Language Selection

English French German Italian Portuguese Spanish

Librem/Purism Anti-interdiction Services

Filed under
GNU
Linux
Gadgets

I often refer to Purism as a company that sits on a three-legged stool of freedom, privacy and security. I’ve even written posts in the past about how those concepts all fit together. While Purism focuses on all of these categories at the same time, we have an incredibly diverse customer base from many different walks of life and often our customers care more about one of the categories than the others. This means that sometimes we offer features or advancements that appeal only to a segment of our overall customer base.

For instance, customers who prioritize freedom might buy a Librem laptop because of the FSF endorsement of PureOS, the coreboot firmware, or our careful selection of hardware that can run on free software drivers. Customers who prioritize privacy might buy a Librem laptop because of the hardware kill switches or our commitment to privacy in our Social Purpose Corporation charter. Customers who prioritize security might pick us for our hardware kill switches, the fact we disable and neutralize the Management Engine by default, because of our PureBoot tamper-evident firmware, how we protect our supply chain, or because of how well our hardware runs QubesOS.

In this post I’m going to elaborate on a service we’ve offered for quite some time, but haven’t publicized much, that will be of particular interest to security-focused customers–our anti-interdiction service. This is a custom add-on service we have provided in the past to high-risk customers who are especially concerned about detecting any tampering with their hardware during shipment. Up until now you had to request this service explicitly to get details but starting today we are listing it as an additional upgrade you can add to any laptop order.

Read more

Librem 5 September 2019 Software Update

  • Librem 5 September 2019 Software Update

    Here’s what happened to the Librem 5 software in September. This doesn’t cover every single improvement or fix that was made, just a selection of them. You can follow the development of the software in our GitLab instance.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security: Updates, Mozilla AMO and Reproducible Arch Linux Packages

  • Security updates for Monday

    Security updates have been issued by Debian (ampache, chromium, djvulibre, firefox-esr, gdal, and ruby-haml), Fedora (chromium, file, gd, hostapd, nspr, and rssh), openSUSE (bcm20702a1-firmware, firefox, gdal, libtomcrypt, php7, python-ecdsa, python3, samba, and thunderbird), SUSE (apache2-mod_auth_openidc, libssh2_org, and rsyslog), and Ubuntu (bash).

  • Security improvements in AMO upload tools

    We are making some changes to the submission flow for all add-ons (both AMO- and self-hosted) to improve our ability to detect malicious activity. These changes, which will go into effect later this month, will introduce a small delay in automatic approval for all submissions. The delay can be as short as a few minutes, but may take longer depending on the add-on file. If you use a version of web-ext older than 3.2.1, or a custom script that connects to AMO’s upload API, this new delay in automatic approval will likely cause a timeout error. This does not mean your upload failed; the submission will still go through and be approved shortly after the timeout notification. Your experience using these tools should remain the same otherwise.

  • Reproducible Arch Linux Packages

    Arch Linux has been involved with the reproducible builds efforts since 2016. The goal is to achieve deterministic building of software packages to enhance the security of the distribution. After almost 3 years of continued effort, along with the release of pacman 5.2 and contributions from a lot of people, we are finally able to reproduce packages distributed by Arch Linux! This enables users to build packages and compare them with the ones distributed by the Arch Linux team. Users can independently verify the work done by our packagers, and figure out if malicious code has been included in the pristine source during the build, which in turns enhances the overall supply chain security. We are one of the first binary distributions that has achieved this, and can provide tooling down to users. That was the TL;DR! The rest of the blog post will explain the reproducible builds efforts, and the technical work that has gone into achieving this.

  • Arch Linux Updates Its Kernel Installation Handling

    Arch Linux has updated the behavior when installing the linux, linux-lts, linux-zen, and linux-hardened kernel options on this popular distribution.  The actual kernel images for their official Linux, Linux LTS, Linux Zen, and Linux Hardened flavors will no longer be installed to /boot by default. By not having the actual kernel reside on /boot should help those with separate boot partitions that are quite small and avoid running out of space when keeping multiple kernels installed. 

Sparky 2019.11 Special Editions

There are new live/install media of Sparky 2019.11 “Po Tolo” Special Editions available to download: GameOver, Multimedia & Rescue. The live system is based on the testing branch of Debian “Bullseye”. GameOver Edition features a very large number of preinstalled games, useful tools and scripts. It’s targeted to gamers. Multimedia Edition features a large set of tools for creating and editing graphics, audio, video and HTML pages. The live system of Rescue Edition contains a large set of tools for scanning and fixing files, partitions and operating systems installed on hard drives. Read more

The Many Features & Improvements of the KDE Plasma 5.18 LTS Desktop Environment

With the KDE Plasma 5.17 release out the door last month, it's time to take a closer look at the new features and improvements coming to KDE Plasma 5.18, which will be released early next year as the next LTS (Long Term Support) version of open-source desktop environment designed to run on GNU/Linux distributions. Among the enhancements of the KDE Plasma 5.18 LTS desktop environment, we can mention the ability to select and remove multiple Bluetooth devices simultaneously, support for KSysGuard to display stats for Nvidia graphics hardware, and a new "Home" button in System Settings that will take users back to the main page. Read more

Open-spec, dual-port router offers a choice of Allwinner H3 or H5

FriendlyElec’s Linux-driven, $20 “NanoPi R1S-H3” router uses a modified version of the Allwinner H3-based NanoPi R1, upgrading the second LAN port to GbE while removing a USB port. There’s also a similar, $23 “NanoPi R1S-H5” with a quad -A53 H5. Back in February, FriendlyElec launched the community-backed NanoPi R1 router SBC, which still sells for $29. Now it has followed up with two more affordable NanoPi R1S routers based on upgraded versions of the NanoPi R1 that that give you dual GbE ports instead of 10/100Mbps and 10/1000/1000Mbps. The mainboards are smaller than the R1 at 55.6 x 52mm, and the board and the case have been entirely redesigned. Read more