Planet F-Droid

June 30, 2022

/e/ foundation

Leaving Apple & Google: All you need to know about App Lounge; Follow eFoundation and Murena news!

Leaving Apple & Google: All you need to know about App Lounge; Follow eFoundation and Murena news!

  • Deeper dive: App Lounge 
  • Follow eFoundation and Murena news!

With the release of /e/OS v1, came several new or upgraded tools and features helping you regain the control over your personal data when using your smartphone. That is why a few weeks ago we started a series of articles diving deeper into these /e/OS features so that you can make the most of each of them and better understand how they work.

Deeper dive: App Lounge

To continue this series, we would like to get your attention to our own application installer called App Lounge. We developed this tool to let you search and install any Android application, Open Source applications and Progressive Web Apps.

The operating system lets you run any Android app by default, so in the end you don’t have to trade off your privacy for usability. In App Lounge you will also find better application compatibility that we developed, for instance by improving SafetyNet support.

Learn more about App Lounge in our user documentation, in Medium and our community forum.

App Lounge is currently available only within /e/OS ecosystem, and we are working to make this a standalone app in the future.

If you ever missed our first article about Advanced Privacy, you can read it in our user documentation, in Medium and our community forum.

 

Follow eFoundation and Murena news!

Our project evolves and our newsletters as well. From now on, you can also subscribe to the Murena newsletter to receive news about Murena smartphones, Murena cloud, offers or new services.

What is the difference?

eFoundation newsletter, the one you are reading right now, is the one that you are already subscribed to. In this newsletter, we share news about /e/OS, our open source project, and eFoundation.

eFoundation and eOS have their own social media pages: on TwitterMastodonFacebook and LinkedIn

Murena newsletter is a new option. This newsletter is focused only on Murena smartphones, Murena Cloud and special offers concerning our phones, new collaborations and online services.

You can also follow and keep in contact with us via Murena social media pages:

on TwitterMastodonYoutube and LinkedIn

And last but not least, we have our common announcement Telegram channel and our support channel.

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at June 30, 2022 12:55

Tutanota

Goodbye Profiling. Hello Privacy.

In 2021 publishers and shops have started to use a cookieless tracking technology. It's based on your email and login information, so you should know about it. Especially as you are even tracked without login. But you can easily stop being profiled and tracked! Here is how.

June 30, 2022 00:00

June 28, 2022

Pine 64

June Update: Who likes RISC-V?

This month we reveal that we are working on a powerful and affordable RISC-V single board computer, discuss PineNote’s huge software improvements and provide updates on PinePhone, PinePhone Pro and Pinebook Pro’s availability. I am also taking the opportunity to let you know that, after 6 years of holding PINE64’s community manager post, I’ll be resigning from my position shortly...

Source

by Lukasz Erecinski at June 28, 2022 11:52

June 27, 2022

Purism

How to Challenge Big Tech with Privacy-First Alternatives

The market dominance of Big Tech companies like Apple, Google, and Facebook has shed ample light on how they (mis) handle consumer data. They own tons of personally identifiable information, which may be sold to third-parties at their discretion. Their products and services are designed-to-snoop on their users. It has taken them several decades to create […]

The post How to Challenge Big Tech with Privacy-First Alternatives appeared first on Purism.

by Yavnika Khanna at June 27, 2022 22:50

Privacy Browser

Why I Insist People Use the Forums and Issue Trackers

From time to time I come across people who are frustrated when I insist that they use the forums and the issue trackers to communicate with me regarding the project. Instead of having to explain my reasoning over and over again, I thought it would be valuable to post it here.

When I first started working on Privacy Browser, I had the attitude that I would meet people wherever they were to answer any of their questions. That initially worked, but as the project grew I realized there were some structural problem with that approach that disserved Privacy Browser’s users in ways I wasn’t expecting. I describe these below in what I consider to be their order of importance.

Public Transparency

One of the things that I think is important for maintaining trust in software that is designed to protect privacy and security is that, not only should the source code be publicly available, but also all the communication from the project regarding the reasons why decisions are made and the direction the project will take in the future. If users can be certain that all communication regarding bug reports and feature requests and decisions about which search engines will be included and who is funding the project are public record, it increases their ability to trust the project itself. If someone submits a feature request and I decline to implement it because I don’t think it is good for the project, everyone should be able to see the reasoning I put forth so they can make their own determinations as to if I am operating in the user’s best interests. If (this has never happened, but it might in the future) a user contacts me and would like to fund the development of a feature that is already planned for down the road, but that the user would like to pay to move up the list of priorities, any discussion about that should happen in the public sphere, so that everyone can make their own determination if that in any way compromises the privacy and security of the project or distorts my focus from the users’ best interests.

Only in rare instances can I imagine ever discussing significant aspects of the software I develop outside of public channels. For example, if a user has a security bug report that is not being actively exploited, it would be appropriate to communicate that via email, so that it can be fixed before bad guys become aware of it. In a case like that, after the bug is fixed and deployed, I would copy the text of the email communication into a bug report for public consideration. Recently I had email communication with Mojeek regarding a blog post they were writing about Privacy Browser. After their blog post went public, I copied that email conversation into my own blog post so that everyone would be aware of what was discussed. (If you ever send me an email of significance to the project, as per my privacy policy, expect me to make it public.)

Searchable Record

Many users ask questions similar to what has been asked before. In the early days, I used to write email after email after email explaining the same things to different people. I also answered questions in various forums across the internet. I eventually realized that wouldn’t scale very well, partially because when a user asked a question I had already answered sometimes the location of the answer was private, so I couldn’t just link them to it. And sometimes I knew I had answered that question before but I couldn’t remember where it was (was it in an email, was it on a forum, was it in a blog post, was it in a private XDA message?) Not only did this make it hard for me to find the answer to link in my response, but it also made it hard for people to search to see if the question had already been answered.

In response to this, I decided that all substantive discussions about software Stoutner produces should take place in only two places, the WordPress instance that runs www.stoutner.com and the Redmine instance that runs redmine.stoutner.com. Both of these have fairly easy to use search functionality, meaning that two quick searches should pull up everything I have written on a subject.

I understand that sometime it is hard to figure out what terms to search for to find a particular piece of information. Probably more than half of the responses I post to questions are simple links to where the answers can already be found. As the person who wrote the original information, usually I can remember which terms were used to discuss it, which may be slightly different than those terms used by person asking the question. Every time this happens, it makes the information easier for the next person to find, because now they can pull it up based either on the terms I used or the different terms of the person who asked the question before them.

This is part of the reason why I decided to limit comments on the WordPress blog to only the subject in the original post and require that all other comments and questions happen in the forum. Trying to find comments unrelated to the subject of a post isn’t usually very easy. It is for a similar reason that I insist that users keep each bug report/feature request to a single topic.

End User Resistance

I have been quite surprised to encounter a number of people who resist using the forums or the issue trackers to ask questions, file bug reports, or make feature requests. Usually their reasoning boils down to it being too inconvenient to create an account on redmine.stoutner.com. Sometimes they state they would do so if I used a cloud based system where they already have an account, like GitLab or GitHub, but that they can’t be bothered to create an account on another site.

One of my fundamental guiding principles in developing security and privacy focused open source software is that all the server software I use to support the project must also be open source and I must be able to host it on my own hardware. This is part of my efforts to minimize my attack surface, not only in the software I produce, but also in the supply chain of software used to host the code and communicate with users. I understand that it does take a few minutes to register a new account, but I consider the benefits of self-hosted server software to far outweigh that slight inconvenience.

Other Communication Channels

I do participate in some other communication channels, most notably at this point on Mastodon using an account on the Fosstodon instance and in the F-Droid forums. But, if you follow me at all on those platforms, you will notice that anytime the conversation moves beyond the very basics, I will redirect it to www.stoutner.com or redmine.stoutner.com, so that everything of substance takes place in these two, easily searchable locations.

by Soren Stoutner at June 27, 2022 17:40

June 23, 2022

Purism

How to Enable Hotspot and Tethering in PureOS on Your Librem 5

When you need to connect a Wi-Fi device to the internet and your phone has a good 4G signal, why not set up secure data sharing? With PureOS on the Librem 5 phone, setting up a hotspot is simple. Head into Wi-Fi settings and enable Hotspot.  Setting up a Hotspot Settings → Wi-Fi → Top Right Menu → […]

The post How to Enable Hotspot and Tethering in PureOS on Your Librem 5 appeared first on Purism.

by David Hamner at June 23, 2022 21:13

June 21, 2022

Tutanota

Leaked 'chat control' document: Will Germany fight for privacy?

Since autumn 2021, Germany has a new government, and this new government has agreed in their coalition paper that every citizen has a 'right to encryption'. Now, the German government has asked the EU Commission very difficult questions regarding the Commission's plans to introduce general surveillance measures to fight the distribution of child sexual abuse material and grooming online. Does this mean that Germany is serious with everybody's right to encryption?

June 21, 2022 00:00

June 20, 2022

Tux Phones

The PocketReform is a made-in-Berlin Linux handheld

Update 27/06/2022: The PocketReform has been officially announced! More information can be found at this page.
The PocketReform is a made-in-Berlin Linux handheld

In the last year, we have seen an unexpected revival of handheld computers (or PDAs) with hardware keyboard, all of which based on Linux: the PinePhone with its keyboard case, the GPD series of mini-laptops and several others which we covered here last month. For those wondering, the main difference between these trendy miniaturized computers and "standard" Linux phones can often be just the lack of a cellular modem. In general, the board designs appear to be quite similar between PDAs and phones, and for most applications, a Linux PDA can be cheaper and just as useful as a fully fledged smartphone.

Back in 2019, the MNT Reform project promised a new laptop concept: being entirely self-made, radical (and rather punk-sexy) in style and functions, this Linux laptop focused on repairability, modularity (even for input devices!) and total openness of the platform firmware. The device was designed by Lukas Hartmann in Berlin, all of which based on the ARMv8, i.MX8MQ processor. Furthermore, the Reform sported a tiny OLED display above the keyboard for status monitoring, an open-source trackball, and replaceable stylus-shaped 18650 LiFePo4 batteries, all with entirely replicable PCB and hardware design.

MNT Reform: The Much More Personal Computer—MNT Research
The PocketReform is a made-in-Berlin Linux handheld

Yet the PocketReform, a recently announced Linux PDA by MNT Research, appears at least as innovative as its predecessor: firstly because it is designed and assembled in Germany, although with some boards sourced from China, and secondly for being a partially EU-funded project rooted in the Berlin University of the Arts.

The first difference from other PDAs is the everyday customer oriented, yet radically open-source nature of this product. While not many technical details are known yet, the PocketReform will focus on a flexible, easily repairable hardware and structure, probably taken at least in part from the full-size Reform laptop. In the current prototype, the two wooden and plexiglass panels for the keyboard and display modules are connected by a hinge, with one circuit board, and likely one replaceable LiFePO4 battery.

The PocketReform is a made-in-Berlin Linux handheldThe see-through back of the initial prototype

Moreover,  according to its makers, crucial for the PocketReform is its modularity and durability, in the perspective of a circular economy model. Early renderings showed a miniature mechanical keyboard not unlike that of the Penkesu, alongside a tiny trackball and OLED display, which are not yet seen on the current prototype. In fact, the trackball could make for a satisfying BlackBerry-like feel and easy navigation even in traditional, not mobile-optimized Linux environments.

The PocketReform will likely accommodate the same SoM (System-on-Module) of its larger sibling, with on-board slots to connect wireless cards and other modules.

On the technical side, specifications are aligned with the Reform laptop: The PocketReform uses the same high-end NXP i.MX8 SoC as the MNT Reform, which is also that used by Purism&aposs famous Librem 5 smartphone.

Its modular design supports a variety of base modules:

  • NXP i.MX8M Plus (4× ARM Cortex-A53 @ 1.8GHz, 4 or 8 GB DDR4, Vivante GC7000UL GPU, NPU)
  • NXP Layerscape LS1028A (2× ARM Cortex-A72, 8 or 16GB DDR4, Vivante GC7000UL GPU)
  • Raspberry Pi CM4 (via Adapter, 4× ARM Cortex-A72, 8GB DDR4, VideoCore GPU)
  • Pine SOQuartz RK3566 (via Adapter, 4× ARM Cortex-A55, 8GB DDR4, Mali G52 GPU)
  • FPGA AMD/Xilinx Kintex-7 (for industrial use, RISC-V SoC possible)

Furthermore, this modularity allows to recycle modules from the standard Reform laptop.

The PocketReform uses a 7" Full HD IPS panel, plus an additional 4K micro-HDMI output. It uses an RGB-backlit ortholinear keyboard with mechanical switches, plus an optional customizable trackball.

RAM is determined by the base module, and eMMC storage alongside an NVME m.2 SSD slot can be found on the board. Moreover, the PocketReform offers several wireless capabilities, with Wi-Fi 802.11ac and Bluetooth 5.0 in the base model, plus an optional WWAN slot for 5G and 4G modems.

At 20 × 12.6 × 4.5cm, the PocketReform is somewhere in between a handheld and a netbook, and its thickness is wholly justified by the replaceable 18650 Lithium batteries (8000mAh) and overall modularity of the board. These can be charged by one of the two USB-C ports, which supports Power Delivery (PD). A micro-HDMI 4K output and an industrial Ethernet port are also present in the casing.

Many colours and finishes were showcased in renderings, from a slightly 2000-ish light blue tint, to solid gray, to the amazing wood-and-glass blend of the current prototype, which we would like to see replicated in production. In the end, the case will be either in (cyber-punkish) purple or black anodized aluminium, or in recycled PLA.

The PocketReform supports a range of OS that goes, interestingly, beyond Linux to include OpenBSD and even Plan9 ports.s

In conclusion, this new project looks intriguing to say the least. With funding at least partly ensured, and inheriting expectations from the MNT Reform as a quality product, hopes for the PocketReform are high. You can find more information in the official introduction post below.

Introducing MNT Pocket Reform—MNT Research
The PocketReform is a made-in-Berlin Linux handheld

Photos from the official project page.

by Raffaele T. at June 20, 2022 09:28

June 19, 2022

Paul Schaub

Reproducible Builds – Telling of a Debugging Story

Reproducibility is an important tool to empower users. Why would a user care about that? Let me elaborate.

For a piece of software to be reproducible means that everyone with access to the software’s source code is able to build the binary form of it (e.g. the executable that gets distributed). What’s the matter? Isn’t that true for any project with accessible source code? Not at all. Reproducibility means that the resulting binary EXACTLY matches what gets distributed. Each and every bit and byte of the binary is exactly the same, no matter on which machine the software gets built.

The benefit of this is that on top of being able to verify that the source code doesn’t contain any spyware or unwanted functionality, the user now is also able to verify that the distributable they got e.g. from an app store has no malicious code added into it. If for example the Google Play Store would inject spyware into an application submitted by a developer, the resulting binary that gets distributed via the store would be different from the binary built by the user.

Why is this important? Well, Google already requires developers to submit their signing keys, so they can modify software releases after the fact. Now, reproducibility becomes a tool to verify that Google did not tamper with the binaries.

I try to make PGPainless build reproducible as well. A few months ago I added some lines to the build script which were supposed to make the project reproducible by using static file modification dates, as well as a deterministic file order in the JAR archive.

    // Reproducible Builds
    tasks.withType(AbstractArchiveTask) {
        preserveFileTimestamps = false
        reproducibleFileOrder = true
    }

It took a bit more tinkering back then to get it to work though, as I was using a Properties file written to disk during build time to access the libraries version during runtime, and it turns out that the default Writer for Properties files includes the current time and date in a comment line. This messed up reproducibility, as now that file would be different each time the project got built. I eventually managed to fix that though by writing the file myself using a custom Writer. When I tested my build script back then, both my laptop and my desktop PC were able to build the same exact JAR archive. I thought I was done with reproducibility.

Today I drafted another release for PGPainless. I noticed that my table of reprodubile build hashes for each release was missing the checksums for some recent releases. I quickly checked out those releases, computed the checksums and updated the table. Then I randomly chose the 1.2.2 release and decided to check if the checksum published to maven central still matches my local checksum. And to my surprise it didn’t! Was this a malicious act from Maven Central?

Release 1.2.2 was created while I was on my Journey through Europe, so I had used my Laptop to draft the release. So the first thing I did was grab the laptop, checkout the releases source in git and build the binaries. Et voila, I got checksums matching those on Maven Central. So it wasn’t an attack, but for some reason my laptop was producing different binaries than my main machine.

I transferred the “faulty” binaries over to my main machine to compare them in more detail. First I tried Meld, which is a nice graphical diff tool for text files. It completely froze though, as apparently it is not so great for comparing binary files.

Next I decompressed both binaries and compared the resulting folders. Meld did not report any differences, the directories matched perfectly. What the heck?

Next I tried diff 1.jar 2.jar which very helpfully displayed the message “Binary files 1.jar and 2.jar are different”. Thanks for nothing. After some more research, I found out that you could use the flag --text to make diff spit out more details. However, the output was not really helpful either, as the binary files were producing lots of broken output in the command line.

I did some research and found that there were special diff tools for JAR files. Checking out one project called jardiff looked promising initially, but eventually it reported that the files were identical. Hm…

Then I opened both files in ghex to inspect their byte code in hexadecimal. By chance I spotted some differences near the end of the files.

The same spots in the other JAR file look identical, but the A4 got replaced with B4 in the other file. Strange. I managed to find another command which found and displayed all places in the JAR files which had mismatches:

$ cmp -l 1.jar 2.jar | gawk '{printf "%08X %02X %02X\n", $1, strtonum(0$2), strtonum(0$3)}'
00057B80 ED FD
00057BB2 ED FD
00057BEF A4 B4
00057C3C ED FD
00057C83 A4 B4
00057CDE A4 B4
00057D3F A4 B4
00057DA1 A4 B4
...

Weird, in many places ED got changed to DF and A4 got changed into B4 in what looked like some sort of index near the end of the JAR file. At this point I was sure that my answers would unfortunately lay within the ZIP standard. Why ZIP? For what I understand, JAR files are mostly ZIP files. Change the file ending from .jar to .zip and any standard ZIP tool will be able to extract your JAR file. There are probably nuances, but if there are, they don’t matter for the sake of this post.

The first thing I did was to check which versions of zip were running on both of my machines. To my surprise they matched and since I wasn’t even sure if JAR files would be generated using the standard zip tool, this was a dead end for me. Searching the internet some more eventually lead me to this site describing the file structure for PKZIP files. I originally wasn’t sure if PKZIP was what I was looking for, but I had seen the characters PK when investigating the hex code before, so I gave the site a try.

Somewhere I read The signature of the local file header. This is always '\x50\x4b\x03\x04'. Aha! I just had to search for the octets 50 4B 03 04 in my file! It should be in approximation to the bytes in question so I just had to read backwards until I found them. Aaaand: 50 4B 01 02 Damn. This wasn’t it. But 01 02 looks so suspiciously non-random, maybe I oversaw something? Let’s continue to read on the website. Aha! The Central directory file header. This is always "\x50\x4b\x01\x02". The section even described its format in a nice table. Now I just had to manually count the octets to determine what exactly differed between the two JAR files.

It turns out that the octets 00 00 A4 81 I had observed to change in the file were labeled as “external file attributes; host-system dependent”. Again, not very self-explanatory but something I could eventually throw into a search engine.

Some post on StackOverflow suggested that this had to do with file permissions. Apparently ZIP files (and by extension also JAR files) would use the external attributes field to store read and write permissions of the files inside the archive. Now the question turned into: “How can I set those to static values?”.

After another hour of researching the internet with permutations of the search terms jar, archive, file permissions, gradle, external attributes, zip I finally stumbled across a bug report in another software project that talked about the same exact issue I had; differing jar files on different machines. In their case, their CI would build the jar file in a docker container and set different file permissions than the locally built file, hence a differing JAR archive.

In the end I found a bug report on the gradle issue tracker, which exactly described my issue and even presented a solution: dirMode and fileMode could be used to statically set permissions for files and directories in the JAR archive. One of the comments in that issue reads:

We should update the documentation.

The bug report was from 3 years ago…

Yes, this would have spared me from 3h of debugging 😉
But I probably would also not have gone onto this little dive into the JAR/ZIP format, so in the end I’m not mad.

Finally, my build script now contains the following lines to ensure reproducibility, no matter the file permissions:

    // Reproducible Builds
    tasks.withType(AbstractArchiveTask) {
        preserveFileTimestamps = false
        reproducibleFileOrder = true

        dirMode = 0755
        fileMode = 0644
    }

Finally my laptop and my desktop machine produce the same binaries again. Hopefully this post can help others to fix their reproducibility issue.

Happy Hacking!

by vanitasvitae at June 19, 2022 22:08

June 18, 2022

/e/ foundation

Leaving Apple & Google: Advanced Privacy; Follow eFoundation & Murena news!

Leaving Apple & Google: Advanced Privacy; Follow eFoundation & Murena news!

  • Deeper dive: Advanced Privacy
  • Follow eFoundation and Murena news!

At the end of May, we announced /e/OS v1 and many new features such as App Lounge, Murena cloud, and Advanced Privacy. We are thrilled about the positive reviews we received so far. But we also received tons of questions about those new features and how they work. We decided therefore to launch a series in our newsletter to give you a deeper dive into those new features. The objective is to help you understand how these new features work and how you can make the maximum out of it.

Deeper dive: Advanced Privacy

The first feature we would like you to have a closer look at is Advanced Privacy.

In App Lounge, we already inform you about potential privacy issues and the number of trackers. But we wanted to do more. In /e/OS we are now shipping Advanced Privacy, a specific tool we have developed to limit your data exposure once you have installed third party apps.

When an application snoops in the background, it will use trackers to log your activity even if you are not using the app. It will also collect the IP address, so it can potentially link internet activity to a specific device and to a persona, and finally it will try to pinpoint your exact location.

Advanced Privacy lets you manage in app trackers, IP address and location. It’s available as a widget and within the operating system settings.

Learn more about Advanced Privacy in our user documentation, or in Medium and our community forum.

 

Follow eFoundation and Murena news!

Our project evolves and our newsletters as well. From now on, you can also subscribe to the Murena newsletter to receive news about Murena smartphones, Murena cloud, offers or new services.

What is the difference?

The eFoundation newsletter, the one you are reading right now, is the one that you are already subscribed to. In this newsletter, we share news about /e/OS, our open source project, and eFoundation.

eFoundation and eOS have their own social media pages: on TwitterMastodonFacebook and LinkedIn

Murena newsletter is a new option. This newsletter is focused only on Murena smartphones, Murena Cloud and special offers concerning our phones, new collaborations and online services.

You can also follow and keep in contact with us via Murena social media pages:

on TwitterMastodonYoutube and LinkedIn

And last but not least, we have our common announcement Telegram channel and our support channel.

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at June 18, 2022 10:24

June 17, 2022

Tutanota

Why U2F is important: How it works and why you need it.

As security experts we recommend that you protect your accounts with U2F two-factor authentication. You use a key to lock your front door or your car, and your online accounts are just as valuable and need just as much protection. Secure your digital accounts with a U2F hardware key as this is the most secure option to protect your accounts! In this post we explain why U2F is important and how it works.

June 17, 2022 00:00

June 15, 2022

Purism

Upgrading Qubes 4.0.4 to 4.1.0

For those running Qubes 4.0.4 looking to upgrade to 4.1.0, let’s review the upgrade process using a Librem 14. To get started, you’ll need a USB hard drive to store your backup and a USB flash drive to boot the upgrade ISO. Preparing your backup drive Most file system formats will work as long as […]

The post Upgrading Qubes 4.0.4 to 4.1.0 appeared first on Purism.

by David Hamner at June 15, 2022 23:47

Fairphone

Fairphone Easy: a smartphone subscription for a fairer future

The world needs a new business model. The electronics industry focuses on selling new devices as often as possible to make a profit, driving rapid product life cycles, overconsumption and waste. Fairphone knows that while profit is important, a fairer, cleaner future is most important of all; we must move towards a circular economy that makes the most of the resources we have. That’s why we love longevity and design longer-lasting, easily repairable smartphones – while encouraging others to embrace longevity too. After all, the longer you keep your phone, the lower its environmental and social footprint. That’s where our new business model comes in.

Introducing Fairphone Easy

We are proud to announce the launch of Fairphone Easy, a smartphone subscription service that takes our circular ambitions to the next level. We’re giving users in The Netherlands the option to use our most sustainable and modular phone yet, the Fairphone 4 (in green, with 8GB/256GB), for a fixed monthly fee, rather than buying it.

Fairphone Easy subscribers don’t need to worry about replacing their phone or about fixing it when something breaks. We take care of any maintenance or upgrades needed. Users are also rewarded with lower monthly fees if they take care of and use their phone for longer: for every year the phone stays damage free, the monthly discount increases, rewarding users for taking part in our mission for smartphone longevity.

 

Is Fairphone Easy more sustainable?

How is a subscription service more circular and sustainable than simply buying a phone, you may wonder? The current business model of our industry sees about 1.4 billion mobile phones sold globally. Users keep their phones for an average of 2-3 years, yet only 15% of discarded phones are collected for recycling. This adds to the growing world’s e-waste problem – and increasing CO2 emissions, as 70% of a smartphone’s lifetime emissions occur during production. The more new phones, the larger the environmental impact. These rapid lifecycles not only have a negative impact on the planet, but also on the people working in the supply chain. The longer a phone (and all its materials) are in use, the lower the impact on people and the planet. Fairphone Easy maximizes the lifetime of our phones and their materials, while ensuring a great user experience and providing a more sustainable business model for the smartphone industry.

What makes Fairphone Easy circular?

Fairphone Easy encourages subscribers to increase the lifetime of their phone by ensuring they enjoy keeping their phone in use longer. If the subscriber stops, Fairphone ensures the phone ‘lives on’ by refurbishing it and giving it to a new subscriber, or re-using the parts to repair another phone. At the end of the phone’s life, Fairphone will make sure it is properly recycled. This way it won’t become e-waste, or end up in a drawer where its valuable materials cannot be utilized.

This business model has been a long-time wish of ours; until now we’ve mostly been working on making the process of designing and producing a phone fairer for people and planet. But, after the customer buys the phone, the process is out of our hands. With Fairphone Easy’s service model, we can now make the phone’s entire life cycle fairer and more sustainable, by encouraging longer use and ensuring its re-use and proper recycling.

 

Want to know more about Fairphone Easy? You can find all the details here, and if you’re in the Netherlands and in need of a new phone, join us, and become part of the circular solution!

The post Fairphone Easy: a smartphone subscription for a fairer future appeared first on Fairphone.

by Ronald at June 15, 2022 08:00

Privacy Browser

Privacy Cell 1.8

Privacy Cell now includes the status of the voice network when determining the overall security of the cell network. The overall network security level is set to be lowest of either the data or the voice network. Previously, it was set just on the status of the data network.

With this change, both the voice network and the data network descriptions on the main screen change color to match their status, where they were previously always blue.

Well, at least the additional network info doesn’t pose any problems. 😉

A bug was fixed that sometimes made it impossible to disable realtime notifications. Because Android’s battery saving system likes to kill background services, Privacy Cell runs a periodic task that checks to see if realtime notifications are enabled, checks to see if the realtime notification service is running, and restarts the service if needed. However, sometimes it would take a long time for Android to check the settings stored on the device to see if realtime notifications were supposed to be enabled. If that happened, the periodic task would just assume the answer was yes and restart the service.

With this change, Privacy Cell checks the update notification preference at multiple different steps, and aborts if it is disabled.

Ahh, Android. Sometimes you drive me crazy. It is, without exaggeration, like trying to run a stable app on a system that is being attacked by a breakaway clan of chaos monkeys.

This release bumps the target API to 32 (Android 12L). It also includes the first full German translation.

by Soren Stoutner at June 15, 2022 00:04

June 10, 2022

Tutanota

How to leave Google behind: Quick guide to take back your privacy online.

For many the Internet is Google: Search, email, videos - Google is the major player in all these fields. But Google uses all data it gathers across its services to post targeted ads, and to massively profit from the data many share so freely with the Internet giant. The time has come to stop this unlimited data mining and to take back our right to privacy! Here's a quick guide how you can leave Google and Facebook by switching to secure alternatives.

June 10, 2022 00:00

June 09, 2022

Purism

PureBoot’s Powerful Recovery Console

Normally when we talk about our high-security boot firmware PureBoot, it’s in the context of the advanced tamper detection it adds to a system. For instance, recently we added the ability to detect tampering even in the root file system. While that’s a critical benefit PureBoot provides over our default coreboot firmware, it also provides […]

The post PureBoot’s Powerful Recovery Console appeared first on Purism.

by Kyle Rankin at June 09, 2022 18:39

June 06, 2022

Purism

The Ultimate Guide to Free Software

In a world that wants to track every move you make, we think it’s important to have alternatives that are free, open and respect your digital rights. Purism is a company dedicated to freedom, privacy, and security. At Purism, we make freedom-respecting hardware, software and online services. Software is the life-blood of any hardware. If […]

The post The Ultimate Guide to Free Software appeared first on Purism.

by David Hamner at June 06, 2022 15:30

June 03, 2022

Pine 64

My DIY low-power 6 SSD NAS based on the Quartz64 ARM board

ARM SBCs have been around for a few years now. They were made popular and accessible mostly by the RaspberryPi released in 2012. I’ve been enjoying building countless projects around these boards : web servers, home-automation, camera recording, IM bots,… A new trend has recently appeared in the SBC world : the PCIe slot! The RaspberryPi 4 Compute Module exposes it via the IO board...

Source

by JF at June 03, 2022 17:28

Replicant

New Replicant 6.0 0004 release and Replicant 11 status.

Replicant 6.0 0004 is now officially released. If you want to upgrade from Replicant 6.0 version 0003 or earlier you need to follow the data migration procedure that is documented in the Release notes page on the Replicant wiki.

Even if we released the images back in January 2022, we didn’t announce it officially at the time because the data migration procedure wasn’t complete yet.

What is new in this release

Replicant is in the list of distributions that are recommended by the FSF. As such, Replicant needs to follow strict criteria that ensures that the distribution does its best not to violates its users’ freedom.

However fixing the issues and making new releases can sometime take a long time. The last Replicant 6.0 release was from December 2017.

This new release fixes some very serious freedom and privacy issues:

  • We found an issue within the phone application: it was leaking the phone numbers of both inbound and outbound calls to third parties as part of a feature called phone lookup providers. More details are available in the bug report. Even if it was not trivial to reproduce and find the bug it’s now fixed as the feature has been completely disabled with 3 patches ([1], [2], [3]).
  • F-Droid has been removed as many applications shipped in it are not compliant with the guidelines for distributions recommended by the FSF. It was kept so long because we expected to get it fixed upstream fast enough, but that didn’t happen for various reasons. We have setup a wiki page and a forum section for more information about the issue and how to deal with it.
  • Several binary firmwares (without source code) related to the back and home “touch” buttons were found and removed with 4 patches ([1], [2], [3], [4]). The firmwares seem to have only been used for factory testing, so the buttons should still work on the devices that have them.
  • The touchscreen firmware for the Galaxy Note 8.0 was also lacking any corresponding source code (bug #2194). That was fixed by removing it ([1]).
  • On all the currently supported devices with a modem, when users set the device in flight mode, the modem is only asked to go in low power mode. Because of that the modem is probably still on and its OS is probably still running. Because of that we fixed the wiki and added scripts to disable (and enable back) the modem to the new Replicant images. They work by preventing Replicant to load the modem OS.
  • We also got a report on the mailing list that a nonfree ambient SDK was added in CyanogenMod and was not removed either by LineageOS 13 or Replicant 6. So we removed it as well.

This release may also fix several bug(s) which made some SIM cards not recognizable by Replicant 6.0: we have now merged a fix for one of the bug (#1909) but as we don’t know if all the “SIM card not recognized” bugs are related. We would highly appreciate if those that opened the original bug report could confirm if it also fixes their issues as well.

Several issues still need to be fixed, but we didn’t want to delay even more this release, as that would prevent users from getting the fixes mentioned above:

  • It’s still not possible to build Replicant 6.0 from a distribution that is recommended by the FSF (bug #1861).
  • While removing the firmware of the Galaxy Note 8.0 touchscreen driver, many more firmwares without corresponding source code were found in the driver/touchscreen directory in the kernel used by most of the devices supported by Replicant 6.0. However they weren’t removed yet. Help is more than welcome to help with that.
  • While investigating if it was possible to upgrade WebView, the Android builtin web browser component (bug #1786) we also discovered that, because Android build system doesn’t use a package manager, finding the license of each repository wasn’t trivial (bug #1973).
  • More investigations are needed as well to replace WebView with a free software and up to date implementation (bug #1786).
  • The bug related to a bad sound quality during calls in some circumstances (bug #1773) is not fixed yet, but there is a workaround that works for some use cases.
  • The Let’s Encrypt certificates probably stopped working in Replicant 6.0 the first September 2021. Some browsers like IceCat should normally continue to work fine. See the Standing on Our Own Two Feet blog post by letsencrypt for more details.

As the internal WiFi doesn’t work with free software, some new network related features improving usability were merged :

  • RepWiFi has been removed as it’s now possible to use the stock Android menus to handle the WiFi. This was done by patching Android to also accept external dongles. It is less reliable than with RepWiFi because in some cases reboots are needed for the WiFi to be recognized, and enabling the WiFi most probably also powers on the Internal WiFi chip as well, increasing the power consumption. However it should reduce the probability of applications like F-Droid being broken in the future, as it’s better integrated in Android. In the event that Replicant 6.0 stops being maintained and that Replicant 11 doesn’t get support for all the Replicant 6.0 devices, this patch should increase the lifetime of the affected devices.
  • Ethernet support has been added but it doesn’t work on all the devices.
  • The USB networking scripts were also been added to the devices.
  • Support for some rt2500-usb dongles that don’t need the OS to load a firmware has been added to the Galaxy SIII 4G (i9305), which is an uncompleted device. It wasn’t added to the other devices to make the release happen a bit faster.

Other improvements were also made:

  • llvmpipe is now the default OpenGL renderer. On devices with an Exynos CPU / System on a chip, this allows running many applications that weren’t working before. Unfortunately llvmpipe significantly slows down some system components used in the graphical interface. This has been catered for by patching Android to use the old libagl renderer for those system components.
  • Scripts to switch between OpenGL implementations globally have been added to the image as well. Thus, if you want to revert back to the old behaviour, just run “graphics.sh faster” in a root terminal. To switch back to the new behavior you can instead use “graphics.sh compatible”. Note that “graphics.sh compatible” will still keep the old OpenGL implementation for the system components mentioned above, so there is little risk in trying the scripts.
  • It’s now easier to build Replicant as there is a new script that wraps part of the building process. It’s also more convenient as it stores build logs. The script has been used to build the release, and the build instructions also use it now.
  • It has became easier to modify the installation instructions as they now apply to all devices, and were split into parts that are reusable. This way if the instructions needs to be modified, it requires a single modification instead of 10 or 30 modifications like before.
  • Instructions to backup the modem data partition have been added. The modem partition can become corrupted in some conditions. As it can be very difficult or impossible to recreate that partition, and that it’s required for the modem to work, we very strongly advise users to do a backup.
  • A new wipe command has been added to wipe partitions, however it is not very well suited for wiping files. To efficiently wipe files another application or utility would need to be integrated.

Many of the improvements and fixes were also made possible thanks to the work of new contributors.

Replicant 11 status and policy changes for supported devices

Work on Replicant 9 has now shifted to Replicant 10 and then Replicant 11, and has been ongoing in parallel. As it will use a kernel closely based on upstream Linux, it has some implications:

  • The work on Replicant 11 is made with the Galaxy SIII (i9300), so it should be supported.
  • The Galaxy Note II (N7100) is very similar to the Galaxy SIII but requires a bit more work to be supported.
  • The Galaxy SIII 4G (I9305) and Galaxy Note II 4G (N7105) could also be added if work is done to add support for their modem in Replicant.
  • We don’t know yet how much work is needed to add support for the other devices that are currently supported by Replicant 6.0, so we don’t know yet if they will be compatible with Replicant 11 or not. We would need to find or get more information on the upstream status of theses devices before having a rough idea.
  • It will be easier to add support for devices using a mainline kernel.

We also take advantage of this release to announce some policies changes:

  • As Replicant 6 only supports devices with somewhat isolated modems, subsequent Replicant versions will also only support devices with isolated modems.
  • As Replicant 6 only supports devices with replaceable batteries, subsequent Replicant versions will also only support devices with replaceable batteries.

The Replicant developers chose not to support these devices officially in Replicant for good reasons.

Supporting devices with non removable batteries ourselves has a lot of challenges:

  • As Replicant 11 requires more work and working to upstream devices support in Linux takes more time than adding devices in Replicant 6:
    • if we start adding support for a device, we want to be able to spend the time required to do it right and to work with upstream projects like Linux to add support for it in theses projects as well. The advantage is that it makes Replicant and the device being added more sustainable. However if the device has a battery that is not replaceable by experienced users, developers, repair shops, or repair café, the device would have a very short lifetime which is incompatible with making Replicant sustainable.
    • Users would need to buy the device new in order to make sure that the battery lasts enough for a daily use. Buying the device second hand would be way more complicated as users would need to make sure that the battery last enough time. Developers would still be able to work on the device for a very long time, assuming that they are not users as well that want to use the device. But their work would not be very useful without usable devices.
    • In addition, being able to remove the battery of a device increase trust: for devices with a single battery, it’s easy to understand that without a battery, the device is really off. For devices with an additional backup battery, some background information on chip energy consumption is enough to understand what the device cannot do with such backup battery.

As for non isolated modems, if Replicant only support devices with isolated modems, it’s way easier for users and developers to remember that the devices they are using have a somewhat isolated modem.

However, as Replicant 11 is using a kernel closely based on upstream Linux, there is already some interest in adding support for devices already supported by Linux which have a non-isolated modem and/or a non-replaceable battery, and it would be sad to not be able to leverage all the work done in Replicant with these devices.

So practically speaking we are willing to help people and/or projects that are willing to support such devices. We are also accepting contributions in the Replicant source code for such devices provided that we can maintain the code without too much effort without having the devices.

So while anybody could test if the code still compiles fine, It will then be up to the people that have such devices to test if the code is still working over time. The code quality of such contributions may also have to be high as we want to keep maintaining that code over time without having the devices. The Linux kernel is already using a similar approach to be able to maintain support a lot of devices (including devices that the maintainers don’t have) without removing support for older devices.

We could even provide access to the Replicant infrastructure (for instance by creating Redmine sub-projects, opening new git repositories namespaces, and so on) to the people wanting to support such devices, but they would at least need to:

  • Find a name that is different from Replicant for the project (to not confuse both projects, else it defeats the point of having some separation).
  • Stay compatible with the strict FSF criteria as Replicant doesn’t want to host projects that are incompatible with such criteria. Though we already collaborate with other projects (which we don’t host) that aren’t compatible with such criteria.
  • Take care of users support (as Replicant developers will probably not have these devices, so they won’t be able to test things to properly support users).
  • Take care of the releases (as Replicant developers will probably not have these devices, they would not be able to test the releases).

As for the details on what constitute a “replaceable battery”, all the smartphones currently supported by Replicant 6.0 have removable batteries, so the batteries are very easy to replace. Compatible batteries can still be found in several cities and/or countries.

And for the tablets supported by Replicant 6.0:

  • They all have batteries that are not removable in the usual meaning, but they can still be replaced by opening the device.
  • It is easy enough for experienced users, developers, repair shops, and repair café to open the device and remove the battery, so it is probably possible to replace it as well.
  • It would be interesting to know more about the availability of compatible batteries.
  • It might also be possible to use tablets with batteries that last way less than when the device is new, as many people have them off most of the time. But even in that case it still shortens a lot the lifetime of the device, as they probably still needs a working battery to boot.

by GNUtoo at June 03, 2022 09:56

Tutanota

EU Commission is planning what Apple stopped after backslash from privacy groups: Automatic CSAM scanning of your private communication.

Only last year Apple wanted to introduce AI-based CSAM scanning to iPhones, turning people’s devices into little surveillance machines. After international public outcry, the company rolled back on its plans. Now the EU Commission has published very similar plans that should become mandatory for all companies offering communication services in Europe. We must act now to stop these plans.

June 03, 2022 00:00

OsmAnd

12 years with OsmAnd

Hello! June 3rd we celebrate OsmAnd's birthday 🥳

12 years

12 years of work on the application have made it a swiss-knife tool for travelers around the world. Our community is getting bigger every day and we are happy to welcome new members, but we are even more grateful to those who have been with us for a long time.

We are honored to know that 10,000,000 travelers have already tried OsmAnd and 2,000,000 people are using it on a regular basis right now! We strive to provide you with the best offline maps and navigation product for mobile phones, with an awareness of the importance of privacy, as well as the best possible price.

Let's celebrate together! You share a photo with your trip story on Instagram with hashtag #12YearsOsmAnd, we choose the best and gift a prise 🍾🥂

You can order T-shirt and any merch here

June 03, 2022 00:00

OsmAnd 4.2 (Android)

Hi, Everybody!

After a long break, we are happy to announce the release of the new version 4.2 OsmAnd app for Android devices. You can already update the app and check out the following long-awaited improvements in the new version of the app.

Download online map

New in OsmAnd Widgets

We've done a lot of work on the widgets and interface of the the Configure screen:

  • We redesigned the Configure screen, separating the widgets from the buttons, separating the different widget panels more clearly.
  • Added pages for widgets.
  • Duplicates.
  • Combined the widgets from the left and right panels, now any widget that was previously only available in the left panel can be added to the right panel.

Pages and Duplicates for widgets

Widgets in the Left panel and Right panel can be grouped into Pages.
OsmAnd menu → Configure screen → Widgets (Left / Right panel) → Change order → Add pages

Widget page Widget page

You can show Duplicates for the right/left panels at the same time, as well as for each page of widgets.
OsmAnd menu → Configure screen → Widgets (Left / Right panel) → Change order → "+" chosen widget

Widget dublicate

True bearing widget

Added new widgets for "Bearing". Bearing now has 3 separate widgets:

Menu → Configure screen → Widgets → Left / Right panel → Bearing

  • Relative bearing is the angle between your forward movement direction and the target point.
  • Magnetic bearing is the clockwise (horizontal) angle between the magnetic north and the target point observed from your location.
  • True bearing is expressed as the horizontal angle between the geographic meridian and a line on Earth. Specifically, true point bearing is the angle measured in degrees clockwise from the True North line.

Bearing widget Bearing widget

Average speed widget

The new Average speed widget shows the average speed of the current ride:

Menu → Configure screen → Widgets → Left / Right panel → Average speed

Average speed

The average speed is calculated for the specified time interval. Click on the "Settings" button of the Average Speed widget to select the time interval for which the average speed will be measured:

Menu → Configure screen → Widgets → Left / Right panel → Average speed → ⚙️

Average speed

Trip recording widgets

Added new widgets for "Trip recording". Trip recording now consists of 4 separate widgets:

Menu → Configure screen → Widgets → Left / Right panel → Trip recording

  • Distance/Start-Stop: starts or stops trip recording and shows distance of the currently recorded trip. Clickable widget.
  • Duration: shows the duration in minutes/hours of the currently recorded trip.
  • Uphill: shows the sum of all climbs of the current recorded trip.
  • Downhill: shows the sum of all descents of the current recorded trip.

Trip recording widget Trip recording widget

Location provider

You can choose which Google Play or "Android API" services OsmAnd will use to determine your location. This can be useful for devices without Google Play services or in case of inaccurate location or altitude data when recording tracks.
OsmAnd takes data from the resources Google's Fused Location Providers and Android GPS and Network Providers.
You can switch Location source in: Menu → Settings → OsmAnd settings.

Modify POI, Tag autocomplete

2.5D view for testing

note

View 2.5D is a beta version. It is still in the testing phase.

We've added 2.5D view to OsmAnd for Android. Enable OpenGL rendering to run 2.5D view for the device: OsmAnd menu → Plugins → OsmAnd development → Settings → Use OpenGL rendering.

2.5D rendering has squares rendering type.

"Tilt"gesture makes 2.5D veiw.

2.5D view 2.5D view

Default appearance for favorites

You can now set the default appearance for new points in Favorites group or change the existing appearance for all favorites points at once.

The appearance can be set when creating a new group or changed for an existing one:
Menu → My Places → Favorites → ⁝ → Change default appearance.

Download online mapDownload online map

Routes on the map

Selecting a route on the map

Hiking / Cycling / Travel routes: tap the route symbol, get full route information and download the GPX file for the selected route.

Routes are marked on the map with OSMC symbols. In OsmAnd you can show OSMC symbols and routes in Configure map menu.

Hiking routes Hiking routes

New types of routes

Added display of Fitness trails and running routes to the map. Can be enabled in Configure map → Routes. Data for these routes are taken from OpenStreetMap project:

Fitness routes Fitness routes

Online Elevation profile

note
Online SRTM feature you can use only with Pro feature OsmAnd Pro subscribers.

This feature allows to calculate Elevation profile for GPX track online by OsmAnd server:

Track Context menu → Track → Altitude → Calculate online

Transport routestrack-menu_track-tab_altitude-dialogTrack-menu on track tab: altitude

New actions for GPX tracks

Update Track Context Menu

Track context menu now shows country or region for the track and track waypoints. Overview tab now has an "Info" card with detailed information about the location and size of the track.

Transport routesFitness trails

Import Multitrack

Splitting the multitrack file into individual tracks when importing a GPX track. You need to select the tracks to improvise. The tracks will be in:
My Places → Tracks.

Import multitrack Import multitrack

New items for "Quick action"

  1. Added "Plan route" tool to the Quick action menu.
  2. Overaly/Underlay changes with arrows:
  • Switched off a layer: ➤"Layer name"

  • Switched on a layer: "Layer name"➤

Quick action Quick action

New "Map style"

The Map style "Mapnik" has been replaced by the new style "OSM-Carto". This was done because when "Mapnik" was added to OsmAnd, it was identical to the map style on OpenStreetMap.org, but we had no way to keep it up to date, so over time it lost similarity to the OSM map style.

Using "Mapnik" will be available after the upgrade but as a custom map style. After a fresh or new installation, you will need to import it for use manually. You can do this by downloading it from GitHub.

  • OSM-Carto
  • Mapnik
Transport routesFitness trails

New POIs

New POIs and objects was added to offline maps.

Note: they will be availabe with maps from 2022 May 1

OpenStreetMap Editing menu

  • All OpenStreetMap-related items in Configure Map was combined into one group. "OSM Mapper assistant" option was spited into separate options: Fixme tags, Note tags, Icons at low zooms, Waterway tunnels.
Track context menu: waypoints tab
  • Fixed tag autocomplete in "Modify POI" mode.
Modify POI, Tag autocomplete
  • Fixed incorrect link to the OpenStreetMap object in context menu.

Online maps fixes

Download online mapDownload online map

Other changes

Download map redesign

Suggesting to download map in the Search menu.

Map download

New Coordinate format

Added support for SwissGrid CH1903 / CH1903+ coordinates system, thanks to our co-author koenigle.
You can change the coordinate format for the profile in:
Menu → Settings → Configure profile → General settings → Coordinate format.

Transport routesFitness trails

New Track Graph

Analyze on map: Altitude/slope–Distance

New parameter for "Route line appearance"

Added the option to display or hide turns arrow in the Route line settings.

Transport routesFitness trails

Modified "Use elevation data"

Three options have been added to the Use elevation data option, allowing you to set the preferred terrain of the route: flat, less hilly and hilly. Previously, this option was available only for Bicycle navigation.

Use elevation data: less hilly

Fixed

Wikipedia article on Hebrew

Follow OsmAnd at Facebook, Twitter, and Reddit!

Join us at our groups of Telegram (EN), (IT), (FR), (DE), (RU), (UA), (ES), (PL).

Google Play
Huawei AppGallery
Amazon AppStore

June 03, 2022 00:00

June 02, 2022

Purism

Is Ethical Advertising Possible?

Is ethical advertising possible? We all certainly know unethical advertising is possible, we live with it every day. The ad-driven Internet has created an insatiable hunger for personal data and as a result most of what the average person does in their web browser, or on their phone, and in real life is being measured, […]

The post Is Ethical Advertising Possible? appeared first on Purism.

by Kyle Rankin at June 02, 2022 16:39

/e/ foundation

Leaving Apple & Google: Watch the replay of the Murena Launch event; Discover all new features of /e/OS V1: App Lounge, Advanced Privacy & Murena Cloud

Leaving Apple & Google: Watch the replay of the Murena Launch event; Discover all new features of /e/OS V1 : App Lounge, Advanced Privacy & Murena Cloud

Discover all new features of /e/OS V1 : App Lounge, Advanced Privacy & Murena Cloud on replay

Thank you for joining us during our livestream event! It was wonderful to see so many of you connected!

If you couldn’t manage to be with us live, the replay of the event is currently available on different platforms: YouTube, Vimeo and Twitter. From now on, Murena has its own website murena.com where you can find all these privacy solutions as well Murena smartphones.

 You can also follow Murena social accounts on Mastodon, Twitter  and LinkedIn
 
 

/e/OS 1.0!

We are really proud to introduce /e/OS V1.

/e/OS 1.0 brings significant improvements to our privacy by design ecosystem. As you know, the operating system lets you run any Android application by default, so you don’t have to trade off their privacy for usability. In /e/OS 1.0, we have strengthened application compatibility, for instance by improving SafetyNet support for some devices, so all apps can work seamlessly on your phone.

Not only we have improved the system stability overall but also added long request features like better widget management. We want to ensure the user interface can deliver a great user experience.

App Lounge

With /e/OS V1, we now include App Lounge, our new application installer where you will find all the applications of the Google Play Store, as well as most of the “open source” applications on the F-Droid store, and last but not least Progressive Web Apps. 

We know that finding the app you need is critical and we hope this extensive catalogue will meet your needs.

Within App Lounge, you can still vet apps for privacy and check their privacy score. Each app is analyzed so you can hidden trackers that are after your personal data. 

Advanced Privacy

In App Lounge, we already inform users about potential privacy issues and number of trackers. But we wanted to do more. In /e/OS we are now shipping Advanced Privacy, a specific tool we have developed to limit users’ data exposure once they have installed third party apps.

When an application snoops in the background, it will use trackers to log the user’s activity even if he/she is not using the app. It will also collect the IP address so it can potentially link internet activity to a specific device and to a persona, and finally it will try to pinpoint the user’s location.

Advanced Privacy lets you manage in app trackers, IP address and location. It’s available as a widget and within the operating system settings.

Murena Cloud: murena.io

If we had focused only on the operating system, we were leaving many users without options for their emails and cloud storage, but to use proprietary solutions like Google Docs or Microsoft Office 365. So our efforts to bring people to a more privacy-friendly environment would be in vain. This is why we created the Murena cloud.

If you were using ecloud before, the basic features are the same but you will see a major design overhaul, we hope you will like the new dashboard and the easy access to the cloud apps.

Murena cloud is a personal email account, agenda and contacts, a drive on the cloud and an office suite, all combined into one single service, simple to use. Murena cloud is powered by proven open-source software like NextCloud and OnlyOffice.

Hide my email

What is “Hide my email” feature? “Hide My Email” is a mail alias used to receive mails without disclosing your real email address. Briefly speaking, it is a random address added to a user.

As it is an alias, all mails sent to this mail alias will get into the mailbox of a user.

The address can be found in this page of Murena Cloud settings. Currently, there is one alias available, but in the future we plan to get more and users will be able to manage their aliases (to delete and renew them).

 

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at June 02, 2022 12:09

June 01, 2022

Privacy Browser

Mojeek Blog Post

Mojeek recently wrote a blog post about Privacy Browser Android. I thought it would be interesting to share some thoughts both about Mojeek and about how that post came to be published.

I have joked before that selecting a default search engine in Privacy Browser is like trying to find a good Defense Against the Dark Arts teacher. It has changed multiple times since I first released privacy browser. At one point I told myself that if I finished developing Privacy Browser Android and Privacy Browser PC and still hadn’t been able to find a good search engine I would, reluctantly, develop my own. I considered that the criteria for a good search engine would include the following.

  1. It must have its own index and not be depending on Google or Bing or anyone else for search results.
  2. It must not track users, but instead use only data from the search query to display ads.
  3. It must not track if a user clicks on an ad. That would be a huge change to the entire ad industry, but I think it would work based loosely on the principles Troy Hunt explained when he dropped all ad network code from his website and instead went to a sponsorship model.

The hardest part of building a search engine index from scratch would be the cost of building and maintaining an index that produced good results. Off the top of my head, I figured that it would likely take a billion dollar investment to build something competitive with Google before it would grow to the stage that it would be self funding. And trust me when I say that no part of me wanted any piece of that fight. All it looked like was years and years of hard work.

Enter Mojeek. So far they are executing according to all three of the requirements I listed above. They recently passed the five billion page mark in their index. It is still nowhere close to being competitive with Google for certain types of searches, like those in Cyrillic languages or some technical searches like C++ programming queries. But, it is getting better, and they will likely be fully competitive with Google long before I am fully done developing Privacy Browser. Remember, building a competitive index is a billion dollar experience, which is chump change for Google or Microsoft, but an unimaginably difficult hurdle for almost anyone else.

Another reason why I am glad Mojeek came along is because I think the general public is better served when the browser and the search engine is not developed by the same entity. Keeping them separate helps keep both of them honest. If, at any point, a browser stops protecting the privacy of the users, the search engine can write a new blog post and recommend a different browser. And if, at any point, a search engine stops protecting the privacy of their users, the browser can drop it from their list of included search engines or change the default in the list.

It is for this reason that I have committed that Privacy Browser will never monetize the default search engine. I have also publicly explained the criteria for including a search engine in the default list in Privacy Browser. That criteria may change over time to reflect changing realities in the search engine offerings, but the list will always be public and will always be applied fairly to all search engine. Privacy Browser will also always make it easy for users to select a custom search engine of their choice.

Because I feel so strongly about the need for a browser to never have a financial connection to the default search engine, and because I feel like full transparency on this issue is essential for users to being able to trust a browser, I would like to post relevant sections of email communications I had with Josh at Mojeek prior to their blog post going live. I thing the content of these emails reflects well on Mojeek and demonstrates their professionalism in corresponding with other developers. I sincerely hope that Mojeek continues to execute on the sound principles they have so far demonstrated and that they reach a point where their revenue is self-sustaining, a point I would like to reach as well ;).

April 25, 2022

Hello Soren,

I hope this email finds you well.

For a while now we’ve been intending to write something about PB; it is the only option out there aside from our app (which is nowhere near as advanced) which has Mojeek as default, and it would seem that PB is very well-liked by people we interact with, on community.mojeek.com and in 1-1 interviews, comments etc.

I’ve attached here something we put together off the back of me using it on my Android device for 3 weeks now, but we don’t want to chuck up an article unless you’ve seen what it says and are happy with the concept. I/we get that this is not a formal relationship, more a case of you making that decision due to the specific criteria you need to fulfill in order to be happy with a default search option, and we don’t want to posit it as such. We get that we could be switched out for something else (as and when you find a better option for this set of criteria and the people who are browsing with PB) but your browser ticks all the boxes for us when it comes to something to promote, and so I’m sending this to you now.

Let me know, feel free to wing specific edits if that’s the best way to go about things, or just say a flat no, which is all good with us.

All the best,

Josh

To this email I wrote the following response.

April 25, 2022

Josh,

I appreciate your email. You, of course, have no obligation to reach out to me before publishing whatever you like on your own blog, but the fact that you did so as a courtesy is reflective of the degree of professionalism I have come to appreciate in Mojeek.

I think the blog post itself is well written and I have no comments or objections to it being published as it currently stands.

Although it isn’t necessarily something you would put into this blog post, it would probably be interesting for Mojeek to know that most of my current effort is being put into developing Privacy Browser PC. Although the timetable isn’t set in stone, I would like to have an alpha version available with Debian packages by the end of the year, with plans to support both Linux and Windows in the general release. Mojeek is currently the default search engine for Privacy Browser PC as well, and I do not currently see anything on the horizon that would change that.
I intend to make Privacy Browser PC free on all platforms, with the development funded through donations. I also expect there to be a halo effect, with some users who find it on the desktop also purchasing the Android version from the Play store.

I recently posted a little bit of information about Privacy Browser PC on Mastodon.

Soren

A couple of days later I received this response.

April 27, 2022

Soren,

I’m very happy to hear that; especially when it comes to smaller teams, independent developers etc. our approach is to always make sure they’re at least aware ahead of time. Also thanks for the well written.

I think there might be a minor change to the title, something like “Which Browser Should I Use on Android?” and I’d also like to ask if you’re comfortable with us using the PB icon/logo as the header image, on a plain background (likely HEX C7C7C7 or 1E1E1E so that the logo stands out). The other images in the piece are just snaps from me using PB, so nothing that you wouldn’t have seen before, but I’m happy to pass them across if you have any interest in that.

The Privacy Browser PC is for sure interesting to us. Bare minimum I’ve boosted that toot, and fixed the egregious mistake that is not following your Mastodon from the Mojeek account.

Josh

To which I replied.

April 27, 2022

That would be fine. My understanding of copyright law is that using someone else’s logo under those circumstances (a review of their product) is considered fair use, so you don’t need permission. But once again, it is kind of you to ask first.

Soren

I had not previously had any interactions with Josh, but I found this nice post on their page explaining a little about him.

by Soren Stoutner at June 01, 2022 06:32

May 31, 2022

Pine 64

May Update: Worth The Wait

Hello everyone! This month we’re announcing production of the Pinebook Pro resuming and introduction of Quartz64 model-B. I had an opportunity to meet with TL earlier this month, and got some ear-on time with the Pinebuds, so I dedicated a section to my early impressions from the time spent with the prototype. This update also brings news of SOQuartz Blade hostboard production...

Source

by Lukasz Erecinski at May 31, 2022 13:46

May 28, 2022

/e/ foundation

Leaving Apple & Google: 1 day left before the biggest announcement for the /e/OS and Murena

Leaving Apple & Google: 1 day left before the biggest announcement for the /e/OS and Murena

Our team is ready to meet you all tomorrow at 2 p.m. CEST!

One day left before our biggest announcement of the year! Discover Murena and its products and services that help people escape from digital surveillance. We are all ready to meet you on our Live event tomorrow!

To join us, click to our direct link or connect to our Telegram channel, see us on Twitter or YouTube.

The replay will be available soon after the event if you ever cannot be with us live!

We are looking forward to (virtually) meeting you!

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at May 28, 2022 09:12

May 26, 2022

Tux Phones

First camera samples from the PinePhone Pro revealed

First camera samples from the PinePhone Pro revealed

So far, cameras on Linux phones have been known for their extremely basic results. Lacking good sensors, premium optics, and most importantly good post-processing capabilities, the PinePhone&aposs, extremely basic sensor cannot often offer the shots one would expect. Even on the Librem 5, which uses a somewhat better Samsung sensor, users often need heavy manual configurations to get basic shots.

However, the PinePhone Pro will include a respectable Sony IMX258 sensor, not unlike that used on many older Android devices, including the LG G6. This model in particular is one of the few Sonys with a working driver in the mainline kernel.

Device Main sensor Nominal resolution Video capabilities Linux kernel support
PinePhone OmniVision OV5640 5MP (1.4um) 1080p@30fps full
Librem 5 Samsung ISOCELL S5K3L6 13MP (1.12um) 1080p@60FPS partial (full?)
PinePhone Pro Sony IMX258 13MP (1.12um) 4k@30fps partial
A small comparison table for Linux phone cameras

There is not, however, much we know about its implementation yet. Assuming a basic plastic lens mount, the sensor will definitely need some processing on the software side to achieve good results.

The first results we know about the PinePhone Pro camera come from Megi&aposs log, maintained by one of the most productive mobile Linux contributors in the scene - if not one of the earliest PinePhone Pro users. More test pictures should be coming in the next weeks, hopefully.

The contrast and dynamic range look okay considering the low light of the shots, which brings hope for using a PinePhone Pro camera as something which will bring satisfying results in most condition.

In comparison, there are many samples of pictures taken with the non-pro PinePhone. Martijn maintains a folder of those, which are somewhat reminiscent of vintage film photography – and, of course, had to go through post-processing in Darktable to look they way they do.

Megapixels (31 pictures)
First camera samples from the PinePhone Pro revealed

As another term of comparison, most known Librem 5 camera samples were taken by Sebastian "dos" Krzyszkowiak, a developer and enthusiast whose shots are probably the most successful results achieved from its camera.

Sebastian Krzyszkowiak (@dos@librem.one)
Attached: 1 image #shotonlibrem5 #librem5
First camera samples from the PinePhone Pro revealed
Librem 5 Photo Processing Tutorial – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people’s privacy and freedom while protecting their security.
First camera samples from the PinePhone Pro revealed

With upgraded sensors for native Linux mobiles, and moving closer to working cameras also on existing Linux phones, we may finally (and literally) see some light in the complex process of getting cameras to work on Linux phones. But explaining this alone might be worth a future article.


Via Twitter

by Raffaele T. at May 26, 2022 16:05

Purism

Qubes 4.1 Now Available for Pre-Install

I’m convinced that the Librem 14 is the best laptop for Qubes and our customers seem to agree. Originally, customers who selected Qubes with their order would have to install it themselves with a USB thumb drive we added to the order. More recently we started offering Qubes as a pre-installed option, all set up […]

The post Qubes 4.1 Now Available for Pre-Install appeared first on Purism.

by Kyle Rankin at May 26, 2022 15:39

May 25, 2022

Purism

Introducing AweSIM, Simple Plus and SIMple Plans for Securing Your Phone Data

Protect your personal data with AweSIM, a privacy-focused cellular service. Get started on Purism's cellular plans with a Librem 5 phone or any unlocked GSM phone.

The post Introducing AweSIM, Simple Plus and SIMple Plans for Securing Your Phone Data appeared first on Purism.

by Purism at May 25, 2022 18:00

/e/ foundation

Leaving Apple & Google: Don’t let your smartphone spy on you – meet us on May 31; Have you tried our ‘Hide My Email”?

Leaving Apple & Google: Don't let your smartphone spy on you - join us on May 31

  • Don’t let your smartphone spy on you – join us on May 31
  • Have you already tried the “Hide My Email” feature?

Don't let your smartphone spy on you - join us on May 31!

Next Tuesday we will introduce you into the world of Murena smartphones & online services, protecting our data as well as /e/OS v1 and its new features you have been waiting so far, and of which we are very proud!

Don’t miss it and join us for this meaningful event for our project and for your freedom from Big Tech’s sneaky eyes.

We imagine that you have many questions about your daily privacy, about /e/OS and compatible smartphones, or simply about our team. You will have an opportunity to ask them all during our Q&A session directly in the chat of our live stream or on a platform where you will be watching this event. As a reminder, we will be live on May 31 at 14:00 CEST, you can save the date in your calendar using our live streaming event link. Don’t hesitate to share this event with friends & relatives who still do not know the magnitude of the problem of digital surveillance.

If you cannot join us for this event live, we will share the replay in an upcoming newsletter.

 

Have you already tried the "Hide My Email" feature?

A few weeks ago, our team made it possible to use “Hide My Email” in your email account.

“Hide My Email” is a mail alias used to receive mails without disclosing your real email address. It is very useful to avoid spamming for example as it keeps your personal email address private. So, instead of using your personal email address when you fill up a form on the web or share your details with someone you don’t know, you can share an email alias, so your real email address isn’t exposed.

The address can be found in this page of your Murena cloud settings. To enable the “Hide my email” function and filter your emails to a specific folder, it only takes a few clicks.

We will show it to you during our Live stream event, or you can find out in our “How to-s” section.

You will soon find “Hide My Email” in the future Murena cloud widget.

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at May 25, 2022 13:09

May 24, 2022

Purism

Purism Launches SIMple Plus for Data Privacy

For those looking for a privacy-focused cellular service in the United States, Purism has launched another option in its suite of privacy-first cellular plans. With other big telecom providers, phone data does not stay private; it’s collected, linked with a person’s identity, and sold to advertisers. With Purism’s cellular services users can get peace of mind and protect […]

The post Purism Launches SIMple Plus for Data Privacy appeared first on Purism.

by Purism at May 24, 2022 15:10

Tutanota

CSAM Scanning: EU Commission's lies uncovered - Surveillance will not save the children.

In its draft law to combat child sexual abuse, the EU Commission describes one of the most sophisticated mass surveillance apparatuses ever deployed outside China: CSAM scanning on everybody's devices. As an email service we regularly receive monitoring orders from German authorities. We have analyzed this data to find out whether monitoring orders are issued to prosecute child molesters.

May 24, 2022 00:00

This Week in F-Droid

Our build and release infrastructure, and upcoming updates

Behind the scenes of F-Droid is a giant pile of automation to manage the process of building thousands of apps from source. This means checking out thousands of source repos, checking them all for updates, building and new releases, and securely signing them en masse. All builds are run in a fresh virtual machine guest instance known as the buildserver. All Gradle binaries and Android SDK packages are verified against our public logs of observed SHA-256 checksums. The transparency log processes also verify against upstream’s public checksums.

Our setup runs on Debian almost exclusively. Debian is a leader in free software, rock solid servers, and reproducible builds. That makes it a natural home for F-Droid. We also work to ensure we maintain the packages we use, and build our processes on top of Debian packages. That means we share the maintenance with anything that uses Debian. It may seem like more work to give back, but our experience is that it pays off in the long run. The F-Droid community is able to maintain many things with a small team. Another example of this is this website itself: it is built using Jekyll packages that are all in Debian.

If you have an app on f-droid.org, you might have noticed that all builds happen on a 5 year old Debian release: stretch. We are in the midst of a big effort to upgrade to the latest bullseye release right now. This is not just a simple apt-get upgrade, we are also taking this opportunity to overhaul the build process so that app builds work with a relatively plain Debian install as the base OS. We have to provide a platform to build thousands of apps, so we cannot just upgrade the base image as often as we like. Some apps need the latest, greatest. Other apps need the ancient, stable base OS. This change means that the metadata contains as much of the build logic as possible, so that the app maintainer has control over all the steps. To achieve this, as much as possible is being stripped out of the from the buildserver base image.

We have considered offering a selection of base images. This is a possible solution, but it is not easy as just using any available Docker image. Only base images that are guaranteed to be free software are appropriate. Just pointing to any Docker image would open up the possibility of proprietary build dependencies, since it is not possible to automatically check whether any Docker image is 100% free software. Using a selection of pre-approved base boxes could solve that. Keep in mind, this is more complex than with GNU/Linux distros since Android apps are cross-compiled. GNU/Linux distros build their packages on their own OS. During builds, Debian does not even allow network access since all dependencies need to come from Debian packages. That level of verification is a goal of F-Droid, and Maven’s work towards a reproducible Maven Central ecosystem helps a lot.

Since CalyxOS builds in F-Droid by default, Calyx Institute also want to ensure that F-Droid is running smoothly, and that app developers are happy. I would like to thank Calyx Institute for sponsoring 42 hours a month of my time to work on making our build infrastructure run smoothly. Additionally, I will be working on improving the automation of the signing process. Our signing process is currently 100% offline. While this is nice for security, it does slow down the release process. With modern hardware security modules and server setups, it is possible to have good security without being 100% offline. Having signing automation then opens up possibilities for parallelizing the whole process, including running multiple app builds, and also, running the main steps of building, index generating, and signing all in parallel. This work will be incrementally deployed as each bit is finished. So be patient, and you will notice releases happening faster and faster!

by eighthave at May 24, 2022 00:00

May 20, 2022

FreeYourGadget

Gadgetbridge 0.67.0: Initial Support for Sony WF-1000XM3 and Galaxy Buds Pro

After two months of development since the last version, we have yet another very interesting feature rich release to talk about. Development felt a bit slow at the beginning but looking at the changelog, there are many additions, improvements and also some newly supported devices.

New devices

Lets start with new support for another two headphones - Sony WF-1000XM3 and Galaxy Buds Pro. While it may feel like "yet another very similar device(s)", each of them required careful work on dissecting and implementing the communication protocols. Big thanks to José R. for work on the Sony headphones and in the case of the Galaxy Buds Pro, also big thank you to two very helpful users - owners of the headphones - who were able to gather the data and help with providing the necessary low level communication info that was required for implementing support for this device.

Bangle.js

We have added another gradle product flavor for Bangle.js specific release. This particular custom flavor will make use of some extra features, together with added permission for networking. Do note that this permission is not enabled for our normal Gadgetbridge releases and is only available on the Bangle.js specific build, as the Bangle.js watch is built around their online application repository and it requires internet connectivity for proper function. We believe that this cooperation with the Bangle project is very useful for both sides and that communities around both Bangle.js and Gadgetbridge can benefit from this connection. We can already see some contributions that help to clarify for example requests for permissions, making Gadgetbridge more user friendly during the initial onboarding experience. Bangle implementation also got new communication intents to be able to share data from/to other Android apps.

Mi Band 5/Amazfit Band 5 enhancements and other improvements

Users of Mi Band 5, Amazfit Band 5 (and several other Huami devices) can now enjoy new features like world clock configuration, workout menu configuration, vibration patter selection, wrist flick sensitivity settings, extended heart rate activity monitoring and alerts and few other improvements.

Thanks to José for all these improvements! We will continue to unlock features on more Huami devices after testing.

The OpenTracks API controller newly supports stop and toggle functions, now after the API itself has been finalized.

The Fossil Hybrid HR now supports a flexible custom menu on the watch as well as the possibility to honor native do not disturb settings. See the much improved wiki page.

Various fixes and enhancements have been done in several places, together with some visual improvements like a few new icons.

Nightly builds

During the Christmas holidays we started utilizing Codeberg's Woodpecker CI (Woodpecker.org) for automatic Nightly release of Gadgetbridge into our own F-Droid repository. This release is automatically built and released every night when new commits have been done to our repository. The nightly release comes in two build types: "normal" nightly release and "No Pebble provider" nightly release. The "No Pebble provider" release was created due to the fact that if you have either the official Gadgetbridge F-Droid release or the original Pebble app installed, you cannot install another app (for example the Gadgetbridge Nightly release) which provides something called "Pebble provider" (com.getpebble.android.provider). The "No Pebble provider" version allows to be installed alongside existing Gadgetbridge or Pebble app. If you are planning to use the Nightly release and want to migrate your data from the official release, make sure to be careful when exporting and backing up your data. See detailed explanation in our wiki here. Big kudos to the Codeberg and Woodpecker teams for providing us with these great tools for hosting and maintaining of our FLOSS project!

Many thanks to everyone for their contributions and support!

For all user-facing changes since the previous blog post, check the following list:

0.67.0

  • Initial Support for Sony WF-1000XM3
  • Initial Support for Galaxy Buds Pro
  • Huami: Add Toggle function for Open Tracks tracking to button actions
  • Huami: Move inactivity warnings, goal notification and HR monitoring to device-specific settings
  • Mi Band 6: set time on connect
  • Mi Band 5/6, Amazfit Bip S/U/Pro: Add world clock configuration
  • Mi Band 5/6: support sensitivity setting for lift wrist configuration
  • Mi Band 5: Add support for configuring workout menu on device
  • Mi Band 4/5/6, Amazfit Bip U/Pro: Add support for vibration patterns
  • Mi Band 5: Increase number of reminder slots to 50
  • Mi Band 5/6: Add setting for HR activity monitoring, HR alerts, stress monitoring
  • Amazfit Neo: Allow to disable beeps for email notifications
  • Bangle.js: Fix incoming calls in release builds
  • Bangle.js build: Add option for enabling/disabling internet access
  • Bangle.js: Add ability to receive intents to com.banglejs.uart.tx
  • Fossil Hybrid HR: Support flexible custom menu on watch
  • Fossil Hybrid HR: Add support for native DND Call/SMS functionality
  • VESC: added battery indicator
  • UM25: Add reset option to current accumulation
  • UM25: Add notification on below current threshold
  • Fix crash when calendar is accessed but permission is denied
  • Add com.asus.asusincallui and com.samsung.android.incallui to blacklist
  • New icons for Sony overhead headphones, Sony WF 800n and Mi Band 6
  • When Gadgetbridge needs permissions, pop up a dialog asking nicely and explaining why

by Petr Vaněk at May 20, 2022 22:00

Tutanota

Fourteen Eyes Countries: How does this affect your privacy and security?

In the interconnected cyber world there are a growing number of platforms providing secure encrypted email, VPN, cloud storage, and other services. However, every time a new company appears eventually the following phrase will pop up: "Don't use this service! It is hosted in a Fourteen Eyes country!" But who are the Fourteen Eyes countries? And most importantly, what kind of privacy risks are taken when using services hosted in the 14 eyes?

May 20, 2022 00:00

May 19, 2022

/e/ foundation

Leaving Apple & Google: How Murena saves you from digital surveillance? Join us on May 31 on streaming!

Leaving Apple & Google: How Murena saves you from digital surveillance? Join us on May 31 on streaming!

  • {Save the date}  Join us on May 31 at 2 p.m. (CEST) to discover the big news! 

How Murena saves you from digital surveillance? Join us on May 31 on streaming!

We are thrilled to announce you that our team is going LIVE on May 31 at 2 p.m. (CEST) to share with you some important news! If you follow this newsletter, you are surely aware of how current industry possessed by Big Techs violates our data privacy and our fundamental rights for freedom of choice.

That is why /e/OS, a privacy concious, open source mobile operating system, was created. After four years of hard work, we are proud to say that the V1 of /e/OS is coming and will be announced on May 31 by Murena team as a part of its privacy solutions together with Murena smartphones and online services.

You can save the date in your calendar using this direct link to the streaming event and share it with those who you would like to initiate in privacy solutions.

During our streaming event we will host a Q&A session, we would be extremely happy to exchange with you and answer to your most desired questions!

Join us for the official launch of our brand Murena and the much awaited /e/OS v1 release! 

We have a lot to share with you!

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at May 19, 2022 22:02

OsmAnd

OsmAnd 4.2 (iOS)

Download online map

Hi there!
We are glad to announce the release of the iOS app version.
Development doesn't stand still, and now the new improved version is available for installation on your devices! Every day, we work to make the iOS version more complete and as functional as the Android version. Inevitably, mistakes and bugs arise along our way, which we try to correct immediately. Thank you for your support and feedback.

Route line appearance

This feature adds the ability to customize the width and colour of the route lines. You can configure the appearance of the route line with different settings, such as Custom and Altitude.

The functions are located here: Menu → Settings → Configure profile → Navigation settings → Customize route line or in Menu → Navigation → Options.

Track context menu: waypoints tabMy places - Tracks - Edit

Tracks

Scroll bar for waypoint groups

Track context menu: added a scroll bar with groups of waypoints, allowing you to quickly select the fitting group.

Track context menu: waypoints tab

Improve track managements

In this release we have added the ability to delete more than one track at the time:
My Places → Tracks → '…' button → choose tracks (the number of selected tracks is displayed at the top of the screen) → 🗑 button

My places - Tracks - EditMy places - Tracks - Edit

Track description

In this menu we have added the ability to view, add and edit the description: Track Context menu → Overview → Description. Here you can add new text or edit an existing description, as well as read the full version of the descriptions.

My places - Tracks - EditEdit

Include heading

A new parameter has also been added to the Track recording plugin: "Include heading". Now, you can save heading information for each recorded point.

Routes

Public transport routes have been divided into types, you can find them on Configure map → Transport.

Transport routes

Fitness and running routes were added to maps. Data for these routes are taken from OpenStreetMap project:

Fitness trailsFitness trails

Horseback riding

Added the new navigation type and Horseback riding app profile. You can also enable Horse routes and 'Difficulty of horse trails' in Configure Map menu.

Horseback riding profileHorseback riding navigation typeDifficuly of horse trails

Files app

OsmAnd files are now visible in the "Files" application. You can access all tracks, custom routing and rendering files through it: Files → On My Phone → OsmAnd Maps

Files appFiles app with OsmAnd folder

Preferred terrain

UX of options "Use elevation data" and "Select elevation fluctuation" was improved. They have been merged and renamed "Preferred terrain", which is now available for "Cycling" and "Walking" profiles.

Navigation options with highlighted Preferred terrain optionPreferred terrain

New map style

The style of maps "Mapnik" has been replaced by a new style "OSM-Carto" style. This was done because at the time "Mapnik" was added to OsmAnd, it was identical to the map style on OpenStreetMap.org, but we didn't have the resources to keep it up to date, so over time it lost similarity to the OSM map style.

If you use "Mapnik", it will be available after the update, but as a custom map style. After a fresh or new installation, you will need to manually import it for use. You can do it by downloading it from GitHub.

  • Mapnik
  • OSM-Carto
Transport routesFitness trails

CarPlay

We upgraded CarPlay function:

  • CarPlay bug fixes, added gestures for touchscreens.
  • Fixed turn arrows color for match CarPlay light theme.
Car Play img by Gilles

Street name widget

Improved Street name widget:

  • Show road shield and exit number during navigation.
  • Visible for all profiles.

Copy details

You can now copy information from Details of the map context menu of any POI: a long press on a cell brings up the "Copy" button.

Transport routes

Added copy actions to the "Share" sheet

Now, when you click (long, short tap) on any pointed object on the map (POI, favorite, waypoint..) and choose "Share" button on the Map Context menu, you will find the addition of copying actions. The selected information will be copied to the buffer:

Share sheet

  • Copy address - allows you to copy the address of a point to the buffer. Example from the image: Kraków.
  • Copy POI Name - allows you to copy the name of a point to the buffer. Example from the image: Kraków.
  • Copy coordinates - allows you to copy the coordinates of a point to the buffer. Example from the image: 47.25963° N, 11.39645° E.
  • geo: - allows you to copy the point geo-tag to the buffer. Example from the image: geo:47.25963,11.39645?z=19.

Fixed

  • Fixed import of GPX files from OSF package
  • Fixed import of custom plugins with included files
  • Fixed various crashes in the Route planning mode
  • Fixed crashes during Navigation

Follow OsmAnd at Facebook, Twitter, and Reddit!

Join us at our groups of Telegram (EN), (IT), (FR), (DE), (RU), (UA), (ES), (PL).

Apple AppStore

May 19, 2022 00:00

May 17, 2022

Purism

Free Software Support Is Critical to Its Success

I’ve been in many “Linux on the Desktop” debates over the years and my stance today is largely the same as two decades ago: if you want free software to succeed, it must be pre-installed on hardware where all hardware features work, with a hardware vendor that supports it. It doesn’t matter nearly as much […]

The post Free Software Support Is Critical to Its Success appeared first on Purism.

by Kyle Rankin at May 17, 2022 18:37

Jolla

Meet the Xperia 10 III with Sailfish OS

It brings great pleasure to announce the release of Sailfish OS 4.4.0 Vanha Rauma for the Sony Xperia 10 III. The combination of Sailfish OS optimised for the Xperia 10 III offers amazing performance at an impressive price, giving the best Sailfish OS best experience yet. Sailfish OS on the Xperia 10 III also includes beta VoLTE support, disabled by default, but available for brave community members to try out for the first time. Not only is this the best way to experience Sailfish OS, but we also believe it’s the best way to enjoy the Sony Xperia 10 III hardware.

We know that many of you have been eagerly awaiting the release since we previewed it at the Sailing for Ten Years party in Berlin. We’ve been working extremely hard to ensure it runs in the best possible way, and we’re very happy with the result. You can try and buy Sailfish OS to flash directly to the Xperia 10 III from the Jolla Shop for 49,90€, the same price as all the other Sony devices in the Sailfish X program. For this, you’ll get the Sailfish image to flash to your device of course. In addition, you get the paid extras of Android AppSupport for running Android apps directly within Sailfish OS, Exchange ActiveSync support for Office 365 syncing of emails, calendars and contacts, and predictive text support.

To give you an idea about what to expect from the Xperia 10 III, we thought we’d take a bit of a tour of the hardware. As this is a new device, there are also a few known issues that you should be aware of. We’ll discuss those and the beta VoLTE support later

What you get from the Xperia 10 III

To look at, the Xperia 10 III is remarkably similar to the Xperia 10 II. There are some tell-tale differences: marginally thicker (8.3 mm vs 8.2mm) to accommodate a larger battery and with a slightly thinner screen bevel, especially at the top.

But it still has the same comfortably smooth glass casing, the same conveniently placed combined power button and fingerprint reader on the side, the same slightly raised three-lens camera bump on the back, the same uniquely-Sony 21:9 (1080 x 2520 pixel) screen aspect ratio, and the same sleek yet understated Sony design.

We’ve done our best to ensure Sailfish OS makes the most of all this hardware. And we see that in the performance results we get with the device. For example, on the browser, the Octane 2.0 benchmark jumps from 6696 on the Xperia 10 II to a whopping 15925 on the Xperia 10 III. Jetstream2 similarly leaps from 19.046 up to 36.622. If you’re updating from an older device you can expect an even greater improvement.

And this isn’t just demonstrated in the numbers, you can also really feel it when you use the device too.

Running this rather-beautiful jellyfish browser simulation with a hundred jellyfish, the Xperia 10 III consistently manages a silky-smooth 60 fps. In contrast the Xperia 10 II could only manage an average of 43. This level of performance difference is quite noticeable in practice.

For graphical transitions or background processes there’s a visibly noticeable improvement that makes Sailfish OS feel tangibly smoother and more responsive. We’re talking buttery smooth. The great news is that these performance improvements don’t come at the expense of battery life. The Xperia 10 III will run far faster and for far longer than the Xperia 10 II.

Rendering full-screen HD video with the screen set to eye-watering full-brightness on both devices running Sailfish OS, the Xperia 10 III kept going for 58% longer than the Xperia 10 II. That’s a testament not just to the 25% larger battery (4500 mAh vs 3600 mAh) but also to the amazing effort Jolla’s adaptation team has put into making the Xperia 10 III run as efficiently as possible (back in December an early Xperia 10 III adaptation was was losing charge 31% faster than the Xperia 10 II).

VoLTE beta

We are also happy to announce that brave community members are now able to try the beta version of VoLTE available for the Xperia 10 III. It is disabled by default, but you can enable it and join the testing by following the instructions on the forum.

A foundation for future development

While we’re really incredibly happy with how Sailfish OS runs on the Xperia 10 III, there are a couple of important issues we’re still working on which we didn’t want to delay the release for. First, a glitch in the underlying firmware means echo cancellation for calls using the internal speaker works incorrectly. Second, only the standard back-facing camera (12 MP, f/1.8, 27mm, 1/2.8″, PDAF) and the front-facing selfie camera are available for use with Sailfish OS. In the latter case, we’re hoping to work with our amazing community to develop a solution. For more details, please see our related forum post.

As with any new release there are also likely to be a few other bumps, and we’re always keen to receive your feedback and to iron them out.

New features for all phones

As we roll out the changes needed for the Xperia 10 III, we’re also taking the opportunity to provide an update for all our existing users too. This point-release update rolls out changes that aim to make an immediate improvement to the everyday Sailfish OS experience.

Apps with the Location permission will now be able to access the compass; the updated Mozilla Location Services databases will improve GPS lock speeds; browser improvements will ensure more websites work better on Sailfish OS. We’ve also added a Restart Fingerprint button to alleviate an intermittent issue with the fingerprint sensor some users have experienced.

These changes will bump up the Sailfish OS version from 4.4.0.58 to 4.4.0.64.

The best way to run Sailfish OS

Based on our experiences using the Xperia 10 III during development over recent months, we’re convinced that it’s not just a worthy addition to the Sailfish X line-up, but the best addition yet. We’d go so far as to say it gives the best Sailfish OS experience of any of our devices, by a wide margin. We hope you enjoy using it, and will join us on our journey to continue improving it further.

 

Read more in the Sailfish forum’s release post

The post Meet the Xperia 10 III with Sailfish OS appeared first on Jolla Blog.

by lisotalo at May 17, 2022 14:06

Tutanota

Welcome Paul and Kinan to the Tutanota team with us!

In 2022, Tutanota continues its growth and so does our team. Please welcome Paul and Kinan with us! We expect that many more people will join our team here in Hanover so if you are passionate not only about privacy, but also about programming, be sure to apply with us.

May 17, 2022 00:00

May 16, 2022

Tux Phones

Using a Linux phone as a secondary monitor

Using a Linux phone as a secondary monitor

As a software developer on the go, one of the very first use cases that I started investigating after installing Linux on my first tablet was that of using a portable device as a secondary display for another Linux machine. Ideally, this would happen wirelessly (or wired, if that involved lower power consumption), with unnoticeable delay, and - why not - even including real-time touchscreen input.

The journey, however, took longer than planned. Existing solutions, like VNC, tend to be strangely laggy, and others, like Miracast, are so deeply enclosed in proprietary protocols that they do not scale well to a bug-free experience on all devices. The first solution to this problem, at an even less stable stage than currently, was my most shared post ever on Twitter, so I decided to write a post on how this was done.

why is everyone liking my hacks
~ me, 2022

To start, let us split this problem in even smaller bits. Namely, components are:

  • Virtual display handling: creating a fake video output. On Xorg, some GPU-specific hacks exist (probably Intel-only) vs Wayland (mutter)
  • Video capturing: we assume that the windowing system grants enough permissions to capture the screen
  • Video streaming: This, of course, needs to be fast. So real-time stream compressing and decoding is necessary.
  • Network: This one is easy, at least on our side. By replacing most known network overhead (e.g. not relying on central Wi-Fi APs, getting rid of TCP packets, ...) and transmitting bare-bones UDP packets from point to point, we achieve significant gains in performance. In fact, even dropping wireless entirely and using Ethernet over USB (which e.g. postmarketOS supports) could further reduce latency.
  • Display / decoding on host machine: as we said, needing fast video decoding is not obvious in the hellish landscape of fragmented ARM SoCs, and their many video decoders, some running over proprietary wrappers (e.g. Adreno), some over hacky adaptions of Android userspace (e.g. hybris), some supporting a ridiculously small subset of features in mainline (e.g. old Nvidia Tegras), and some not supported at all. Furthermore, with most ports using Android drivers, this needs to be reproducible on myriad of kernels also without mainline kernel!
  • (Optional) input device handling: to get and transmit touchscreen events smoothly on the receiving screen, and map them as a real touch input on the host device. A little spoiler: I did not get here yet, and will not any time soon.

Decent reliability, easy reproducibility (even on downstream kernels) and acceptable latency are required.

The off-shelf solutions for streaming existing desktops (but not a virtual desktop) with are endless, and they include Deskreen (which communicates over WebRTC), or more simply an almost hidden feature in VLC that enables streaming and transcoding of the desktop, simple VNC,  and a myriad of open-source (X11, often semi-abandoned) and proprietary streaming apps. However, not all devices have a hardware HDMI port, and bringing a fake hardware adapter to trick the GPU into enabling a second video sink is chaotic to say the least. The alternative, at this point, is to use a Mutter-based desktop, or any other window manager with some sort of built-in interface for creating virtual screens in software.

After a few failed attempts, with latency in the range of seconds, I am starting to see some light. By getting rid of as many layers as possible, minimizing the overhead, and just trying the simplest hacks for raw streaming, performance is getting surprisingly acceptable: at 5Mbps bandwidth, this means over 10 FPS, and latency is probably around 200ms over good connections.

Using a Linux phone as a secondary monitorOne real monitor, four impostors ඞ. The sky is the limit!

Prerequisites

  • In particular, this solution requires the Mutter window manager (40+), so GNOME, Elementary, Budgie or other Mutter-based desktops. This clean D-Bus API is also an unified solution for virtual monitors between Wayland and Xorg. Theoretically, virtual monitors have also been supported by other window managers like KDE and Sway for a while, so adapting this solution should be relatively easy.
  • You will also need a PipeWire enabled stack, so a very modern distribution such as Fedora 35+ or Arch Linux. In theory, you can use PipeWire for video also on a system using the now-legacy PulseAudio for handling sound
  • Wi-Fi, working USB Ethernet, or any other network with acceptable latency
  • Finally, hardware video acceleration on the receiver side is a must. Plain CPU video decoding will either lag behind the stream, or consume a lot of power in the process, or both.

Current st(h)ack

I created a Python script based on an older Mutter API demo script. This was modified to have bare-bones streaming, and requires the following D-Bus and command line interfaces:

  • Mutter: to create a virtual display
  • PipeWire: to manage the stream
  • GStreamer: to compress/send/receive video between the two devices.

In particular, two commands are used. On the sender:

  • pipewiresrc path=%u ! This starts the stream from PipeWire
  • %s videoconvert ! ...and transcodes to x264 video stream
  • x264enc tune=zerolatency bitrate=5000 speed-preset=superfast !
  • rtph264pay ! ...encapsulates the stream
  • udpsink host=... port=... ...and transmits it to the host via "raw" UDP

On the receiver:

  • DISPLAY=:0 is optional, but allows invoking the script e.g. from headless sessions such as SSH. The display identifier may clearly differ (:1, :2, etc.)
  • gst-launch-1.0 udpsrc port=... caps="application/x-rtp, media=(string)video, clock-rate=(int)90000, encoding-name=(string)H264" ! This receives the UDP stream
  • rtph264depay ! avdec_h264 ! videoconvert ! ...decodes it,
  • autovideosink sync=false ...and starts an auto-detected compatible video sink

Remember to install gstreamer1.0-tools or the equivalent package on the receiver.

A demo of the solution presented here: 1280x720 virtual monitor on a Purism Librem 5. This video was done on a deliberately "slow" configuration (using an external, far away 20Mbps router, rather than point-to-point connectivity)

How to test (pre-alpha)

Again, this is just the earliest working experiment. However, if you are not worried about this script probably not working in your case, here is the testing procedure:

  • Download the script linked at the end of this post,
  • Establish a network connection, point to point (aka: "computer to phone") if possible to minimize the switching and routing delay of far away access points.
    This can be done either via USB Ethernet, or more simply via Wi-Fi (e.g. with one device in AP/hotspot mode, and the other connected to it). Using "standard" Wi-Fi with an external router is also possible, but results in unreliable latency of around 0.5-1.5s.
  • Get the (local) destination IP address of the receiver via ifconfig, or an equivalent, and run the command on the sender:
    python3 gnome-virtual-cast-and-stream.py -v {width} {height} {destination IP}
  • Copy the "receiving command" from the console, and execute it on the receiving device, e.g. through SSH. You may need to adapt or remove the DISPLAY=:0 variable.

Results

This solution, which should minimize overhead to reasonable levels, depends highly on the decoding capabilities of the receiving devices:

  • On CutiePi Tablet (Raspberry Pi CM4), using open-source drivers, this tool worked perfectly
  • On a mainline Linux phone (Purism Librem 5), the virtual monitor experience was equally solid
  • On an Intel i5 tablet, this solution also worked flawlessly
  • However, on some older Qualcomm devices (tested on Snapdragon 820) this was seemingly much slower and glitchy. This is possibly due to the mainline Linux drivers for the Qualcomm Venus (V4L2) video decoder being immature, although replacing avdec_h264 with v4l2h264dec in the command above should enable Venus-based decoding.  (– thanks Yassine for the suggestion)
  • On a Linux device with no video decoding or hardware acceleration, this will be inevitably slow
Testing the virtual display script on an 8" CutiePi Tablet (1280x720 virtual screen) in point-to-point mode

Generalizing

Needless to say, the priority would be to find ways to generalize this procedure to a wider share of Linux devices:

  • KDE: This should already be possible at the moment. PipeWire and screencasting APIs are indeed present, and Kwin should support creation of virtual outputs to some extent
  • Sway: there is an issue for this, and it may become possible in the future
  • To X11-based desktops:  This is much simpler, although messier, than on Wayland. Creating virtual screens is supported, for example, by Intel GPU drivers, and screen capturing on this virtual sink is possible also without Mutter.
    However, in my experience, Xorg streaming is considerably glitchier, maybe due to the different buffering mechanism;
  • To (possibly?) even lower overhead: Using network via USB, rather than Wi-Fi as in the demo seen above. Removing or replace the x264 codec for a faster alternative, reducing the latency of encoding and decoding the stream at the price of possibly higher bandwidth and power consumption;
  • To Linux devices without GPU drivers and/or video acceleration (e.g. many Android phones with basic Linux support): replacing x264 with a raw stream might work better for CPU rendering, but it will remain a relatively painful and power-consuming experience;
  • To many virtual screens: This works already as simply as launching several instances of the script on the transmitter, each pointing to a different target IPs and port. Provided that the wireless bandwidth is enough, and the higher power consumption is not a concern.

Conclusion

The road to a universal, usable solution is still long, but this is the first footprint of a working solution for the majority of devices and distributions. For the moment, a 100-line Python proof of concept is linked below.

TuxPhones / Side Displays · GitLab
Secondary wireless screen experiments
Using a Linux phone as a secondary monitor

by Raffaele T. at May 16, 2022 19:34

May 14, 2022

Gregor Santner

Markor v2.9 - Snippets, Templates, Graphs, Charts, Diagrams, YAML front-matter, Chemistry

Markor v2.9 update is out! Get the update from F-Droid or GitHub!
Continue reading to find out what’s new, improved and fixed in this update.

Highlights

Install Markor / Update to latest version

Availability
You can install (& update) Markor from GitHub Releases and F-Droid.

Google Play
The 2.8.0 version remains available, but no updates will be deployed to Google Play. The available downloads on GitHub are signed by me (gsantner) and have the same signature like on Google Play. This means you can download the *.apk from GitHub and directly install the update if you currently use the Google Play version.

Download the latest Markor update from GitHub here:
Get it on GitHub

Markor is also available from F-Droid, the store for free & open source apps. The *.apk’s available for download are signed by the F-Droid team and guaranteed to correspond to the (open source) source code of Markor. Generally this is the recommended way to install Markor & keep it updated.

Get it on F-Droid

Admonition: block-styled side content

The Admonition Extension allows for easy creation of beautiful colored boxes.
Helpful when you often work with side notes and boxed content.

Snippets / Custom templates

Create as many custom snippets / templates you like by placing textfiles in the subdirectory .app/snippets of your Markor notebook (start) directory.
Open a document and place the cursor on whatever position you want to insert text.
Then click the new snippets button on the bottom-bar (see screenshot) and select the desired snippet.

Note: The snippet directory is automatically created the first time you click the snippets button in the bottom-bar.

The right place to ask

If you have questions or found an issue please head to Markor GitHub Discussions and ask there. Search for same and related issues/questions before, it might be already answered or resolved.

Every day I (gsantner) get many personal emails containing feature requests & questions about Markor. It takes much time to answer these things. Often it is already answered public - or to another person as response in private email. This means wasted time, which can’t be used for improving & developing Markor.

You are kindly asked to discuss at the proper place, which is GitHub Discussions.

Display YAML front-matter block contents

Markor now parses the Markdown YAML front-matter and can display it’s contents in the view mode.
The keys to display can be configured in the Markdown settings category.

Increased performance & under the hood improvements

Markor got lot’s of under the hood improvements in all areas - editor, filebrowser, syntax highlighting, textactions, widgets…

Notable:

  • Faster screen transitions
  • Short-time filesystem metadata caching for quicker loading of folders at the filebrowser

Charts / Graphs / Diagrams (mermaidjs)

You can now create graphs using mermaidjs syntax in Markdown files.
Checkout the mermaidjs live-editor for more & advanced examples.

Other notable changes & additions

  • Allow to install APK files from filebrowser on click
  • Markdown Table of Contents options
  • Zim: Follow links to other wiki pages
  • todo.txt: Better browsing at editor with dialog & saved search queries
  • Settings option to enable/disable Chrome Custom Tabs
  • Privacy settings option to disallow screenshots of Markor
  • Debloat & drop experimental/unused features, i.e. todo.txt huuid
  • Support Android Day/Night theme system
  • Filebrowser: Show full filename (multiline allowed instead of singleline only)
  • View mode: Open links to folders in filebrowser
  • Markdown: Better Math support, add mhchem chemistry module
  • Per-file settings - In addition to the global settings, many options are now also configurable on a file basis

Comments / Update disussion / feedback

The discussion is here, feel free to join!

All changes in this release

Notice: Check the git history for most recent code changes.


May 14, 2022 00:00

May 13, 2022

Purism

The Second Best Time to Protect Your Privacy

There is a well-known Chinese proverb that says “The best time to plant a tree was 20 years ago, the second best time is now.” This saying applies to many areas of life, and it also applies to privacy. The last few decades have seen a dramatic increase in the depth and breadth of privacy […]

The post The Second Best Time to Protect Your Privacy appeared first on Purism.

by Kyle Rankin at May 13, 2022 15:26

May 12, 2022

Purism

Summer Sale on Librem 14 Laptops

Looking for the best time to order your Librem 14 laptop? Librem 14 is one of the most secure laptops we’ve built so far.  The laptop is designed chip-by-chip, line-by-line, to respect your rights to privacy, security, and freedom. Standard orders ship within 10 days. All you have to do is enter the coupon code, L14SUMMER […]

The post Summer Sale on Librem 14 Laptops appeared first on Purism.

by Purism at May 12, 2022 20:04

Tutanota

The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection.

In its draft law to combat child sexual abuse, the EU Commission describes one of the most sophisticated mass surveillance apparatuses ever deployed outside China. Even if an AI scans your private messages, it remains warrantless mass surveillance of everyone. Once again, the EU Commission is using child protection as a pretext to introduce mass surveillance without any reason.

May 12, 2022 00:00

May 11, 2022

Purism

Improved Delivery Time for Librem 5 USA: May 2022 Update

We are almost there! We have overcome a number supply chain and manufacturing challenges for the Librem 5 USA and have been steadily shipping through orders this Spring. It’s been really gratifying to hear all of the positive feedback from Librem 5 USA customers who now have their phones. Based on the current backlog of […]

The post Improved Delivery Time for Librem 5 USA: May 2022 Update appeared first on Purism.

by Purism at May 11, 2022 17:00

/e/ foundation

Leaving Apple & Google: ecloud referral program, Don’t miss our limited offer for Murena Fairphone 4

Leaving Apple & Google: Earn up to €40 of credits for your cloud storage by inviting your friends to join ecloud!
Discover our special limited offer for Murena Fairphone 4

  • Earn up to €40 of credits for your cloud storage by inviting your friends to join ecloud!
  • Don’t miss our limited offer for Murena Fairphone 4

Earn up to €40 of credits for your cloud storage by inviting your friends to join ecloud!

How does it work?

Earn up to €40 of credits for your cloud storage by inviting your friends to join ecloud!

For every friend who joins and creates an ecloud account, you will both earn €2 to be used for cloud storage on ecloud.

Let’s make more people discover privacy by design solutions!

Read our FAQ to learn how to refer a friend.

 

Step 3
You can copy your unique link easily and use it elsewhere, for example, emailing it to your friends or even sharing it in a tweet.
Step 4
For every friend who uses this link to create a free account, you will both receive 2€ of cloud credits in your esolutions.shop account.

What is ecloud?

ecloud is your personal email account, your agenda and contacts, your drive on the cloud and your online office suite, all combined in one single service, simple to use. ecloud is powered by proven open-source software like Nextcloud and OnlyOffice.
Your ecloud account is free up to 1 GB of storage. Our paid plans start at €1,99 per month for 20 GB.

Don't miss our limited offer for Murena Fairphone 4

Protecting your privacy is important, and so is protecting your phone! 

This month, we’re helping your Murena Fairphone last longer!

For any purchase of a Murena Fairphone 4 you receive a free Longevity Pack (RRP € 69.90), consisting of a Protective Case (color choice grey or green) and a Screen Protector (Blue Light Filter).

This offer runs from May 9th to 29th 2022.

Read the terms and conditions here

Support the project!

User’s data privacy and finding alternatives to regain control over our data has never been a more pressing issue than it is today. The timing is great to build something new!

Your contribution is key to the success of an ambitious project like ours!

Contribute, test & report bugs in /e/OS

Share on social media

Join the Community

Donate

by e_admin at May 11, 2022 14:42

Tutanota

The Mitto AG surveillance case - or why we must never backdoor encryption.

Mitto AG, a Swiss company, is said to have helped with mobile phone surveillance on a grand scale. Investigations are ongoing, but current leaks hint at one employee that cooperated with secret services around the world by handing out location data freely - and without any legal oversight.

May 11, 2022 00:00

May 09, 2022

Purism

Cameras: It’s Complicated

Two years before I started working on cameras for the Librem 5, I thought the work would go something like this: first, write a driver, then maybe calibrate the colors, connect to the camera support infrastructure, and bam! PureOS users on the phone would then do teleconferences with Jitsi or snap selfies with Cheese, just […]

The post Cameras: It’s Complicated appeared first on Purism.

by Dorota Czaplejewicz at May 09, 2022 15:39

May 07, 2022

Tux Phones

AVMultiPhone is a peculiar MATE-on-phone desktop spin

AVMultiPhone is a peculiar MATE-on-phone desktop spin

After SXMO, the DWM-on-phone mod that became popular for its practical minimalism with the PinePhone, and the lesser known ExpidusOS XFCE-based shell, many of the traditional lightweight Linux desktops are receiving touch-friendly adaptions. A relatively new project, AVMultiPhone, is loosely based on the popular MATE desktop, which continues the GNOME 2 legacy experience with modern libraries such as Gtk3.

However, there is more to this than standard MATE. First and foremost, the touchscreen experience appears to be nearly complete, and generally usable. Secondly, a series of applets and configurations was added to ease the integration of details such as touchscreen keyboards.

LINMob showcasing AVMultiPhone (version 1) in 2020

The desktop can be tested as part of the "AVMultimedia" distribution, which is available for download on SourceForge in a PinePhone image, and was developed by the Swiss firm Archivista GmbH.

But apart from the above, not much is known about this desktop yet.  The blog post announcing a version 2, linked below, explains the project in depth, but the source code for this pre-alpha does not appear to be immediately available online, and the author suggests buying a book, or donating to their bank account to motivate any possible future development. Which, admittedly, is a peculiar approach to open-source.

AVMultiPhone V2
AVMultiPhone AVMultimedia Open Source PinePhone PostmarketOS Linux Android LineageOS e.foundation Havoc Pocket Computer Nokia N900 Smartphone
AVMultiPhone is a peculiar MATE-on-phone desktop spin

Via LINMob (YouTube)

by Raffaele T. at May 07, 2022 08:42

May 06, 2022

NewPipe

An overdue announcement about NewPipe-Legacy being archived

The gist: NewPipe-Legacy isn’t maintained anymore (since January 2021, actually). The team is hoping for a developer to step up and become a permanent maintainer for the Legacy version. This means that you, the user, either need to switch to a device with a newer OS so that you can use NewPipe, or to an alternative app that supports your Android version. At least for the time being.

Regarding: users

We’re sorry to tell you that the erstwhile maintainer of NewPipe-Legacy, @friendlyanon, isn’t interested in maintaining it anymore. So those of you that are stuck on devices which run Android versions 4.1 to 4.4 are out of luck for now. If a developer comes along and updates the Legacy app, great! Until then, you can only shake your fist with anger, sadly.

Anyway, let us all thank @friendlyanon for maintaining NewPipe-Legacy for as long as they did!

Regarding: developers

Please note that NewPipe will be moving on to a newer, maintained version of OkHttp soon, which unfortunately means letting go of Kitkat (4.4+) support. Lollipop (5.0+) will become the new minimum version we officially support.

What this means for any prospective maintainer is that they will need to look for an alternative to OkHttp that is actively maintained and supports Kitkat (and below?) as well. Using an unmaintained library means that you risk exposing users to any security exploits that get discovered in them; a risk which we are not willing to take.

Moreover, the Extractor has also moved on to using Java 8 fully, instead of just the limited Java 7 features compatible with old Android versions. Fortunately desugaring exists, which allows you to down-compile modern features into Java bytecode that is compatible with older versions. Desugaring up to Java 8 is still not fully available on pre-KitKat, but Google is working on this, and a new Android Gradle Plugin version will soon be released with the needed capabilities.

That’s it. If you’re still up for the challenge after reading all that, then please drop us a message on #IRC, or better yet, open an issue on the NewPipe repo letting us know you’re interested in maintaining NewPipe-Legacy!

Team NewPipe out.

May 06, 2022 23:00

Purism

Purism and Linux 5.18

Following up on our report for Linux 5.17 this summarizes the progress on mainline support for the Librem 5 phone and its development kit during the 5.18 development cycle. This summary is only about code flowing upstream. Librem 5 camera support This time it’s been all about various media drivers that are needed when using […]

The post Purism and Linux 5.18 appeared first on Purism.

by Martin Kepplinger at May 06, 2022 16:02

Paul Schaub

Creating an OpenPGP Web-of-Trust Implementation – A Series

I am excited to announce that PGPainless will receive funding by NGI Assure to develop an implementation of the Web-of-Trust specification proposal!

https://nlnet.nl/assure/

The Web-of-Trust (WoT) serves as an example of a decentralized authentication mechanism for OpenPGP. While there are some existing implementations of the WoT in applications such as GnuPG, their algorithms are often poorly documented. As a result, WoT support in client applications is often missing or inadequate.

This is where the aforementioned specification comes into play. This document strives to provide a well-documented description of how to implement the WoT in an interoperable and comprehensible way. There is already an existing implementation by the Sequoia-PGP project (Neal, the author of the specification is also heavily involved with Sequoia) which can serve as a reference implementation.

Since I imagine implementing the Web-of-Trust isn’t a straight-forward task (even though there is now a specification document), I decided to dedicate a series of blog posts to go along with my efforts. Maybe this helps others implementing it in the future.

What exactly is the Web-of-Trust?

The essential problem with public key infrastructure (PKI) is not to obtain the encryption keys for contacts, but rather verify that the key you have of a contact really is the proper key and not that of an attacker. One straight-forward solution to this is used by every user of the internet every day. If you visit a website on the internet, the web server of the site presents your browser with its TLS certificate. Now the browser has to figure out, if this certificate is trustworthy. It does so by checking if there is a valid trust-path from one of its root certificates to the sites certificate. Your browser comes with a limited set of root-certificates already preinstalled. This set was agreed upon by your browsers/OS vendor at some point. These root certificates are (mostly) managed by corporations who’s business model is to vouch for your servers authenticity. You pay them so that they testify to others that your TLS certificate is legitimate.

In this case, a trust-path is a chain of certifications from the trusted root certificate down to the sites TLS certificate. You can inspect this chain manually, by clicking the lock icon in your browsers task bar (at least on Firefox). Below is a visualization of the TLS certificate chain of this blog’s TLS certificate.

The certificate “ISRG Root X1” belongs to let’s encrypt, a not-for-profit CA that very likely is embedded in your browser already. R3 is an intermediate certificate authority of let’s encrypt. It certified my blogs TLS certificate. Since during the certificate renewal process let’s encrypt made sure that my server controls my domain, it has some degree of confirmation that blog.jabberhead.tk in fact belongs to me. This step can be called manual identity verification. As a result, it can therefore attest the legitimacy of my TLS certificate to others.

One property of this model is that its centralized. Although there is a number of root certificates (hundreds in fact, check your /etc/ssl/certs/ directory!), it is not trivial to set up your own, let alone get browser/OS vendors to include it in their distributions.

Now lets take a look at the Web-of-Trust instead. The idea that describes the difference between the centralized TLS model and the WoT best, is that people trust people instead of corporations. If Alice trusts and vouches for Bob, and Bob trusts and vouches for Charlie, Alice could transitively trust Charlie. These trust paths can get arbitrarily long and the whole network of trust paths is what we call the Web-of-Trust. Instead of relying on a more-or-less trustworthy certificate authority to attest key authenticity, we gather evidence for the trustworthiness of a key in our social circle.

This model can be applied to corporate environments as well by the way. Let’s say FooBank is using the Web-of-Trust for their encrypted email traffic. FooBanks admin would be tasked with keeping a list of the email addresses of all current employees and their encryption keys. They would then certify these keys by signing them with a company key which is kept secure. These certification signatures are valid as long as the employee is working at the bank. Other employees would in return sign the company key and mark it as trustworthy. Now they can build a trust path from their own key to that of each other current employee. In that sense, the CA model can be seen as a special case of the Web-of-Trust.

The main problem now is to find an algorithm for determining whether a valid trust path exists between our trust-root and the certificate of interest. You might wonder “What is the trust-root? I thought the WoT comes without centralized trust in a single entity?”. And you are right. But we all trust ourselves, don’t we? And we trust ourselves to decide whom to trust. So to realize the WoT, we define that each user has their own “trust-root” certificate, which is a single certificate that certifies “trusted introducers”. This is the start of the trust-path. In case of FooBank, Employee Albert might for example have a personal trust-root certificate that certifies FooBanks CA key, as well as that of Alberts wive Berta. Now Albert can securely message any FooBank employee, as well as his wive, since there are trust-paths available from his trust-root to those contacts.

Luckily, the problem of finding an algorithm to determine trust-paths is already solved by the Web-of-Trust specification. All that’s left to do is to understand and implement it. That cannot be that hard, can it?

To be continued…

by vanitasvitae at May 06, 2022 10:18

May 05, 2022

Tutanota

Fixed potential hard-to-execute XSS vulnerability in Tutanota.

On April 27th a hard-to-execute Cross-Site Scripting (XSS) vulnerability has been reported to us. This has now been fixed. We thank the user reporting the vulnerability. The vulnerability only affected Tutanota when used in Firefox and it needed several steps by the user to make it potentially executable.

May 05, 2022 00:00

OsmAnd

The new website version

Hi!
We're glad to announce the new version of the website. While it's the demo version but we work each day with it. OsmAnd website code on GitHub.
What you can find new on our website.

Website

Search function

We added search function in the website. Now, you can find needed article quickly.

Search

OsmAnd docs

The section is still under active development and content. Anyone can also join checking and writing articles on our Github page.

We added demo version of next sections:

User guide

This section contains articles on how to use the application and what features the application includes.

User guide

Map legend

Map Legend has opportunity comparing day/night mode. While it's a demo version, in the nearest future we will upgrade Map legend for the full version.

Map Legend

Technical documentation

In this section, we are collecting articles for advanced users. There is info about how to build OsmAnd app, create maps and etc.

Technical documentation

Follow OsmAnd at Facebook, Twitter, and Reddit!

Join us at our groups of Telegram (EN), (IT), (FR), (DE), (RU), (UA), (ES), (PL).

May 05, 2022 00:00

May 04, 2022

Purism

Why I Support Purism, A Tech Company that Respects Digital Rights

I started working with personal computers over 40 years ago, back when an IBM desktop computer with 64KB of RAM and two 360KB floppy disks cost almost CAD$10,000. I bought the first Macintosh computer sold in Canada from the Hudson’s Bay Company in Montreal. I bought the first iPhone in Buffalo on the day the […]

The post Why I Support Purism, A Tech Company that Respects Digital Rights appeared first on Purism.

by Ben Trister at May 04, 2022 17:54

May 03, 2022

Tux Phones

Purism Librem 14 review (part 2): The ethical flagship

Purism Librem 14 review (part 2): The ethical flagship

Following the first part of our review of the Purism Librem 14 laptop, this review focuses on software, multimedia usability, repairability, and long-term maintainability.

Disassembly and Repairability

When I asked Purism whether I was allowed to disassemble their sample, I received a very encouraging response – as if, in fact, this was given for granted to their experienced customers. Not only users are allowed to disassemble it, but official guides exist on replacing fundamental parts, and getting your hands dirty with component upgrades.

In fact, after removing the back metal plate through M2 star screws, held together by diagonally placed, very solid aluminium guides, this is nostalgically one of the few remaining laptops where components are supposed to be upgraded.

Justified by the promise of thinness, one often debunked by the abundant empty space in casing, most manufacturers solder RAM, SSDs and processors on circuit boards, pursuing a "buy and regret" philosophy: regret not spending an extra $200 on $50 worth of RAM upgrades, and for this reason seeing your laptop slow down in few years, or $300 for a slightly larger solid-state drive, at the time of purchase. After Apple, essentially all consumer laptops (including some ThinkPads) are taking the same route.

Purism pursues the opposite: total transparency of upgrades, with a variant of the standardized modular layout found in most older machines. In fact, not only can the m.2 NVMe SSD and DDR4 SO-DIMM RAM be upgraded from the base 8GB to up to 64GB (!) through standard slots, but the 4-cell Lithium battery can be downgraded to a smaller, 3-cell one if place for a second (SATA over m.2?) disk drive becomes a priority.

The network card can also be replaced by hand, popping it out of its m.2 slot, as is the case on the Librem 5.

The circuit board shows excellent soldering, with very solid connections, apart from some stray wires for replaceable circuitry (fans, etc.) held together by tape. There are some microswitches on the board, perhaps easing the re-flashing of onboard chips such as the EC (more below), and a physical RTC battery floating around, which in my test sample happened to attach to the magnet of one speaker cone, compressing it.

Display

As usual, I will skim on in-depth display judgement due to my inexperience in this department. At a first glance, the Full HD, 60Hz, IPS screen appears good, if anything enough to align with good IPS panels, with balanced colors and decent viewing angles. Brightness is just "okay" (probably around 300 nits?), making it hard to read in direct sunlight. On this side, most expensive consumer laptops go further, with 2K panels, 400- or 500-nits brightness, HDR, and such.

The matte finish is somewhat limiting compared to most glass assemblies used nowadays, which would provide enhanced contrast and brightness. But the majority of premium laptops, including new ThinkPads, still choose matte over glass, perhaps for its better durability, weight, and higher flex resistance. Similarly, Full HD panels tend to provide considerably better battery life than 2K+ counterparts, so given its "high enough" resolution on a 14" panel, it does its job respectfully.

Comparison of IPS panels on Dell XPS (glass finish) and Purism L14 (matte finish)

Multimedia usability

Coming to the audio and video side of things, edges get rougher: the webcam is just okay for video calls, with narrow area and entry-level resolution. It does its job, but is just basic for videoconferencing.

Purism Librem 14 review (part 2): The ethical flagshipWebcam

The microphone appears to work without distortion, while speakers sound noticeably worse than on most high-end laptops: tinny and muddy in the default configuration, with an extreme emphasis of frequencies around the 1kHz mark, with any mid-bass presence covering the midrange, and somewhat artificial-sounding treble. This gives problems with clarity also in conversations.

I am also doubtful about the placement of the speakers: the stereo speaker cones look to be of good quality and generously sized, but perhaps due to the lack of a large enough acoustic "chamber" on their back, or due to the bottom-firing orientation, which is overly reliant on the resonance made by the bottom of the laptop rather than firing them to the outer world. In general, resonance is hard to handle correctly, and exploiting the "chamber" on the bottom of the laptop will significantly decrease quality if not tuned carefully.

Since audio is, in general, something I tend to pay particular attention to, I wanted to understand what made the speakers sound so disappointing. The answer is partly simple: lack of system-level software equalizer (which would need to be maintained as a custom PulseAudio daemon), or a hardware DSP, for the sake of a "vanilla" Linux experience. Thankfully, post-processing will fix part of this, but I believe that a slightly modified assembly of the same speakers (ideally facing in another direction) would solve most of their remaining issues.

Downloading PulseEffects and tuning the equalizer considerably optimized the speakers, bringing perceived sound quality from a 2/10 to a 5.5/10 or so, with vocals becoming clearly audible, and acquiring control over mid-bass. The base profile I used can be found on this page, although there is room for improvement from the suggested configuration: for example, the "maximizer" enabled by the maker of this profile can make sound levels inconsistent (if not be dangerous for the voice coils?), and recessing the artificial peak at 16kHz given by this profile makes the sound smoother and easier to appreciate in the long run.

Software: PureOS and beyond

What makes the experience so transparent is the upstream integration of the Librem hardware with vanilla Linux. For instance, no matter what distribution the user will run, firmware for all hardware components is upgradable through the fwupd interface, a project to unify all firmware upgrades in a single Linux userspace standard.

On the other hand, Purism&aposs own PureOS is a strange choice for daily usage. This spin of Debian Stable appears mostly maintained as a sacrifice to the gods of the Free Software Foundation, from which PureOS gets the rare RYF (Respects Your Freedom) certification, and complies with its guidelines e.g. by removing all traces of non-free software, and not letting users enable non-free repos without manual work.

This means that out of the box, PureOS will not support Bluetooth, since the Atheros card is currently only open-source on the Wi-Fi side. Installing Bluetooth blobs should be possible, anyway.

Being based on Debian Stable means that packages might look relatively dated: for example, PureOS is based on GNOME 3.38 (September 2020), and the only Firefox to be found is ESR, the LTS variant designed for maximum stability. Although this leads to essentially zero bugs, PureOS will give one of the most conventional (if not lightest) Linux experiences around.

Purism Librem 14 review (part 2): The ethical flagshipThe Librem 14 shining in a dual-monitor Ubuntu 22.04 setup

If GNOME is not your thing, PureOS also comes in a KDE spin. I did not test it, but random reviews of it found on the Internet appeared favourable at a first glance.

What needs emphasis here, for the sake of the free software spirit, is that the Purism will be as happy running any other distribution as it is on PureOS.

The Librem 14 has also been my test ground for the new Ubuntu 22.04. What I found in comparison with PureOS was a faster GNOME and similar boot time of applications (less than 2 seconds for LibreOffice Writer). For some reason, Ubuntu would still not recognize the Bluetooth card, with kernel logs asking to copy its required firmware blob to the system firmware folder.  So due to this bug, unless you copy the proprietary component by hand, there will be little risk of introducing proprietary drivers in your runtime.

Thanks to the lack of buggy, proprietary video drivers or such, the very new Ubuntu 22.04 is a joy to use on this laptop and looks just as smooth - if not more, thanks to GNOME&aposs recent efforts to speed up the graphics through triple buffering and such. This is thanks to Purism being ethical in its development, and upstreaming every bit of their work (see fwupd) to make sure that no component collides not with PureOS, but with Linux in general.

Performance

Regarding the main components of the system, here are some considerations on the real and expected performance in the real world.

CPU

The Intel Core i7-10710U packs some real punch in its modest consumption. Being possibly the first laptop-oriented Intel with 6 physical cores (so 12 in hyperthreading), this SoC can get up to 4.7GHz during "boosts". In the PassMark benchmark, this chip achieves 10126 points.

GPU

The Librem 14 uses the built-in Intel HD Graphics 620 rather than a dedicated video card. The performance looks good under normal loads, although applications such as heavy demanding gaming will not be too suited to the Librem. As known, avoiding the ubiquitous Nvidia video cards makes the most part in an essentially bug-free Linux experience. Without Thunderbolt on the USB-C port, there is no support for plug-and-play eGPUs.

Wireless connectivity

The Wi-Fi and Bluetooth card used in the Librem 14 is the Atheros AR9462, one of the very few that can run entirely on open-source firmware.

However, this brings to two issues: firstly, wireless looks to be considerably slower than that used on my Dell (Killer / Qualcomm), also in 5GHz mode, resulting in around -25/-30% of speed. Similarly, the antenna reception on the Atheros was considerably worse than Dell&aposs, and moving too far from the router resulted in abrupt speed drops. Tthe reported signal strength (dB-wise) was identical nearly identical between the two laptops, so the wireless card might be the bottleneck in this case. In any case, a manual wireless card is trivial to perform.

Secondly, as mentioned above, there is no Bluetooth support, unless proprietary firmware blobs from linux-firmware are installed.

SSD

The storage device used in our sample was a Samsung 970 Evo Plus, 512GB NVME m.2 drive, which is a widely popular solid-state disk, and received 4.5/5 stars for its performance in a Tom&aposs Hardware review. As said above, you can also add a secondary SATA drive, if you are willing to sacrifice the large, 4-cell battery for a 3-cell one.

Battery

The large 4-cell, 8800mAh battery from our sample was good enough for us to forget the charger at home without issues, and the declared life of 9 hours and 48 minutes sounds reasonable under light loads.

(attach graph?)

Alternatives

Apart from the long glorified (yet outdated) old ThinkPads, one modern device that could be considered competition to the Librem 14 is Framework, from the homonymous startup aiming at a fully (port-wise) modular laptop. Yet the Framework does not come with software freedom (shall we say libreness?) in mind, being shipped with Windows in its "consumer" version, and neither providing a trustable, open circuit board, nor all the security measures of the Librem. And for those wondering, you can run Windows 11 on the Librem 14 as well, in case you really cannot do without.

Another vaguely similar device, the MNT Reform, brings Purism&aposs values of hardware openness to the extreme: being based on a custom-made modular board, with most components redesigned from scratch and running on custom firmware, all on top of an ARM i.MX8 processor such as that used in the Librem 5 smartphone, the Reform makes a much slower, possibly less practical, but probably even more libre device for a similar price.

Additionally, more conventional business laptop lines such as HP&aposs Elitebook series (or System76&aposs?) will resemble the Purism for a similar price tag. But they are considerably less security-focused, tend to use many proprietary components down to the BIOS, and with no attention to Linux drivers, luck will be needed to run Linux as smoothly.

Conclusions

With the Librem 14, Purism happened to find a market niche in which, so far, not much competition is to be seen. What Purism did here was not only achieving one of the cleanest hardware boards on the market, but caring about the software to the point of rewriting big parts of firmware for the sake of security and software longevity.

The target for this laptop is actually wider than it looks: it is a sleek, minimalistic black device with good hardware. The price tag is on the higher side, but in line with other business-oriented laptop brands, and top-notch security comes in the package. I could imagine anyone from programmers to security-conscious political figures enjoying a device like the Librem 14. From the impression that I received from using it, this laptop is designed to be a trustable daily driver, in the way it "just works", cannot physically leak most of your data while you are using it, and cannot easily be compromised without a Pureboot scan warning you.

Some products are designed to produce immediate enthusiasm when you see them, giving the so-called "wow effect", and others that are machines that you will grow to love with time. At first, when I booted the Librem 14, it did not look that different from the HP EliteBook I had at work. But then, seeing the obsessively clean, no-frills boot and bug-free experience during my usage, I quickly grew to love the product after turning it on and see how its software would never let me down during weeks of use.

My experience with most newer ultrabooks throughout the last years was the opposite: shiny at a first glance, yet hiding flaws in hardware quality, nearly phone-like soldered boards for the sake of profit, and quickly deteriorating software due to abandoned proprietary drivers (not only on Linux).

The Librem 14 is the opposite: with minimal design, a fairly standard display, and no impressively tiny bezels, this is rather a mature machine that you will be happy to rely on. If you can give up rock-solid stability, you might enjoy breaking out of PureOS to experience the forbidden pleasure of Fedora or any more bleeding-edge distro, while also enabling the Bluetooth card and getting wireless audio to work properly.  Just, if you switch distro, do not forget to keep the disk encrypted.

Pros Cons
+ Solid, reliable build - Somewhat pricey
+ Elegant, minimal design - LCD could be brighter
+ Very fast performance - Speakers need calibration
+ Rock-solid, fully FOSS software stack - No Thunderbolt interface
+ Good battery life - May be too "conservative" for some
+ High security and privacy standards

This was the second part of our Purism Librem 14 review. For the first part, click here.

by Raffaele T. at May 03, 2022 15:28

May 02, 2022

Purism

Improving the Stability and Reliability with a Modular Modem in the Librem 5

Usually we can fully rely on our phones to be reachable at any time—given cellular reception of course—and we take that for granted. You surely know situations in your life where that becomes especially critical. Be it when you’re expecting an important call or when you need to be able to receive “emergency” calls in […]

The post Improving the Stability and Reliability with a Modular Modem in the Librem 5 appeared first on Purism.

by Martin Kepplinger at May 02, 2022 03:32

May 01, 2022

Tux Phones

Purism Librem 14 review (part 1): The ethical flagship

This was the first part of our Purism Librem 14 review. For the second part, click here.
Purism Librem 14 review (part 1): The ethical flagship

Most of our readers will already know Purism as a company: founded in 2014 in San Francisco, this then-startup focused on providing no-compromise libre hardware to the world, with a strong focus on privacy, security and transparency of their hardware.

However, up to this review, I never had the chance to get my hands on a Purism device: due to the low availability and high retail price, I could never see a Librem 5 in real life, in spite of it being probably the device that started the new wave of Linux on phones. So when I had the chance to review Purism&aposs current flagship laptop, the Librem 14, I gladly took the chance to get clearer thoughts on the company, and know what hid behind the rising hype.

To start, Purism is famous among open-source enthusiasts for an openly Apple-ish presentation of their products: minimal aesthetics, premium prices, extensive design and hardware research is something that not all small laptop manufacturers can boast about. Similarly, the idea of zero-compromise libre hardware is quite ambitious, if not worryingly expensive, to pursue for a small hardware company.

Nowadays, Purism is a known brand among enthusiasts especially in the fields of privacy and information security: being pioneers, among others, of hardware kill-switches, CoreBoot support, and now also open-firmwarecontrollers (all of which we will explain later), Purism has been trying to find its place in the premium laptop market.

Disclaimer: The sample used in this review was borrowed free of charge from Purism for the scope of this review, and returned afterwards. Purism offered the device for an honest, unbiased review of the machine, and with no affiliation or incentive of any kind.
(Another) Disclaimer: Not having a real camera available at the moment, all pictures in this review were taken by a particularly dust-obsessed, HDR-oriented mobile camera. Details like accidental dust, or fingerprints, were highly emphasized by the post-processing rather than present in the scene.

To establish the initial terms, I could contact Kyle Rankin, who was very welcoming during our interaction. His extensive knowledge of the product meant that, at least in principle, the product is indeed a well-thought, custom-designed machine – not a rebranded money-maker, as used to be the case with some Linux laptops years ago. The Librem 14 should be a blend of the best ideas from the past Librem 13 (from which it takes the form factor) and Librem 15 (e.g. for the switch layout), plus modernized hardware and bugfixes. And, of course, thinner bezels.

Purism Librem 14 review (part 1): The ethical flagshipThe (older?) Librem 15 received 4.5/5 stars in this TechRadar review

The approach that Purism takes to, well, the purification of their laptop goes through a gradual liberation of hardware over time: since it was, to this point, essentially impossible to produce a fully open-source device, Purism started this process from the peripherals in the past models, to proceed with removal of (proprietary) blobs in all components of its motherboard with the Librem 14.

With a hardened bootloader, disabled Intel Management Engine and hot-swappable network card being an all-free Atheros, in the Librem 14 even the motherboard Embedded Controller (EC) was replaced by a custom-programmed microchip with open-source, flashable firmware for the sake of security. (More about this below)

Specifications and pricing

Coming to the actual product, specifications are aligned with higher-end laptops (from 2020). The Librem 14 uses a fairly widespread, 10th generation Intel Core i7-10710U Comet Lake processor (RRP $443), which was, apparently, the most powerful laptop-oriented Intels at the time. This was also the chip used by the higher-end Dell XPS 13 7390 (revised version) and some MSI gaming laptops, all of which retailing around $1400 or more.

As most U-series Intels, at 15W TDP this is a greatly efficient processor, which means that it will prioritize battery life in mobility, or power on short CPU bursts, as in squeezing the most teraflops per watt, rather than providing the experience of a desktop Intel as those found in thicker gaming workstations - and using at least three times as much power.

On the other side of the equation, the Librem 14 has a price of $1399 to the end user, a price higher, but not too far from that of alternatives made by consumer Windows laptop makers. The asking price puts the Librem in the highly competitive premium laptop segment, being similarly expensive to a base-specced Dell XPS 13 (or 13 Plus), Surface, or ThinkPad. But being designed to be upgradable, Purism makes sure you will never be locked to the "base" specifications. More on this later.

Unboxing

Not much to be said here. The packaging is extremely minimal, with only the laptop and its charger neatly placed in a cardboard box, with no extra cables, instruction manuals or such. Perhaps this would look too minimal at a first glance, but in reality, what else should one need?  The elegant white box the Librem 14 is protected by is something that has nearly zero overhead, or environmental impact.

So, nothing more than the laptop, its (conventional) 90W charger, and an European power cable to plug in it.

Design and build

To start, I was impressed by the mechanical build quality of the laptop metal casing. To be clear, this is nowhere near the compactness of Apple&aposs tight-pressed metal chassis, or the ThinkPad X-series carbon fiber and plastic blend, but significantly better and less prone to flexing than some similarly priced consumer laptops I happen to work on, some of which going over the Purism&aposs price tag.

The magnetic lid of the Librem 14 closes perfectly, with a satisfying click, and does not show any misaligned angle. Although this may seem obvious, I cannot say the same of my personal machine (a Dell XPS 13), where the lid was slightly misaligned and not perfectly closing on sides since the first day.

The full-metal back of the laptop lacks any branding, aiming at subtlety (a metaphor of privacy?) rather than loudness. The only plastic on the body is found in the inner side of the panel, enclosing the screen, and the magnetic hinge is considerably less hard to handle (or open with one hand) than that of the XPS, although harder than Apple&aposs. The guiding "slot" for opening the hinge with one hand is too narrow to be easy to grip, but just wide enough for achieving its purpose.

Similarly, one very enjoyable feature is that of being able to open the screen up to near-flat level to the table (somewhere around 187 degrees). I am not sure why I find this so useful in general, but in standing positions or strange placements, it simplifies many tasks considerably.

Portability

The sizing is relatively compact, although vertically, the screen borders take more space than those of a super-thin flagship, still following the aesthetic - and practical! - trend that makers like Dell, Huawei and Apple set in the last models.

With full-size ports for all interfaces, the result can be considered thicker than the average ultrabook, but not really: this is just 1mm thicker than a new-generation, 14" MacBook Pro. In an unexpected revival of thicker laptops, the entirely soldered, and unupgradable (albeit more powerful) MacBook 14" 2021 is beaten on most dimensions, with Purism preserving the same form factor as the older Librem 13.

Purism Librem 14 review (part 1): The ethical flagshipThe Librem 14 is thicker than older, thin Macs (in picture), but almost as thin as a new 14" Mac

The dimensions are quite compact even in comparison with the leaders of thin-bezel laptops, and achieves a lower weight than its direct competition.

Width Height Depth Weight
Purism Librem 14 (i7) 322mm 17mm 222mm 1.4kg
MacBook Pro 14" 2021 (M1) 312mm 15mm 221mm 1.6kg
Huawei Matebook 14 (Ryzen) 307mm 16mm 224mm 1.5kg
Purism Librem 14 review (part 1): The ethical flagshipSlightly thicker than a nearly portless XPS 13

As hinted, the styling appears overall professionally conservative, and this is the laptop you could expect to find more frequently in a professional setting than in a classroom. On the one hand, this gives a pleasant low profile that does not distract from work (or attract thieves), but on the other, it looks more traditional than most similarly priced laptops at a first glance.

Peripherals and hardware

One highlight of this device is the generous amount of ports on both sides, providing essentially any interface you might need in normal contexts. A generation of recent ultrabooks enforced the "dongle hell" of having to bring a bag of adapters for video, USB connections, Ethernet cables, SD cards and such.

The Librem offers everything it can in full size: HDMI, Ethernet (via an "origami" connector), headphone jack, (technically not full-size) Micro SD card, two USB 3.1 Type-A ports, and two USB-C 3.1 ports, one of which also supporting Power Delivery and HDMI 2.0 video output, allowing to drive up to 2 external 4K displays. Thunderbolt is not supported, which prevents usage of eGPUs and ultra-high-speed devices.

While the official charger is a rather standard 90W brick with barrel jack connector, you will also be able to charge the Librem 14 through a standard USB Type-C PD charger or power bank, such as newer MacBook chargers. In fact, not having the problem of slow charging as a priority, I only brought my ligher, 45W Dell Type-C charger alongside the Purism in many days of testing.

Purism Librem 14 review (part 1): The ethical flagship90W charger brick, wooden duck for scale

To be clear, I am a long-time fan of the USB-C standardization as a long-time prospect, but since such abrupt transitions between interface standards never happen in a day, I definitely appreciated returning to sanity.

Left side ports:

  • Kensington slot
  • HDMI 2.0 (4K@60Hz)
  • USB 3.1 Type A
  • Micro-SD
  • USB 3.1 Type C

Right side ports:

  • 19V DC barrel jack
  • Gigabit Ethernet
  • USB 3.1 Type A
  • USB 3.1 Type-C with HDMI output (4K@60Hz) and PD (Power Delivery) charging
  • 3.5mm headphone jack (Intel HD Audio)

Input devices

The keyboard on the Librem 14 feels pleasantly smooth to type on, with good travel distance and accurate capturing. The experience might not beat, perhaps, ThinkPad levels, but goes well beyond the bouncy one used many older XPS models, and with considerable better travel than older "butterfly" keyboards (as those used on 2016 to ~2020 Macs, or Dell&aposs "maglev" concepts).

The touchpad used, a HTIX5288, is an average to good model: very solidly placed on the board (without gaps on the sides), it feels slightly harder to click than others. The area is adequately wide, precision is good also on multitouch gestures, and the feel is slightly rougher than on glass ones.

I would have loved to see a touch panel as an option for the screen, since, proving one of Jobs&apos profecies wrong, the keyboard is just centimetres far from the screen, and laptops with touch input tend to ease some tasks considerably compared to touchpads and mice. Highlighting documents, scrolling and navigating through complex pages, filling in badly optimized online forms and such is sometimes faster with a touchscreen than through keyboard-fu.

The top row above the keyboard is populated by Purism&aposs "trademark" kill switches, one for mic and camera, the other for wireless connectivity, and both paired with LEDs to remind - quite noticeably - that they are on at any time. Alongside this, a charge status LED and a notification LED (borrowed from the Librem 5?) reports system-level notifications - although this feels, in general, not very useful when the screen is already on. Furthermore, another LED on the right side near the barrel jack will also indicate charging status, and "breathe" while the laptop is left in standby.

Boot, security, drivers

The first thing that you might notice when booting this device for the first time is its speed. Thanks to custom-made, libre boot process, you will get to the Linux bootloader screen in less than two seconds, which is a fraction than the six (!) seconds my XPS takes to do the same operation. This is not surprising, considering how terribly bloated proprietary UEFI and BIOS bootloaders can be on consumer laptops. In fact, UEFI subsystems found on most modern laptops tend to load a lot of libraries (even Windows-like .dlls) for performing trivial tasks such as POST, or displaying the logo.

Librem&aposs "first boot" video shows the complex

The Librem 14 tackles this: based on Coreboot (and, optionally, SeaBIOS), the open bootloader currently only supported by few ThinkPads, this laptop replaces any proprietary bootstrap component with a barebones interface to let you choose boot device, and in the Purism&aposs own Pureboot variant, also enables security features (e.g. to detect software tampering).

Thanks to Pureboot, the Intel Management Engine (ME) on the processor is disabled: this controversial microcode component, supposed to optimize x86 machine code inside the CPU, executes a small, closed-source OS on the lowest "ring" near its silicon. I am not sure how this is done, since there are known difficulties of doing this entirely. Intel SGX, the in-chip (and historically vulnerable) trusted execution environment, is also disabled for the same reason, which highlights the paradox of modern chips: is disabling obscure security mechanisms the means to achieving real security and trust?

A hardened variant of the boot process involves the Librem Key, Purism&aposs own NitroKey variant, which can act as a decryption device for the PureOS LUKS disk encryption.

PureBoot - Purism - Librem products documentation
Purism Librem 14 review (part 1): The ethical flagship

The sheer simplicity of this brings to a rock-solid boot experience, one that "just works". The boot screen takes two seconds at most, and the disk unlock dialog is shown within ~4 seconds afterwards. This is probably the cleanest boot process I have experienced on a laptop in the last years.

Liberating the Embedded Controller (EC)

A special mention, in terms of software rewriting effort, goes to the Embedded Controller, a traditionally proprietary component which was replaced with a generic microcontroller to run a custom, libre firmware (Librem-EC), maintained by Purism and that can be upgraded via fwupd, or manually reflashed.

Wrangling the EC: Adventures in Power Sequencing – Purism
Purism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people’s privacy and freedom while protecting their security.
Purism Librem 14 review (part 1): The ethical flagship

This was the first part of our review. You will find the second part here.

by Raffaele T. at May 01, 2022 12:28