? Uh? Comms.
                Yup, the tyrany of the network effect.

                Originally posted by GI_Jack View Post
                At least back 20 years ago, on the desktop, we had projects like GAIM, later pidgin, than made a free, relatively trusted chat client that replaced the multitude of various proprietary ad-based IM networks and eventually ran on all of them. Later, pidgin strapped on OTR, so even relative privacy and security on AIM was possible.
                And there was some hope with protocols like XMPP/Jabber but:
                - Facebook dropped it, in favor of some XML/JSON hybrid monstruosity of a webapp (but Eionrob managed to make a plugin for that, and you can use libpurple plugins in most modern smartphones).
                - Google still keeps their gateway, they just aren't federating with anyone else and only use XMPP as a limited outside access to whatever their chat platform du jour is (hard to follow, they seem to start a new one and shut down an older one every few months)
                - WhatsApp progressively converted it into a barely recognizable binary-XML derivative, and now is only a few inches short of dispatching deadly ninja-assassins on anyone daring not to use the official client.
                - Skype replaced one proprietary protocols (the hardly reverse engineered "Frasttrack peer-2-peer"-like binary Skype) with another one (again some XML/JSON horrible contraption similar to Facebook) but again Eionrob has managed some mitigations.

                Most of the modern stuff (Slack, and co) insist on you using their websites, but at least there are plugin which managed to get most of the stuff out.

                Comment


                • #38
                  Originally posted by GI_Jack View Post

                  So, lets get back to what a "phone" means. Communications tool. Your concept of "privacy" means, well, it means virtually unusable, and can't communicate with anyone. At this point, just don't carry a phone,
                  Well that is fine if you don't like the product and idea of the Librem phone don't buy it but don't complain that a butcher don't bakes you your bread you think is better that the meat.
                  Originally posted by GI_Jack View Post

                  Using the whatsapp network doesn't imply running their app,
                  Mostly it does but if you have a good port that works somewhere and keeps working and don't get incompatible by every update Whatsapp makes then I could see that point. But I hope you don't expect Purism write such a hack software to advertise for evil proprietary protocolls?


                  Originally posted by GI_Jack View Post
                  and as always there are privacy mitigations you can do. This is entirely no different than the phone network itself, which all phones are giant spy devices.
                  But with Librem you can shut that off, I also think a phone without Modem would be a good thing, I don't need it, I have at home, at work and in public transportation and in Restaurants wireless lan, I have a SIP contract that let's me call normal phone numbers (I think it's called gateway?) and why do I need then normal wlan. If SIP would be supported native and I don't have to install 20 sip clients in my garbage Android that all have different bugs.

                  Originally posted by GI_Jack View Post
                  So for your needs, just stop carrying a cell phone or anything else with a TX radio on it because th
                  at too is a spy device, in an exact apples to apples comparison, nonetheless.
                  Yes you have to do small compromises libreboot isn't perfect yet but I rather have a small bios that is a blob than a complete spy-os on the modem or proprietary apps that just run in userspace and can do everything they want.

                  Originally posted by GI_Jack View Post
                  For the rest of us in reality, there is mitigation, based on threat model and then needs. If everyone you talk to is on signal, slack, whatsapp, or even just the POTS/Cell network which somehow you gave a free pass, you gotta be there too, otherwise, what is the phone for? Uh? Comms.
                  For this "rest" Librem is not the right address, just say ok that is not made for me, no reason to thate them for that, they never advertised to make a product for you and all is fine, right?

                  Btw if the Industry would not have decided that people don't need PDAs anymore I would likely buy such a device, if I need phoning or mobile internet I buy a externel modem or a cheap smartphone that I can let home but still would have my pda with all my data on it.

                  The phone replaced so much shit that it is much more than a phone and it's not only communicating, people make photos with it and not all send them to social media some keep them only for themself. Some use it for navigation also no need to communicate at least sending data.


                  Originally posted by GI_Jack View Post
                  But you are right, I am good with lineage on android, for now, because fools like you don't understand mitigation, or even proper threat modelling.
                  I am just not willing to compromise on 10% freedom / privacy I rather get to 99% if 100% is not possible, and when you have Lineage and that is secure / free enough for you then fine... for me it is currently too. But I have a sticker on my tabletkamera and I don't load any real private data on it, Sure my mail but this companies sell the mail anyway so I don't consider my mail private anymore.

                  Sure you can't always get 100% of what you want, but if I am ok with this Mitigation I don't see the problem with lineage os? We don't need a 1:1 copy of lineage os just with another company name.

                  Comment


                  • #39
                    Originally posted by DrYak View Post

                    Oh, sweet summer child,
                    just because you disagree with somebody you dont' have to be condescending.

                    Originally posted by DrYak View Post
                    you've apparently never worked on any project that is larger than your home-made 10-lines Perl script that you published on Github (or even Gist).
                    That is true if you have a old big company and you did it proprietary from the start, but if you are a new small company and write your own OS, why would you even allow proprietary software and not even that so much of them that you can't fast replace that code or release it as opensource? If you write your own code as a new startup why would you have to look for legal shit. Amd got it done, sure they could have made their driver code faster better, but they released after decicision pretty fast a functioning driver in months maybe 1 year? If you can't get to opensource version don't advertise with it. If you say we want to opensource everything and you know that will take you 10 years but you omit that fact, you are a evil peace of shit liar.


                    Originally posted by DrYak View Post
                    Also you need to make an official policy out of it, and make sure that your past clients won't complain of the sudden change of licence (imagine some B2B partner complaining that they paid licensing fee for something that is now free software), and make sure that marketing is okay with that too (what are we going to sell to our B2B customers ?), etc.
                    Why change? That was a new company why not start with that policy? There is no reason except you are a evil deceisive peace of shit.


                    Originally posted by DrYak View Post
                    It's not a blocker in Sailfish' case (it's clear: the actual proprietary commercial goodies are the Microsoft Exchange Server interop, the Alien-Dalvik android app layer, and the T9 predictive. Nobody is going to complain if the lipstick or mail client gets opensourced). But it's still probably a week worth of work. A week which needs to be squeezed into the schedule of a very small team that doesn't have much slack.
                    Which could probably lead to:
                    - B2B clients wondering why Jolla wastes money on doing "useless" work and not working on the feature that they ask, and they pay for.
                    - Crowdfunding troll wondering as usual, why Jolla is wasting money on the payroll of legal and devs, instead of of blowing all the money they have exclusively onto refunds (and go bankrupt as a consequence of not having any money left to continue business).
                    Why then advertise it? If it was clear that you can't do it because of the reasons you listed?

                    Originally posted by DrYak View Post
                    It will come eventually, but is a very bottom priority. Even more so since the actual code present on your smartphone happens to be human-readable anyway, and thus you can already hack it and write all the PatchManager patches to your heart's content anyway.
                    You had nearly 7 yeras so far, and it's now on low priority so you will very very unlikely after 10 years have it more likely 15 years or never. Why would you not say "we have no plans to do that in near future"? In your FAQ with the first phones? Because you wanted to trick people in buying it because they believe that will change. And if you now would do it, it would be because Librem becomes competitive and you feel pressured to do it. Else you argued very well why you will never do that, the reasons you listed will never change, so why should you do that ever?


                    Originally posted by DrYak View Post
                    Worse case, keep in mind that it took a decade for AMD between the moment they bought out ATI and announced they were planning to opensource and nowadays when finally the whole stack is opensourced.
                    They had a usable Driver for most of that time, where is the LineageOS version of Sailfish os? Not existend? Well than obviously it's more unfree than Android, the market leader... so you attack the market leader with a more closed up software? That's sounds reasonable... You live in a strange bubble.

                    Originally posted by DrYak View Post
                    Reasons, such as deciding to consider some parts of your product "business intelligence" and keep it closed to have some commercial advantage, in order to have something to sell, in order to earn money, because at the end of the day you need to pay your staff, so they don't starve.
                    So you admit that you did lie. You at least implied that you had intentions to opensource it but they were never really honest, and what I said evil reasons kept you from doing so.


                    Originally posted by DrYak View Post
                    That's typically the type of rants where your friend will just roll their eyes, stop listenning to you and keep on using Skype, Facebook Messenger, Vibe, WhatsApp, Snapchat, Tiktok, etc. (depending on age group / generation) because that's where all their friends are.
                    That's why you (or at least I) never try to convince such folks of anything, as long as I don't have to admin it use the biggest garbage you want, you will just not talk to me over Skype... I have one friend that installed as example Wire. Which is not only clientside opensource + over browser possible but the server side stuff is also on github, so if they go complete nuts somebody can fork them.

                    And my father... and if my brother would want to communicate more with me he would also install that software I had even a phone interview over Wire, but usually they are fine with fallback to phone. And if they would pay me and give me a work laptop I would on that use skype if they want to I guess. If that would be the only problem with that company

                    Originally posted by DrYak View Post
                    - stay by your principle, refuse to use the same platform as everyone and be left out of most conversations and other socializing (Yes, socializing at the pub around some beer is the best form of socializing, but for that you need to get invited to the event. Most of your friend will get bored from needing to contact you personnally, or will completely forget that you can't get the group messages)
                    .
                    I am fine with that, sms is still working and most people have 500 free sms or email, or phoning... xmpp is still alive wire...
                    Originally posted by DrYak View Post
                    - try to find compromises (the few apps you can avoid go in a special container - such as Aliend-dalvik, or other examples such as Anbox, Spur-V, etc. - with as little spying as possible inside - microG instead of Google Play). It's not perfect, but it's the compromise that let you use your favorite OS (Liberm 5's Pop-OS ?)
                    That's the difference between you and me, I am no fanboy of a OS I use Software because of it's freedom.

                    And it goes far over using, I thought about writing 1 or 2 apps for my smartphone had the idea to scan barcodes to send them to my pc/server. With android with buildin automation tools hard to do at least with free ones from f-droid. So I would have to program something. Then I thought will I do that for Android A it's privace shit and B you only have Java mostly and I hate Java. so no, then whatelse buy a cheap phone for ubuntu touch? that also is not freedom focused and writes some c++ apps? No, I don't take part in such evil projects. I just don't have that tool, I don't really need it actually I type in with a half automated emacs tool my shopping items. But there I only track what I buy not what goes in in my fridge and out. But good enough.

                    You need a 100% gnu free software base to see good programs and that you can port or just use very easily 1:1 desktop software, and not some bullshit that is c++ and qt only


                    Originally posted by DrYak View Post
                    Then there are all the apps that are mandatory in everyday life: 2-factor authentication used by banks, payment apps, apps used for public transportations, etc.
                    I don't need to do banking with my phone, credit card and computer is good enough. Public transportation can be done in the browser, I refuse to use a proprietary app to buy that. Or you can print out the ticket at home. in cities you have automats that accept cards and coins.



                    Originally posted by DrYak View Post
                    Some have cumbersome alternative path, but I prefere to compromise in having the app working for me.
                    Fine why do you then not buy a Iphone or a Android phone? You are a fanboy of a alternative OS because you like the buttons or the background or the animations better?

                    Originally posted by DrYak View Post
                    - you'll end up with a device that cost a lot per-unit (because there is very little demand for your peculiar thing and you don't get scaling benefits)
                    first Car with Airbacks cost probably also a lot.


                    Originally posted by DrYak View Post
                    - you'll end up with a device that has crappy performance, compared with what everybody has on the market (even further lowering the demande) because that's about the only chip for which your can have opensource drivers.
                    It's their first generation... they even anounced when gen2 is coming (even the date is surely not 100% fix) even the first Android phone was pretty shitty and badly priced.

                    Originally posted by DrYak View Post
                    - you'll earn very little money and will run out of dev funding before you could make a nice OS that is wort considering. Your OS is going to look half-arsed and even less people are going to be interested into it.
                    That this will not be a mass product is clear the same is true for the other opensource phone 99% of people don't care about that products you operate in a nische nobody expected something else. Having small market share doesn't matter that much.

                    Originally posted by DrYak View Post
                    The difficulty that Purism is facing is that they try to tackle all of the above at the same time, with a small team, on a shoestring (given the whole task) budget.
                    Yes and they made a crowdfunding campaign and aparently enough people were interested, that they think it works out. And they did great things, so far, made gnome accept phone specific upstream patches etc. if it does not work out fine, then we are at point 0 and phones are as horrible as they were before for the next 30 years. I buy then probably something like this reworked psion and use that as pda and keep my 30 euro cheap android phone for the moments where I need to make telephone calls.



                    Originally posted by DrYak View Post
                    At least Pine has it easy, because they have been tackling the opensource friendly hardware for years, they have plenty of experience and a very active community, and for them, making things like the PineBook Pro, PinePhone and PinePad are just little incremental improvement on stuff they already have worked upon.
                    The problem is that even if they get 100% of the drivers working this funny what's it called OS they primary target is really no usable Os not even remotly it's just a 1:1 desktop linux.



                    Originally posted by DrYak View Post
                    And they'll leverage 3rd party OS - so they don't need to directly pay for that neither, thus they can keep everything dead chip (~200, ~150 and ~100 USD respectively).
                    We have no crystal ball, but I bet that Librem will be able to deliver first a functional os and even if you want things like whatsapp support I doubt that Pine can deliver that, too. Except you install Android on the phone but then what's the point of it? I mean maybe if you would install some sort of Replicant that could be kind of ok.

                    Originally posted by DrYak View Post
                    Currently, having to tolerate a Qualcom chipset (whose northbridge runs code which was partially sent straight out of the Telco) is "good enough for now" for several people.
                    It's even "good enough" because I have no other choice for me. But the Next phone must be better else I see no reason to buy a newer one... You have to draw a line in the sand eventually or you get compromised out of all your principles and all your privacy and rights eventually.


                    Originally posted by DrYak View Post
                    For those for who it isn't, there's either the overpriced Librem which is going to be eventually released somewhere next year once they get everything in place. Or the you can start following and fetch the "Brave Edition" batch of the PinePhone - (the "Dev Edition" and previous devkits have already been availabl for some time and you can find OS in various state of readiness).
                    Both get released next year a devkit is no phone. So don't pretent the Pine phone will be availible and usable faster. if the Release shedules not all get completely changed the Librem will be faster availible.

                    For me that is to expensive... but I don't hate stuff just because it's to expensive for me. I don't say Porsche sucks because I can't or won't afford it.

                    Originally posted by DrYak View Post
                    Just saying that for a lot of people that is too much.
                    The problem is that if you really want security and privacy you have to do it that way because if you only fix 1 or 2 layers and keep the others shitty they steel all your data through the weekest element of your phone. Therefor you have to design in from top to bottom all together.

                    I don't expect the phone be a huge success, but the software stack and some specs and experiences how to do stuff will survive probably in other phones in the future at least that is my hope. I mean that they pushed phone specific code into gnome upstream will stay a while. Even if Librem goes bankrupt in a year.


                    Originally posted by DrYak View Post
                    (Note: I was very late on the Smartphone bandwagon for the exact same reason - kept a battered old Ericsson phone for calling + modem functions for years, and used separate deditacted devices for the smart part - PDAs - though not opensource in my case : I most ran PalmOS)
                    If you need it for your job go for it, there you are paid to give up all your privacy in that role if the company are ok with other companies have so much information about their workers and their company. But it's my private data I don't do on such phones.

                    Originally posted by DrYak View Post
                    So for me the OS part is a no brainer. For the rest - access to Android eco-system, semi decent hardware, etc. - I chose my compromises differently.)
                    Again I don't see why not using Lineageos when it's more Opensource 100% without drivers than sailfishos. If I would not care about free software I would buy a probably older blackberry phone. There buildquality is ok and they have hardware keyboards. But because they are even more unfree than android phones (no unlockable bootloader) I have to ignore that.

                    I jsut never understand this ohh it's not google, therefor it's better that is not the messurement, the messurement is, how open is it, and if sailfishos or blackberry os is less opensource than Android then it's worse and Android phones really suck why would I pick even worse solutions over that?

                    Originally posted by DrYak View Post
                    baby steps.
                    That's like in normal politics, just let make in america as example health care a bit better let's get another 1% people get healthcare. No that is just not good enough, through people like me Android got so dominat because we technique guys said buy that, that is better than the other stuff and more free. Back then I didn't know that the Modem has a spyos on them that reads out the complete memory content and sends it to services. And I didn't know that it would change the world so drastically that people stopp buying computers and all the other shit. I don't support that. If we make no stand somewhere it all get's worse and worse year after year, I will not support taht anymore made to much compromises in the past. Of course we all do some compromising you can't survive I use proprietary OS in my car, I have no access to that etc. But the phone is like a personal computer and it's to private, it's like giving the state all your passwords and install a rootkit on all your pcs and give them access. I would not do that with my computers so why would I do that with my phone-computer?

                    Comment


                    • #40
                      Originally posted by blackiwid View Post

                      Sure you can't always get 100% of what you want, but if I am ok with this Mitigation I don't see the problem with lineage os? We don't need a 1:1 copy of lineage os just with another company name.
                      Here is the rub for this though. The sacrifice in functionality is almost complete, at the same time no word on more realistic threat model security.

                      What sort of secure hardware do they have? Do they print on secure silicon? do they have anything like hardware encryption, or tamper resistance? Does it have remote wipe? what kind of lockout procedures? What kind of kernel hardening did they do with the OS? How do they sandbox and set permissions per-app?

                      Yes, you have a hardware kill switch for the radios, which at this point, seems more fantasy than reality. Its great they removed the wifi modem from the CPU bus. That is only the beginning.

                      At the same time, by nature, it still must connect to that network. Again, with the issue that all traffic will be sniffed and location will be tracked. Again, mitigated, that precise location will not be available, and end to end encryption will mitigate the sniffing. Thats one step they did get right.

                      It looks like they missed most of the less intrusive steps right for some extreme paranoia, based on security memes and little more.

                      As far as hardware kill switches. That is slightly paranoid, likely software would have worked, and if the phone was pwn'd to stop a softkill from working, you'd have bigger problems. For a phone to operate period you are going to NEED to connect to the phone network at least sometime. They will see when you switch the cell modem off, and back on, and that alone is enough to generate heat on you. Sure they wouldn't be able to track your phone directly with the network, but if you really had something to hide from anyone with the resources to track you in that respect, they'll have you singled out for additional surveillance, NOT with your phone.

                      I also don't expect the security to be on par with modern versions of andriod as far as bug fixes.

                      So a lot of the privacy/security looks like a cheap gimmick with marginal utility. Exception being isolated modem. I was looking forward to this for a few reasons.

                      Easy service/user replaceable battery/radios. Batteries are cheap, and they are the first thing to go on an old phone. Having an old battery die on you is obnoxious, and I don't like always upgrading the phone? So, get that new phone battery for a mere $10? Yep. Sounds great. Same with modems. Brand spanking new standard that seems to be every 5-10 years? Yeah, no problem, just get a new modem. Need an upgrade for BT/wifi? Again, just unscrew the back and pop a new one in.

                      No issues with waste, or the even PITA trying to migrate all your data and user accounts. No shopping around for a phone with the features I want that also runs lineage. Known good model. It breaks, just quick cheap fix and carry on.

                      2. GNU phone. Yes, Android is linux, and there are plenty of commandline apts for it. However, I want a full GNU install, all the GNU utils, and a kernel that is compiled around the GNU userland. In addition, I'd like a standard mainstream distro like debian. Now it becomes a proper laptop replacement tool, and most desktop linux will work.

                      I had this with the n900 on both accounts.

                      Comment

                      Working...
                      X