@kev @purism you may also wanna add that it lacks default disk encryption, apps run unsandboxed by default, and lacks any kind of boot security.

It litterly sets back years of security advancements made in the mobile space.

@blacklight447 @kev not defending the librem 5, but not sandboxing apps is totally fine if you install them from a trusted distribution. It's only necessary on Android because Google Play is a malware distributor. Debian is not.

@sir @kev there is no reason to not sandbox your apps, why give needless trust to app distributers?

@blacklight447 @kev the trust model works differently on typical linux distibutions. The threats just aren't the same.

@blacklight447 @kev and to answer your question directly: because it's more complex and poorly suited to the unix style. Unix programs don't work well in silos.

@sir @kev just because desktop linux is slacking behind on securiry advancements doesn't mean its a smart idea to recommend to end users to pay 800$ for a device which is significantly less secure the mature platforms. If the librem five was clearly marked to be experimental and should be used with caution, i would be fine with it, but currently thats not the case.

@blacklight447 @kev but it's not less secure. Sandboxing untrusted code is less secure than not running untrusted code in the first place. I'm not a securitybro absolutist like some.

@sir @kev "we can improve a users security by a long shot by providing sandboxing, but we trust the repo maintainers so lets not"

Thats kinda weird logic.

Remember security should be done in depth, if the trust in the maintainers fails, you still have trust in the isolation. Also what about folks who want/need software outside of the default repo's? Dont they deserve protection?

@blacklight447 @kev this is that dumb securitybro absolutism I was referring to. "Better security", at any costs. Everything is a tradeoff, and security does not have an infinite weight on that metaphorical scale.

Folks who want software outside of the default repos have the wrong want. It's like wanting to eat burnt tires.

@sir @blacklight447 @kev

>Sandboxing untrusted code is less secure than not running untrusted code in the first place.

Sandboxing and privilege dropping is just good hygiene. Your image viewer shouldn't be able to read keystrokes from other programs, start new processes, screen-record outside of itself, write to the filesystem, access the internet, etc. You might trust maintainers to be non-malicious, but do you trust all packaged code to act non-maliciously when faced with arbitrary untrusted input?
@passenger @sir @blacklight447 @kev this is a job for capability-based access control moreso than sandboxing
@passenger @sir @blacklight447 @kev i mean they *can* go hand-in-hand but to me sandboxing implies a containerised environment entirely, when that isnt always necessarily what you need

@sir yeah, I see your point. Lack of local FDE is a big miss though, if that's actually the case.


@kev @blacklight447 I don't know about the defaults, but pmOS supports the librem 5 and has FDE support.

@kev @blacklight447 with truly open phones, the idea of using the stock OS is about as dumb as the idea of using the OS that comes with your laptops. I would expect to reflash any open phone on day one.

@sir @kev but if your not expected to run the stock os: 1. Why do they even develope it in this case?
2. Then it shouldn't be marketed as something normal end users could/should use, but only tech savvy folks with 800$ to burn.

P.s. the librem 5 is still full of binary blobs, so its not even nearly "truly open"

@blacklight447 @kev they might expect you to run the stock OS, but _I_ don't expect you to run the stock OS.

Also, we're not talking about security anymore. For the record, I don't like the Librem 5 for a multitude of reasons. I am not defending it.

@sir @kev thats okay, my opinion on the matter is: if you are a tinkerer who likes messing around with your device, then the librem 5 is just for you, but its just not ready for normal end users to adopt, i would say having default disk encryption enabled is a fair minimum requirement for mobile devices.

@blacklight447 @kev I think you have a lot of work to do if you want to get FDE by default on most mobile devices

@sir @kev i would say thats less unlikely then you think, android has had default encryption since (i think?) Android 5, ios has had it for ages as well. Laptops are more problematic, but atleast mac os and linux have out of the box support(not turned on, but support). Regarding windows, MS need to get their ass of the enterprise throne and allow windoes home users to utilize bitlocker


You strike me as a #qubes user. If someone ported #qubes to the Librem 5 would you consider it?

@sir @kev


My previous guess was based iin your insistence with sanboxing even for a Linux Desktop with well curated repositories such as Debian

@sir @kev

@maryjane @sir @kev well qubes is not a distro that you can port easily, this is because it utilizes hardware features for its isolation, currently it uses intel vt-d and vt-x. Btw yes im a qubes user ;)

@maryjane @sir @kev dunno, you tell me, but porting it would be a massive undertaking , if you were to do that, i would port it to power 9 instead of arm, so you can run it on ACTUAL open source hardware like the talos II :D




"ACTUAL open source hardware"

well if you are going full stallman on this, then I gues syou have no love for the Pinephone as well?

Or was that comment just to spike me ;)


@sir @maryjane @kev well i currently like power 9 more because it atleast has computers which would even be able to run qubes resource wise :p

@blacklight447 @kev @purism doesn't flatpak, assuming it is implemented correctly, offer sandboxing for applications? From what I've read in the documentation the preferred method of software distribution for the librem 5 is through flatpaks.

@vancha @kev @purism currently ( or last i checked) it requires you to either find an already written flatpack policy or write your own, if there is no policy, then it runs uncontained, which is why i said unsandboxed by default.

@blacklight447 @kev @purism ah yeah that makes sense. We'll see if the device eventually gains enough traction for things like this to become standard for an ide like gnome builder or something. Seems like a very valid problem to be addressed at some point.

Sign in to participate in the conversation
Mastodon 🔐

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Matrix Chat:
Support us on OpenCollective, many contributions are tax deductible!