Hacker News new | ask | show | jobs
by seba_dos1 1614 days ago
> that users of the Librem 5 phone are objectively harmed in three ways

That's not true though.

First: things that were done in order to move the blobs out of PureOS weren't hidden in any way, to the contrary - they were loudly announced as "steps towards RYF certification", describing exactly how that's supposed to work in public blog posts[0]. I can't see how that counts as "[users] unaware of the existence of the blobs".

Second: the blobs are perfectly accessible to anyone who wants to study them - not only you can download them from repositories online, but you can even access the flash where they're stored on your device; you can also read and modify the code that loads them. What's more - you can even bypass that loading mechanism and load them directly by yourself from the main CPU if you don't care about keeping the blobs out of your rootfs (and some alternative OSes do that already). Which gets us to...

Third: users do have the ability to replace the blobs. Not only can they run an OS that loads the blobs directly - they can even reflash the storage where the blobs are being stored. And no, no disassembling, special tools or weird hardware tricks are necessary - you can just lift the read-only lock purely in software (it's a one-line change to the device tree), which is there mostly to prevent you from accidentally shooting yourself in the foot than anything else.

You may disagree whether the additional effort that went into creating these solutions was worth it - and that's a valid opinion to have, but nothing's artificially locked out from the user, so nobody is "objectively harmed" by it. That part is just false.

Disclaimer: I work for Purism on the Librem 5.

[0] https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...
2 comments
ldarby 1613 days ago
How much engineering effort went in to this, instead of other improvements like reducing power consumption / increasing battery life?

I would have bought a Librem 5 but haven't only beceause of the power issues (which is same reason I didn't get a Pinephone).

link
seba_dos1 1613 days ago
Compared to other areas, I'd say "negligible" - but I wasn't involved personally (only joined the team later on), so take it with a grain of salt as it's not impossible that I'm missing something.

The M4 core was already there in the SoC sitting unused, it's not like it was added just for firmware loading ;)

link
toolcombinator 1613 days ago
The problem of course is that Purism markets the phone for security conscious people.

Not hackers who have the skills and impulse to mess around with binary blobs and microcode.

That’s dishonest.

Go take a look at the Purism’s website about the Libre yourself: “Security”, “peace of mind”, “digital privacy”.

You’re openly marketing the phone to regular people and businesses who care about privacy.

Nowhere on the site does it say: “BTW: We’re selling you a crippled phone because we wanted to get a fanatics approval. But if you study computer science you can fix that yourself!”

link
seba_dos1 1613 days ago
> Nowhere on the site does it say: “BTW: We’re selling you a crippled phone because we wanted to get a fanatics approval. But if you study computer science you can fix that yourself!”

Which is good, because it's not "crippled" in any way no matter how technical you are, and having a clear boundary between user's operating system and the hardware with potentially nonfree firmware can be useful even when you're not a "fanatic". Thanks to this boundary, whatever you download from PureOS repositories on the phone is known to provide you the four freedoms, with no exceptions.

Of course not everyone needs to value that, but at least that's the value proposition Purism is offering with PureOS.

link