Author: Jeff

Meet the development team at the 2017 Debian Conference

We are proud to announce that we will be sponsoring and attending the 2017 Debian conference from August 1st to August 12 in Montréal, Canada. As PureOS is a derivative of Debian and various members of the team come from the Debian community, it is with great pleasure that we will support this event.

Many Purism team members will be present, including Zlatan Todorić (our CTO and an official Debian developer) with Matthias “Ximion” Klumpp, Jonas Smedegaard (Debian Developer) and Chris Lamb (current Debian Project Leader) for the full duration of the event, including the workshops (“Debcamp”) and core conference days.

Purism CEO Todd Weaver will also be attending from August 4th to August 8th.

On the “Open Day” on Saturday August 5th, we will be showcasing a couple of our newest Librem production models and prototypes.

Participation in the Debian conference and “open day” is free and no registration is required. Come and say hi! See the important dates for more information.

Jeff will also be available in the days before and after the event, to handle any logistics needs, or to answer any business or press inquiries. Should you want to meet before or after the event, please get in touch with us at pr@puri.sm.

Celebrate GNOME’s 20th anniversary with us at GUADEC 2017

We are proud to announce that we will be attending the GNOME flagship conference, GUADEC, from July 28th to 30th, and co-sponsoring GNOME’s 20th anniversary celebration event at the Manchester Museum of Science and Industry on Saturday the 29th.

The local GUADEC organizers make a beautiful parallel between the local heritage of Manchester and the bleeding edge technology we are all developing:

“We’ll be planning the future of computing in the same city where some early breakthroughs in computing were made. The world’s first stored-program computer was developed at the University of Manchester in the late 1940s and the Museum has a working replica in the Revolution Hall where we’ll be holding the event, along with other amazing exhibits from the city’s industrial legacy.” — GUADEC 2017 organizers

We’re happy to be contributing to the party event on Saturday—where there will be food, lively discussions, and much rejoicing!

You will also be able to see a couple of our newest Librem production models and prototypes on display there—not that they “belong in a museum”,  but we do think they are interesting enough to be exhibited in a venue that honors science and industry.

During the rest of the conference’s core days, we (Jeff, Matthias, François, Todd) will be roaming around the Manchester Metropolitan University’s “Brooks” building to discuss topics of interest with fellow contributors and old friends. We’re particularly interested in:

  • Mobile and touch graphical user interfaces and input handling (including multitouch, gestures, etc.)
  • Power optimization (for laptops, tablets and phones)
  • Sandboxing, privacy and security in general
  • OEM desktop environment, applications and contents customizability
  • Extensions robustness
  • Graphics performance
  • Apps and Package robustness and user experience
  • Firmware updates management

Purism advisory board member Matthew Garrett will also be attending.

Come and say hi! We’ll be happy to meet GNOME enthusiasts—whether veterans or newcomers—and to answer any questions attendees may have for us.

Wannacry, Petya, NotPetya, Vault 7, Dark Matter, Show Numerous Key Flaws in Popular Devices

Purism Librem laptops are immune to such threats because of a deeply rooted philosophical difference about security

SAN FRANCISCO, CA—July 5th, 2017—Purism, the social purpose corporation which designs and produces security focused hardware and software, has released a new report on the latest cybersecurity threats and why nearly all devices are vulnerable to such attacks. The very design of modern hardware and software invites a host of threats, from sophisticated attacks, criminal activity, to hobbyist attempts, and reactive software patches simply cannot be released quickly enough to plug security holes. All manufacturers beside Purism are reactive to security threats only. Being proactive about security comes down to philosophy, business model, and reducing the attack surface to begin with.

There are 4 key factors as to why popular devices produced by large manufacturers are susceptible to rising security concerns:

  1. Proprietary software, where the source code is not auditable, leaving exploitable holes for criminals to take advantage of without the public knowing until it is too late
  2. Software written to address a wide array of hardware, leaving a large attack surface, rather than being small and tightly integrated with hardware
  3. Monolithic proprietary UEFI/BIOS with low-level remote access capabilities, rather than coreboot, a small secure fast boot firmware
  4. Inadequate reactive software updates to patch security vulnerabilities, rather than the more proactive removal of security holes to begin with, and having public source code to be audited

The best security in software follows a simple set of rules that the largest manufacturers fail because of their business models:

  1. Release the source code
  2. Tightly integrate the software with the hardware removing useless exploitable software
  3. Use less code, pre-install less bloatware, equals less attack area
  4. Avoid mystery binary code for critical components like WiFi cards
  5. Put protecting users over corporate profit; such as do not track users, do not require financial details to install apps, do not phone home with identifiable data, do not participate in corporate surveillance

WannaCry, Petya, and NotPetya, are increasing in complexity in a whack-a-mole, distributed criminals vs centralized corporation software battle where the users are the victim. The current proposed solutions from proprietary software vendors is reactive to these threats, which by definition means they will continue to happen in increasing frequency and potency. There is real motive for criminals to create ransomware, wreak havoc, and upset markets, and the reactive proprietary software patching approach is unacceptable as a security story.

Lower level threats a lot released with Vault 7, like Dark Matter, Intel AMT, EFI/UEFI exploits highlight that criminals are going deeper than software and operating systems, where even the reactive approach does not help, since proprietary operating system vendors do not release EFI/UEFI updates, and BIOS, EFI/UEFI updates are not commonly done by users.

In a proactive model, where the source code is released, making the attack surface small, and sharing the code for audit, has been the philosophical difference as to why Purism Librem laptops have been immune to all these threats.

“Protecting our digital life is a growing concern for individuals, reactive patching does not provide the peace of mind that users want” said Todd Weaver, CEO and Founder at Purism. “We provide that peace of mind by making security protection easy and the default for users.”

Purism’s Librem laptop line has been specifically designed to address these gaping security issues that big box manufacturers are unable and unwilling to combat due to being reactive and not releasing the source code. To date, Librems have been completely immune from the following cybersecurity attacks: Wannacry, Intel AMT, Petya, Dark Matter, All Vault 7 EFI/UEFI exploits, and NotPetya.

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and tablets, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@puri.sm
See also the Purism press room for additional tools and announcements.
 

A shipping update for Qubes-related orders

In light of our shipping-from-inventory fulfillment model having recently begun and in order to answer questions we have been getting related to pre-loaded versions of Qubes OS, we would like to announce that we will be fulfilling Qubes-related pending orders made until now by offering the Qubes install as a complimentary USB key included at no additional charge in those shipments.

  • Orders made with Qubes OS as the chosen operating system are expected to be fulfilled using the USB key accessory within approximately two weeks. Although the technical method of delivery is different, the $100 licensing fee Purism pays to Qubes will still be honored, for all Qubes-related orders made until August 2nd, 2017.
  • Should you prefer to forego the USB key accessory (containing the latest publicly available Qubes OS installer), please contact ops@puri.sm to adjust your order, which will then begin shipment procedures immediately alongside PureOS-related orders.
  • We apologize for not being able to pre-load Qubes OS onto your machine’s main solid state storage drive, as we have been unable to obtain an automated OEM image (suitable for secure and efficient mass-preloading in our fulfillment center) through our existing agreement with the Qubes Project/Invisible Things Lab s.c.

The current “free Qubes installer USB key” offer will also remain valid for orders placed between today (July 4th) and August 2nd, 2017, at which point our agreement with Qubes shall no longer be in effect. After this date, we may, at our discretion and as a convenience option for customers, offer a USB key accessory containing either a customer-requested free operating system (subject to availability), or a blank USB key, for a minor fee covering the cost of materials and labor.

Some customers have asked us about the recent removal of the Librem 13 “v1” from the certified hardware page on Qubes website. While we were not notified in advance of this change to the contents of the Qubes website, we understand this de-listing to be due to the fact that the Librem 13 v1 is no longer being manufactured, as it has now been succeeded by the Librem 13 version 2 in 2017. The “version 2” has not been sent through the certification process.

Moreover, while our current and previous hardware has been found to work with Qubes OS, we currently no longer have plans to undergo the official certification process for the Librem 13 v2 nor Librem 15 v3. The costs involved, requiring a supplementary technical consulting contract with Qubes/ITL (as per their new Commercial Hardware Goals proposal document), are not financially justifiable for us.

We have no doubts that Qubes users will be able to independently report their successes with Qubes OS on the Librem laptops within the next few weeks.

We wish Qubes and Invisible Things Lab s.c. the best of luck in establishing commercial partnerships that match their new expectations.

“Ship from inventory” has begun

With the new  batch of Librem 13 and Librem 15 this summer, we created our first ever “inventory” to shift from a purely build to order (preorders) model to a build to stock model. In other words, for the first time in our existence, we now have more laptops in stock than the amount of orders, which means new orders can be fulfilled in 7-10 days instead of taking months. We made a formal announcement about this a few days ago, and would like to take the time today to thank you, early supporters, for having made it possible for us to reach this milestone! As we finish working through our backlog and finalizing our coreboot port to correct some last minute bugs (more on this later), some users have already started receiving their Librems:

P.s.: got your Librem? Feel free to post a photo while mentioning us on Twitter, or in this forum thread!

At the forefront

These new models ship with coreboot preloaded and the newest version of PureOS—featuring Wayland and GNOME 3 by default. We are, in fact, the first independent hardware manufacturer of brand new laptops to do this.

We are also uniquely positioned to ship with Skylake processors immune to the hyperthreading issue recently disclosed by OCaml developers, independently of whether or not you run PureOS on your Librem, as we have bundled the fix and rebuilt our coreboot images for the current inventory being shipped out from this week forward (those who have already received their Librems last week will be able to apply a BIOS update to fix the issue on their machines). Think about this for a second: there are no other manufacturers of brand new laptops in the world who can provide such a timely BIOS update, while shipping, within 48 hours of a CPU issue being publicly disclosed by a third-party mailing list.

Get them while they’re hot

We are expecting to sell through this first inventory fairly quickly. For those who did not want to preorder and wanted to buy only when inventory becomes available, this is your chance—don’t miss it! Afterwards, we will manufacture increasingly frequent batches until we reach cruising speed and have a tightly controlled right-on-time rolling inventory to ship from.

Purism’s Security Focused Librem Laptops Go Mainstream as General Availability Begins

Device maker evolves from made-to-order business model to shipping from inventory bolstered by user demand for high quality, security conscious devices

SAN FRANCISCO, June 23, 2017 – Purism, the social purpose corporation which designs and produces privacy conscious hardware and software, has announced general availability of its Librem 13 and Librem 15, laptops, demonstrating the success of its approach and growing interest in products that give users greater control over their devices.

Since it first launched as a crowdfunding project in 2015, Purism has raised more than $2.5 million through crowdfunding and seed funding, and has been experiencing 38% and 35% average monthly growth over the last 12 months for its Librem 13” and 15” laptops, respectively. To accommodate accelerating demand, the company has scaled production to hold inventory of the Librem 13” and 15”. The laptops, which originally were made-to-order and had a months-long waiting list, will now arrive in user’s hands a few weeks after purchase.

As recent headlines like Intel AMT/ME exploits and WannaCry ransomware attacks bring hardware and software security top of mind, users worldwide are realizing that security is not a guarantee and large corporations have not taken all the necessary measures to safeguard their interests. Many of the exploits and attacks arise from years-old flaws or vulnerabilities that were never fixed or updated, signaling that devices must now be designed with the future of digital privacy in mind. Purism laptops are designed to specifically meet user concern about digital privacy, chip-by-chip, line-by-line, to respect our common rights to privacy, security, and freedom.

“Our digital identity is ever more pervasive and our stake in protecting it is the highest it has ever been,” said Jennifer Stoddart, Purism Board Member and Former Privacy Commissioner of Canada. “I look forward to working with this innovative company in giving people affordable and high-quality devices to protect their personal information.”

“It’s an exciting turning point for Purism as we see our vision to create a security focused laptop that everyone can enjoy using start to resonate with the greater public. Going from made-to-order to holding inventory is proof positive that there is a growing demand for products like the Librem,” said Todd Weaver, CEO and Founder at Purism. “Users are starting to realize that security features are no longer a ‘nice to have’ but a necessity to protect their increasingly precious digital identity.”

About Purism

Purism is a Social Purpose Corporation devoted to bringing security, privacy, software freedom, and digital independence to everyone’s personal computing experience. With operations based in San Francisco (California) and around the world, Purism manufactures premium-quality laptops and tablets, creating beautiful and powerful devices meant to protect users’ digital lives without requiring a compromise on ease of use. Purism designs and assembles its hardware in the United States, carefully selecting internationally sourced components to be privacy-respecting and fully Free-Software-compliant. Security and privacy-centric features come built-in with every product Purism makes, making security and privacy the simpler, logical choice for individuals and businesses.

Media Contact

Marie Williams, Coderella / Purism
+1 415-689-4029
pr@puri.sm
See also the Purism press room for additional tools and announcements.
 

Website and forums: Easier, Better, Faster, Stronger.

We are happy to announce that we have recently deployed our new forums, running Discourse! The provide a modern, pleasant-to-use dedicated discussion tool. We have tested them out with early adopters over the past few weeks, and they are a real joy to use. You can now participate too, at forums.puri.sm.

What’s special about Discourse? Besides the official list of features, you may want to read this seminal blog post where Jeff Atwood highlights the kind of thinking that went into its functional (and aesthetic) design, making it quite different compared to traditional forum software.

Our migration to a self-hosted Discourse instance brings many benefits:

  • Improving security by isolating the forums from the rest of our infrastructure;
  • Much better usability and user experience. The previous forums were cumbersome and frustrating to use, littered with bugs and limitations, and they just looked awful visually. The new ones are much more readable, and full of modern community-enhancing features. Using a forum should be fun, not boring or cumbersome, and I know that Discourse’s design actively encourages a sense of community and self-moderation, so I’m looking forward to seeing the results over time. We hope you’ll love the new discussion tools!
  • More flexible community management tools;
  • Better email notifications, and less noise (Discourse will not spam you with mail notifications if you’ve been recently active on the forums website);
  • Simplifying our main website’s daily management (previously, the forums actually interfered with the rest of the administration UI);
  • Better performance and resources usage.

Read more

A fleet of coreboot laptops assembles

Following up on our status update where we revealed the imminent shipping date and general availability of our laptops this June, we’re happy to let you know today that we’ve recently had a breakthrough in our work to port the new laptops to coreboot, thanks to the fruitful collaboration between our coreboot developer Youness “KaKaRoTo” Alaoui and Matt “Mr. Chromebox” DeVillier (to whom we sent a prototype unit). Our coreboot port is now working for both the Librem 13 v2 and the Librem 15 v3, with all the test cases passing.

We are now pretty confident that we should be able to have coreboot firmware ready in time for factory preloading of the new inventory we’ll be shipping from in June. As we receive the first “production” units, we will ship some of those across the border, so that Youness can re-test and finalize the port on those machines (the results should be the same, but we want to make sure everything is top-notch). I will also seize the opportunity to take good reference images in our photo studio.

In the meantime, Youness is currently busy preparing his code contributions to be upstreamed officially to the coreboot project, after which he will be attending the 2017 edition of the coreboot conference in Denver. You will also soon be able to read his latest technical findings as part of the current round of coreboot ports.

The only model that will remain to be ported to coreboot afterwards will be the Librem 15 v2 (it turns out that the “v1” was an early demonstration unit that was sent out to some reviewers but never made it into large-scale production, so it does not actually need to be ported), thus reaching a milestone and honouring a promise that many of you have been eagerly looking forward to. That remaining port should be fairly straightforward to do, now that Youness has gained a lot of experience with other models. Then, depending on how the timing plays out this summer, our reverse engineering work is expected to resume from where we left off.

Inventory shipping in June 2017: case designs and final assembly

For the past few weeks, the new Librem 13 and 15 have been undergoing stage 1 production with our case modifications and silkscreening. We had some back and forth between us and the printer to finally have clearly identified killswitches:

…and our certification marks and model identification on the underside:

At first the screenprinters had trouble with the font we’re using (as you can see above, if you have a keen eye), but we got that corrected as you can see further below. We were not so lucky with the keyboard’s “Purism logo” key as the aspect ratio was squashed a little bit by the backlit keyboard supplier and we found out too late, but at this stage the #1 priority is getting these machines delivered to you as fast as possible, so we’re hoping you don’t mind the Purism rectangle logo being in “ultra-wide” cinema format just this once 😉

As the laptops are now at stage 2 production, we have some teaser photos of the completed case work. These were shot a bit hurriedly, the lighting and compression is not flattering, but this at least provides a rough idea. We’ll take the time to shoot proper studio photos when the first new wave of shipments is mailed out in June.

Here is what the underside of the Librem 13 looks like:

Here are the silkscreened killswitch labels:

Note: the IPS display panels we source for the Librems are matte (as they should be!) The reason why the screen in the picture above seems reflective is that a glossy protective film is applied to protect the laptops during shipping.

For the curious among you, here is a bare view of the case’s interior, with only the multitouch trackpad and backlit keyboard (underneath the black electrical isolating layer) installed:

With this, we are confident that we will be able to begin shipping out finalized units to customers in roughly two weeks. Afterwards, we will have stock on hand allowing new orders to be fulfilled within a week. If you were reluctant to preorder and were were waiting for the presence of rapidly-shipping stock to purchase a Librem, this will be a deal changer for you.