I’m happy to announce that I have put together a new website dedicated to PureOS, with its own domain name: https://pureos.net
I created the PureOS website from scratch and made sure that not only is PureOS freedom-and privacy-respecting, its website would be as well.
It enforces HTTPS.
It is Icecat and Tor friendly.
There is no javascript at all—the interactive top menu that is displayed on small screens (mobile / tablets) is only made of CSS (with the checkbox trick)!
At the moment it doesn’t use any backend/framework (it is pure HTML), but I am also working on a small PHP backend that would handle very simple freedom-respecting templates as well as translations, following LibreJS rules for JavaScript usage. This backend is not complete yet but it will be released under a GPLv3 license.
Don’t hesitate to download and try PureOS! Your feedback is more than welcome as we want this fully free distribution to be as user-friendly and freedom respecting as possible. Those two goals are compatible.
I believe the world is reaching a point where the lack of freedom is starting to become noticeably less comfortable than the virtual comfort promoted by restrictive software makers. More and more people feel concerned about privacy, freedom and ethics in general. Most of them are beginning to understand why Free Software is so important (I was/am one of them!) The problem is that many people out there are under the impression that they are not “technical” enough to run a free OS like GNU/Linux, and so, they just give up… we must convince them that things are moving forward in the world of software freedom and that PureOS is as respectful of their freedom & privacy as it is modern, full-featured and easy to use by everyone.
There are were some questions floating around our community regarding PureOS compared to other distros, and I feel it is time to address them all in one go.
PureOS compared to other distros
Do PureOS and Tails have the same goals?
Yes and no. We both want to make secure, private and anonymous OSes but we approach the problem differently:
Tails has longer development cycles.
Tails is more focused on pure anonymity, privacy and security, not tailoring towards average end-users (by “average” we mean “average computer user” and not “average GNU/Linux user”). While Tails is not as complicated to use as Qubes, there still is very little attention paid to user experience.
Tails is a system that you don’t install onto a hard drive (last time I talked to Tails developers, they said they were writing code that even prevents you from installing it onto the hard drive).
On other hand, PureOS comes preinstalled on Purism’s devices and takes all security/privacy/anonymity aspect tailored towards a broader set of end-users.
PureOS will not take security measures that would, for example, make 99% of the web browsing experience almost impossible (Tails also doesn’t do this, but this mention is just an example to reflect our philosophy).
PureOS aims to be easy to switch from Windows/Mac as well for any other OS, while increasing security and privacy in great amounts compared to the two most popular desktop OSes.
PureOS doesn’t require any account, doesn’t send any feedback/telemetry to Purism (or any other company) and doesn’t spam with add-ons.
The combination is therefore meant to be easy to use (and pleasant to the eye) while being a very big step forwards in terms of freedom, privacy, security and anonymity.
SubgraphOS is an example of an OS that is more aligned with PureOS’ ideas.
What are the differences between Debian and PureOS?
Hopefully I don’t need to explain the long standing giant Debian. PureOS will tend to have least possible amount of deltas compared to Debian and it will try to forward upstream (and to Debian) all changes we make that make sense for wider community (Matthias and myself are also Debian Developers and we understand the importance of this). Said that, we have some differences: PureOS hosts only Free software – while Debian is officially only main, it does host and allows an option of having non-free software. PureOS will have more frequent changes and for now it will not have an real stable release in Debian sense (we consider PureOS stable for everyday usage as most of users experience the same with Debian Testing). PureOS already defaults to Wayland as default while Debian will still stay with X for at least one release. For final PureOS 3.0 release, the plan is also to switch from Debian Installer to Calamares and also PureOS will have kernel with grsecurity enabled (and of course our own configuration).
What package formats is PureOS going to use?
PureOS is based on Debian and thus we use the famous deb format for core system packages. Besides that, our plan is to have Flatpak as a convenient and secure complement to deb packages in the future. Flatpak is pretty advanced, is gaining momentum among application makers, and has a lively community.
Where are PureOS sources (to code)?
They are at repo.puri.sm/pureos/pool/main but the easiest way to get any code is to just do:
apt source <packagename>
How to upgrade to the latest stable version?
PureOS is in essence a rolling release and if you keep it up-to-date you’re already at the latest version. We release point releases (like now with the upcoming PureOS 3.0) to have better testing of features as well as having an image for our OEM ISO. There is no need to download every ISO we release if you update frequently, but it helps us with testing.
Why can’t I search apps in GNOME Software and why doesn’t installation work for some packages?
GNOME Software requires Appstream metadata to work properly, and we are in the process of implementing that machine. It will soon be ready, probably by our next “beta” release of PureOS 3.
The installation issue comes out because of migrations issues. Short explanation: our packages get synced from Debian into our archive called “landing”, there from landing they migrate to “green” which is what you have in your sources.list. So we basically have an additional testing step during this migration, but as those parts are new in our archive they sometimes might get broken. We are improving this daily so bear in mind that all can be resolved in your next update.
Why does PureOS default to GNOME?
We consider GNOME the most technically advanced and polished Desktop Environment out there. It also has the best support for Wayland and touchscreen devices, which is important for PureOS’ path. Those who need more features or a different look & feel can either go to extensions.gnome.org or install any other DE they need (you’re always just an “apt install” away from anything you want).
How can I contribute?
Talking about PureOS, sharing to your and wider community, sending bug reports, code, art and coffee to developers, all helps.
Since our previous status update on manufacturing & shipping operations in August 2016, we had to tackle a lot of challenges in parallel: changing some of our suppliers, preparing new hardware, processing refunds, preparing PureOS 3, deploying new public infrastructure, seeking additional funds to enable us to ship “from stock” in the future, etc. The puzzle had so many moving parts that we really had to wait for dust to settle at the end of November to know where we stand and to provide you with this report.
In this blog post, we’ll be providing a global shipping status update, a quick update on R&D, and we’ll be sharing some great news for those interested in the Librem 13. Read more
Another day, another corporate surveillance story; this time it is Apple who decides to secretly send users’ call history, as well as messages, to the “cloud” (which in this case is iCloud servers, owned and controlled by Apple).
This brings up a number of issues we have spoken about before, that users who buy Apple products think they own the device, until the realization—through near daily stories reporting on Apple undermining the privacy of user data—that Apple actually owns the iPhone device, and that iOS users are simply renting it as well as the software and services that run on it.
The Problem
Apple, like Google and Microsoft, controls the software that runs on your phone. Those companies will not relinquish control of their devices nor software because users continue to buy and finance their bad practices of exploiting users.
The Solution
Use, support, and buy products that are completely free software, where the source code is available, so that all the software on your device can be controlled by the user, not the software giants who undermine digital rights.
Purism ships PureOS with its products, which is completely free software. Customers can also elect to have Qubes preinstalled, or to install their own operating sytsem. Purism hopes to get PureOS officially endorsed by the Free Software Foundation very soon. Additionally, in the long term Purism is working towards its ambitious goal to fully free its hardware and get hardware certification by the FSF, becoming the first manufacturer of “brand new” high-performance laptops to achieve this.
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. Emilio Morenatti/Associated Press
Today we learned once more why utilizing pure free software where the source code is available is critical to protect users’ rights to privacy, security, freedom, and anonymity.
The New York Times points out that this latest security breach “shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers.”
Let’s examine the problem and see what can be done about it. It’s not too late to stand up for your rights.
The Fundamental Problem
All phones and tablets on the market today suffer from the same problem: the code that operates those devices are a mystery to the users. In this specific case Google’s Android, but the same problem exists with Apple devices and Windows devices, where the operating system, software-updated firmware, and most software that runs on those devices do not have the source code available to verify that there are no backdoors sending your private data to unwanted third parties.
What this means is there is absolutely no way, for a user of Android, iOS, OSX, Windows, or any operating system that does not release all the source code, to guarantee he/she is not being illegally spied upon for nefarious reasons, corporate surveillance, government spying, and/or private data mining.
The tracking built into mobile devices is at every level imaginable. We need to create a better, digital rights respecting future for computing.
The Future of Computing
If we, as users, continue to morally and financially support Android, iOS, OSX, Windows or any other operating system that strip away the digital rights of users, we continue to advance a future where:
users are controlled for profit;
private data is mined for advertising revenue;
governments spy on people;
corporations capitalize on every user interaction;
security breaches involve staggering amounts of personal data, with enormous consequences for individuals—even worse than what we’ve been seeing in recent years.
Every time you purchase a device from hardware companies that pre-install Android, iOS, OSX, Windows, and other nonfree operating systems, you are contributing to the erosion of your rights. Buying an HTC device benefits HTC, Google, the carrier, and all software companies that preinstall their privacy-stripping binaries. Similarly, buying Apple benefits Apple, the carrier, and all software apps preinstalled or even later installed.
Current technology purchasing decisions. Can you smell the smoke?
Use hardware that allows you to run a completely freed operating system, where there is no mystery binaries, no private data delivered anywhere, and most importantly that you control.
Support companies and organizations like Purism, and know that every penny of a purchase goes to benefit the future of computing and the digital rights for users. Make informed purchasing decisions and support hardware manufacturers that push Free Software’s agenda all the way through the supply chain.
The Upcoming Purism Phone and services infrastructure
Subscribe to our newsletter (simply send an email to announce-join@announce.puri.sm to subscribe automatically) or follow us (see website footer for social links), then you will be notified when Purism launches the first freedom, security, and privacy respecting phone.
Welcome to new devlog post. Many exciting news here, so lets dive into it step by step.
New infrastructure
In past we had many issues with failing repositories, an outdated archive, expired keys, sources changing too often… this is why we have now moved to new servers, with control from the ground up, and started building the new PureOS infrastructure (the whole Purism infrastructure also moved to new server). We are still improving and tweaking everything on a daily basis, but the foundation is there. New infrastructure is now mandated by DAK (Debian Archive Kit) and Laniakea (which is developed by Matthias Klumpp, aiming to make creating and maintaining Debian derivates easier for all).
Bug tracker
One of the most important aspects of every distribution is its users reporting bugs and submitting ideas. Now you can simply go to https://tracker.puri.sm/maniphest/ and report any issues as well as submit ideas. In the near future we plan to tweak the infra in such way that it becomes publicly visible even without registering an account (we spent our time building everything, so we haven’t been tweaking it yet).
Example of what the PureOS bug tracker looks like
Code hosting
While our code is still spread out on GitHub and we’ll be mirroring it to our infrastructure in the beginning, we plan to eventually host all our work on our infrastructure by default. After all, our infrastructure is entirely Free software based (code auditable, anyone can contribute, etc.). The code will be in place at https://tracker.puri.sm/diffusion/ (only a small, non-updated portion lies there at the moment).
Wiki pages
A good OS needs good documentation pages. Good documentation needs a good community. We started building the foundation for that as well, and now need your help. Our wiki effort will be lead by our main support person, Mladen Pejakovic. Either contact him or send mails that you want to contribute to the wiki foundation of PureOS, to feedback@puri.sm or hr@puri.sm. The wiki is located at https://tracker.puri.sm/w/. You can also fire up your favorite IRC client (Polari, Hexchat or some web IRC client), connect to freenode (irc.freenode.net) and join our #purism channel to chat with us. We need our community to pull this all out, as the task we are setting needs combined effort of an entire community that cares.
PureOS 3.0 alpha release — codename “Prometheus”
With a new infrastructure comes new tasks, and the first and obvious is to improve our OS. We chose to start from ground zero and progress on it properly. We call this release an “alpha” as it is missing a few things (and we want people to test it) but its overall stability should actually be slightly higher compared to previous releases. Also, a great feature it gained is that now our images are “live”, meaning you can run them without installing on your drive! The download link is located at the usual place.
For those who don’t want try the new installation (although we would appreciate that, even if done in GNOME Boxes or other virtualization tools you use) and just want to update to it, here is what should be done in terminal:
Now lets talk what is in there, what is missing and what can you do.
PureOS 3.0 Prometheus aims to be the best release we ever made, and we want it to be the release with the most community engagement ever (this is why we deployed our awesome now infrastructure foundation above!)
With that in mind, we want to see of course your code and ideas of what do you want to see in the default installation, but we also want artwork! A lot of artwork. We are opening a contest for wallpapers. The rules are simple: create a piece of artwork (it can even be an old photo you took at some point in time) that inspires you, reminds you of freedom and/or has the Prometheus idea floating around, combined with some Free license (GPLv3 for example). Prometheus gave to humans fire (a.k.a. knowledge) which made humans free. We are giving you the OS which we hope will empower you to make your dreams true and form the best community around it. Also, if anyone feels inspired and wants to challenge their skills, please do a plymouth theme (here is inspiration).
GNOME Software is in there but we still need to build our Appstream machine, so it’s currently missing data (the Synaptic package manager is not ported to Wayland yet, so the good old terminal will be your friend for next couple of days—or just pick “GNOME on Xorg” at the login screen 🙂 )
PureOS 3.0 alpha will be shipping with Wayland by default (you can simply choose your session on login screen by pressing the gear button and choosing which one you want). Wayland is such a huge step forward in many ways, to provide a beautiful tearing-free desktop experience but also to build future security. To get why this is important, watch this video. We are proud to push this last bit forward as we feel comfortable that our hardware will play nicely with GNOME and Wayland. Notice there are some quirks with Wayland (some missing legacy icons, global menu loading 15-30 seconds before it becomes usable, some pointer issues) but most of them we will clear out in the near future while bravely going towards the final release of PureOS 3.0.
Here are some known issues (nothing that affects stability):
The default wallpaper is still the old one, and while we have new artwork done, we still didn’t integrate it as we want your wallpapers in as well.
You will miss our patched kernel which provides somewhat better touchpad functionality compared to stock kernel, but we will push that in soon: you will be able to find it in a package update; we hope to eventually provide fully automated builds that you can test early.
About the touchpad, we plan one more quick snapshot in coming days to fix few things and, after that, allow one developer to focus full-time on making it work better.
FSF distribution endorsement
This is something PureOS is aiming for. What does this endorsement mean? It means that we provide and support only Free software by GNU standards. While PureOS is not meant only for our hardware, we must advise people who will try it on other hardware that you may encounter some issues, for example WiFi might not work if your hardware requires a proprietary firmware. Also, in the future we will optimize the default image towards our hardware (so AMD and nVidia drivers would be missing from default images, as we currently only use Intel ones—unless AMD or nVidia start providing an entirely free/libre and open source stack to run their cards efficiently). To the endorsement and beyond!
Purist services
While we focused most of our energy towards building infrastructure for PureOS, we also gain one notable feature very important for future of Purist services usage: keysafe. Joey created this to make it easy for all our users, as services will use GPG keys in some form—and we all know how hard that can be to use, for many reasons. Not only we built such a feature, Joey also deployed it as the standard for our servers already (check here for requirements and path to our server). We will also move the Purist Services roadmap to the PureOS bug tracker (or make it visible at some place so people can hop in to contribute).
Community
Our systems administrators are volunteers. They believe in what we do and dedicate some portion of their time to our cause. We mentioned this many times, but we really want the community integrated inside the company, not to become just another commercial entity. We care for our community and we would love you in. Head towards anything you want to help with (you can see how much we trust community that they take care of our critical infrastructure) and please do chat with us. To show appreciation for their entire effort we sent Librems to our sysadmins and one of them even responded with a great tale that made us laugh (sadly we can’t share it here). Yes, we love fun stories (we want even to integrate some humor into all our products so feel free to suggest something “spicy”). We lived entirely of community donations (in form of purchasing our hardware) and although we started searching for some investments to speed up our development, we still trust that the community will stay the biggest backbone of our progress.
Developers
You can jump straight into coding for PureOS. Probably the only missing bit is Developer Guidelines, and we plan that write those soon. Besides technical aspects (how to do proper packaging) we will also make some guidelines about look & feel. For example, it would be awesome to have beautiful GUI app for creating, editing, maintaning GPG keys. It should work just as nicely as Etcher.
That would be all folks, we will try to update blog (not only technical part) more often, especially now that our website has new contents and a new look, improved in many ways thanks to the tireless efforts of our marketing guru Jeff (from the land of maple syrup)!
Lets start this devlog with some good news, that we believe will make a lot of users happy and that it will satisfy a few trolls as well. We moved away from Cloudflare. It was creating problems for Tor browser users (which was kind of ironic as we shipped with Tor browser on our machines as default) and the temporary solution was to whitelist all Tor nodes. We are now finally Cloudflare free. Also our certificates are now from famous and all-loving LetsEncrypt, on all our servers.
With huge efforts to create PureOS infra, we also decided that now is the time for an entire transition. That is why we are moving all our services to a secure facility where we run our own dedicated servers. Fun times! Let us know if we broke something during our transition! This is all brought to you by ever growing Purism team.
As we are approaching a day when PureOS infrastructure will soon be set up (hopefully in next 2 weeks), we also issue a call for volunteers. There will be wiki (which we need to populate with documentation, tutorials, ideas and magic), PureOS website (anyone eager to try their design and web coding skills?), bugtracker (oh yes, we all need that), code hosting (what would be an Free OS without Freedom code hosting service? 🙂 ) and many more goodies. Also, we issue call for ideas – if you have an idea on how to improve any of above mentioned things please feel free to share. We want to find out what our users need and we will try to implement that with security and privacy in mind . Our vision and mission is to integrate Freedom, privacy and security. Lets talk how to improve Free software/hardware and society! IRC (#purism on freenode) and feedback@puri.sm are your friends for that.
What would be a devlog without bad news? I don’t have an answer for this but here are the bad news. While regular PureOS 2.1 image installs fine on all hardware (yes, even the NVMe SSDs) the OEM ISO fails. We are investigating this and hopefully we will resolve it this week, stay tuned. I am also very pleased regarding bugtracker – while we support people discussing in forums, it is a bit of an overload for our stuff to forward complaints to us and then we through our support contact them back via forums (or in some cases mails) we must find a way to improve this. After all we are an open community and we must offer transparency in our bug reports, easy searchable by community and our stuff.
What is going on with Purist Services – well, we are issuing a volunteer call for people interested to work and chat with Joey Hess (our lead architect on this). Skills: knowledge about XMPP, OMEMO, IM, voice/audio calls (people that work and use Ring are of high interest to us. At least to our technical lead 😉 ), encrypted mails, UI/UX design (we need somehow to level up GPG usage and without really easy UI we are doomed to fail).
The last but not least – regarding all infrastructure build up, old PureOS infra will be the last to shut down. This means that you will still have some issues with our archive. although we take all your reports seriously and fix them ASAP and we we are also preparing PureOS 2.2 release with it.
P.S. sneak peak for PureOS 3.0 which will get released with new infra – its codename will be Prometheus! That’s enough juicy details for now!!
We said there is not going to be another PureOS release with old infrastructure but… there is one more (at least). Making new infrastructure takes time to do it properly (and we want to do it properly for sake of ours and your nerves) so we will have one more point release of PureOS – PureOS 2.2. We are currently still baking it as part of the team is focused on making OEM ISO so we can pass tests for installation on NVMe SSDs (and this is something few people reported as OS missing or not recognizing the disk and the PureOS2.1 regular ISO already passed installation on such hardware but of course we need OEM one for your devices).
Besides new infrastructure, baking ISOs here and there, we are working (until this point more in background but it will be more publicly visible soon) something what we call at this moment Purist Services. What are Purist Services?!
Glad you asked. We will combine best Free software solutions in many fields into what we call purist accounts. It will be unified solution where users will have a choice to create a purist account and get out of the box: Instant Messaging, Voice Call, Video Call, Email and after that we will add one by one more solutions such as Social Account (Diaspora*), Photo/Video sharing (Mediagoblin), file sharing (Filetea/SparkleShare and maybe, just maybe, nextCloud) and other goodies that can and will benefit our users. All will of course be Free software, encrypted and any client that will support protocols and techniques we use will be able to connect to purist users and vice-versa.
With addition to that we have two announcements – first, lead architect of purist services is famous Joey Hess. Second, this is good opportunity of employment if you want to work in Purism. How we do technical interviews – either you have already a good history with Free software or you start contributing to Purism development and in few months (of good work!) you will be called in for an interview. If you are interested in working with Joey or any other part of PureOS, feel free to send your resume to hr@puri.sm with cover letter.
This is first in series of Purism developer’s blog post. It will be mostly about technical aspects of Purism work but also sometimes mixed with few other fields and information. The only promise is that it will be more – no promise how often, no hardcoded path of releases. In Debian mantra – it will be ready (and published) once it is ready.
We are happy to announce release of PureOS 2.1. Besides fixing bugs (such as overwriting the entire disk during install!) it will boast few new apps (and few removed) on this new ISO image:
Kodi
VLC
Blender
Audacity
Darktable
MyPaint
Ardour
MPV
Removed apps:
Debian bug tracking system (PureOS will have its own, more in next devlog releases)
Brasero
As you can see we wanted to bring some creativity with preinstalled applications (athough all applications are easy installable or removed through software center/app store (famously called now Software in GNOME thus PureOS)) and Kodi to just show that Free software is cool and great! In art terms we also integrated new Plymouth theme which we believe you will like (soon we will bring up community wiki so people can share their ideas and write tutorials, documentations about PureOS but again, more info about it in some of the next releases).
Besides that we are again trying to improve driver for touchpads (yes, we agree with you and your pain, but we are in the same awkward pain – we use those devices, we work with our manufacturers but they simply don’t give us any documentation – something we are trying to improve all the time but there is so much time and space for such small team to tackle so many tasks of which some aren’t even in description of our work. Thank you for your support and patience and we are really trying to pull out max of what we get). That said, our involvement with manufactures gives us opportunity to drive how new products will be developed which is something very important for us and our (and your) future. Back to technical parts, ew integrated driver should now have:
Tap to click
Double tap
Two finger scroll (up & down)
Three finger swipe
Edge scrolling
We hope we improved some of the previous part of driver and also enabled some new things (note this is entirely new driver so bare with us while you test it and report bugs).
PureOS 2.1 now also comes with GNOME as default because it is aligned with goal to have one default environment for all our devices (we are now in process to produce tablets). With future plan to develop to phones that could be switched to KDE’s Plasma but future is exciting and unpredictable.
This release also has sum so people can check against ISO build and new installations instructions that should be much more user friendly – check more at download page.
Also, this release should be the last one built with old (almost non existent) infrastructure. New one will be more professional, more open and feel more native for Free software development. We will write more in next release of devlog.
Keep calm and develop Free software (and hardware!),
All Librem laptops come with a Hardware Kill Switch (HKS) which physically severs the circuit to the Camera and Microphone. The Librem laptops are the first to offer this feature and it works quite well. And in some cases, a bit TOO well.
Specifically a Librem laptop Camera and Microphone Hardware Kill Switch will work with any GNU/Linux OS, but only as long as one obeys these simple rules:
Rule #1: Always have the Camera/Microphone HKS in the ON position when booting the laptop. This ensures the kernel is aware the device is there. Once the OS starts up you can toggle the Camera/Microphone OFF and ON as you wish, but…
Rule #2: Always have the Camera/Microphone HKS in the ON position BEFORE starting a program that uses the Camera, like CHEESE. Once the program starts you can turn the Camera/Microphone OFF, but you will have to close and restart the program, with the HKS in the ON position, to get the Camera to work with that program.
If any of these rules are violated, the Camera may NOT work until a reboot.
The longer term plan is to develop proper kernel loading and unloading or software application polling of the devices, so the user flow becomes irrelevant. Obviously the kernel and software never took into account severing the circuit during operation, therefore we decided to post this to help user flow, and to provide a roadmap to ideal performance.
I’m happy to announce that I have put together a new website dedicated to PureOS, with its own domain name: https://pureos.net
