Thoughs on the Purism Librem 13/Librem 15 laptops

in #technology2 years ago (edited)

I was asked to write up my thoughts on the Purism Librem product range, see https://puri.sm/. I wrote up some thoughts on the telephone - Librem 5 - in my previous post, now I'll follow up with another post on their laptops (Librem 13 and Librem 15). They are quite similar, except the Librem 15 being a bit bigger, 400 grams more to carry, and having bigger screen resolution.

Summary first

I probably wouldn't buy the Librem myself, because ...

  • My gut feeling is that the Librem laptops are overpriced, that one can buy the same quality Linux laptops from other vendors for a cheaper price without compromising much on the security, privacy and freedom. Well, I may be wrong, a quick attempt at matching the Librem 13 at thinkpenguin.com ended up at a higher price.
  • In my personal opinion there is too much marketing speech and too little technical specification on the product presentation pages, that does raise some red flags for a tech-person like me.
  • I feel that I don't know a lot about PureOS - well, I haven't put down much effort searching, but I think it should not be needed. It's Debian-based and Gnome-based, with rolling releases, and that's almost all the information I have found. That is a big red flag for me. Putting together distributions and maintaining them aren't easy, when buying the Librem it's important that the distribution is maintained some five years down the lane, if not ten; this is also security-related as it's important to upgrade software whenever security flaws are found and fixed. One would typically want to use one of the "big" distributions. I'm not super-confident Purism will even exist in ten years time. Depending on how much PureOS deviates from stock Debian there may be a significant risk going for PureOS.
  • For a reasonably secure setup, I think it's a bit essential to control permissions on the application level - it does not seem to me that PureOS is doing anything like that.

That said - if one can afford it, wants a sort-of-ethically correct, ready-to-use Linux computer, configured and optimized for privacy already from the vendor ... then don't wait, order it today! The Laptop can always be reinstalled with some other distribution later if one is unhappy with PureOS, most likely one can reconfigure it to fetch package upgrades directly from Debian if Purism should fail.

Personal biases

I was a MS-Dos user from the mid-80s (prior to that I was using mostly CP/M) until 1990. In that part of my life, I saw no problems with Microsoft - but I was a "pirate", I never paid anything for running software, everything was copied from friends, we were borrowing each other floppy disks extensively. I tested all the software and games I could get my hands on, and I also read a lot, so eventually I realized quite some companies were doing "bad things" to earn as much money as possible, as well as to ward off competition. As soon as Windows 3.0 launched, I installed it on my computer (a pirated version of it, of course), and ran it for around two weeks until I decided ... "naah, Windows is not for me", and I started migrating away from Microsoft-land, first using OS/2 for a while. OS/2 was great. I had a 386SX with some few megabytes of RAM (bought an extra megabyte, it costed quite a lot. Yes, megabyte not gigabyte!), it was really painful to run Windows 3.0 on it, it was slightly painful to run OS/2 with graphics on it - but I did manage to hack away all the graphics and run OS/2 text mode. It was amazing, it did multi tasking perfect and was all the time snappy - can't say Linux performed equally well on that computer.

Eventually I was doing quite some advocacy as well - after all, OS/2 was much better than Windows, and it could run most of the Windows apps as well. I became the local leader of the advocacy group "Team OS/2". We were frequently invited to stay on stands for IBM, but soon enough I realized that OS/2 was kind of a burned platform within IBM, and that we got invited to stands just so they could have some extra personnel there for free. Most of the PCs on the stand was with Windows and we were supposed to promote IBM software written for the Windows platform. Ouch.

At the university I first got introduced to HP-UX, but the IT student association also had a lab with some other equipment, running Irix, NetBSD, Solaris and some other equipment. Eventually Linux. I was a relatively late adopter at Linux, but eventually when I replaced the 386SX with a laptop, I installed Linux on it - of course - and I've been sticking with Linux ever after. There are so many reasons for it, I really want to elaborate on some few of them ... but that would be a digression. I probably have some of the same relationship to some proprietary software (and particularly quite some of the Microsoft software) as Muslims have to pork, or vegans have to milk, I just rather won't touch it.

Living without Microsoft

The Librem laptops comes with PureOS, which is a Linux distribution (Debian-based). While some windows software probably will run under the Windows emulator on Linux (wine), I would recommend against trying that if one is dependent on running Windows-based applications. But nowadays ... there are almost always alternative software that can do the same job on Linux, often even better.

Being a Linux-user and shying all sorts of Microsoft software (and almost all sorts of closed-source proprietary software) was quite a pain in the 90s and early 2000s. It's sort of the same as not using Android or iPhone today - not something I would recommend for ordinary people. Nowadays everything works from the browser, but it didn't use to be that way. In the 90s one would typically need to buy software for everything, and the software would only be available at Windows. Sometimes one would get CDs that one was supposed to pop into the computer at home, CDs that would only work with Windows. It was particularly bad with hardware - such a simple thing as a mouse or a printer, one would have to do a lot of research to find one that would work with Linux - and the problem was really not with Linux per se - there were plenty of developers wanting to write the driver code for free, if just the hardware vendors would have cooperated. Quite many Linux drivers was written through reverse-engineering.

Then came the web browser, and interactive web pages with forms, eventually more interactive web pages with code executed at the client side using JavaScript and other technologies. Banks would open up internet services, available from a web browser, so theoretically banking and many other things could be done from a browser on any device. But no, not really. I believe that in the dot-com era quite many tech companies would write up "awesome" stuff and demonstrate it for the investors on a bleeding edge desktop using some particular version of Internet Explorer, and being connected to the same LAN as the web server. Once one would try using the web page from a computer that was some few years old, connected to the Internet from an ordinary home using a dial-up modem, having a slightly different version of Internet Explorer, and a screen resolution slightly different from the screen resolution on the demonstration PC, one would have problems using the service. On Linux running Netscape or some other browser one would simply be out of luck.

This is history - luckily. By now it's very rare I run into problems by not having Windows computers or propritary Microsoft software at hand. The biggest hurdle is maybe that businesses as well as the public sector expects that I'm able to open up, read and sometimes even edit documents produced by Microsoft Office. Well, I'm usually managing fine with LibreOffice. Eventually some few years ago my eldest son had big problems doing his homework as the school would demand him to use Office ... and my next son is seeing too many gaming videos on YouTube, just to realize that the games featured won't run under Linux. Well, there are other games working well under Linux ...

Avoiding the "Microsoft tax"

For the last few decades, buying a laptop or a desktop from any other vendor than Apple without getting it pre-installed with Microsoft Windows is indeed very difficult. This prevents free competition, but it also means people like me - who has no intention at all of running Microsoft products on the computers I buy - ends up being forced to pay for a Windows license that I do not need and will not use. Personally I have never directly been paying this "Microsoft tax", I've either been buying my equipment second-hand, buying it in parts or searching a lot to find a vendor who do offer equipment without Microsoft Windows. Usually one does not end up saving money by doing the latter. However, up through the times I have been getting a lot of brand new laptops or desktops from my employers, the employer knowing very well that I will not use Microsoft Windows, but still buying me a computer with the Microsoft license. I've tried complaining a couple of times ... but often in vain, it just doesn't make commercial sense to spend lots of effort trying to save some dimes. My current employer, originally started up by open-source enthusiasts, and still a company branding itself as having top-notch expertise when it comes to open source and Linux, we have around 200 Linux-using employees, and still the equipment I get comes with pre-installed Windows.

One will most likely not save any money by buying a Librem laptop comparing with equivalent gear with Microsoft Windows pre-installed, but for sure I would much more like my money to go to Purism than to Microsoft.

Hardware

I'm not much into hardware, so I have no idea if the specs shown are good compared to the price or not (my gut feeling says the equipment is overpriced), but I do have some comments.

The Librem 15 is the first ultra-portable workstation laptop that was designed chip-by-chip, line-by-line, to respect your rights to privacy, security, and freedom. Every hardware and software component—and everything we do—is in line with our belief in respecting your rights to privacy, security, and freedom. We know you will be happy with the results.

And nearly the same they claim on their Librem 13 laptop.

As said, today (and for the last few decades) it has been very hard buying computers that doesn't come preinstalled with a proprietary operating system - but it could be worse, much worse! Some few years ago there seemed to be a real risk (through technologies like UEFI, TPM and particularly SecureBoot - and through phrases like "secure computing") that it would become impossible to buy computer equipment and install alternative operating systems on it, the hardware simply wouldn't allow the user to control the equipment! Well, we got UEFI and TPM on most computers sold today, Linux works very well under UEFI (and also, UEFI can be typically replaced with "legacy boot" in the BIOS setup menu). SecureBoot can be disabled and if going through a lot of hooplas one can even get Linux to work under SecureBoot. I don't know - but possibly we can thank activists that the worst-case-scenario haven't happened - so far - and if vendors like Pureism is allowed to stay in business it won't ever happen.

Further, there may be backdoor(s) in the firmware. Some computers have been delivered with "remote management"-functionality working independently of the operating system. While there may be legitimate uses for such a feature, and while such a feature most likely was made without malicious intent, it still is a big backdoor and a security issue. I guess we can trust Purism to deliver Librem laptops without such backdoors.

Processors are essential—they are called central processing units, for a reason. Selecting Intel i7 based processors, the seventh generation mobile version, offers the best battery life while not compromising speed and supporting the open source Coreboot BIOS. In using the latest from Intel, processor-hungry applications finish at lightning speed.

For most Linux users UEFI works well enough, but it's not without controversy and coreboot sounds like a cool thing.

I haven't kept much up with the development throughout the last decade. Anyway, if I had the option between Intel and a competitor, I would choose the competitor. For one thing, Intel is too dominating. One of the selling points of using the x86 architecture has usually been "backward compatibility", meaning that, in theory, all the software one has purchased for the IBM XT personal computer from the 80s will still work at the latest PC running an Intel processor. It was important for "ordinary users" back in the 80s and 90s when one actually were purchasing software and only got binaries of it. When running nothing but free and open source software it doesn't matter much - everything can be compiled for (nearly) any processor. It may not be true in 2019, but at least a decade ago one could get much more oomph running some true RISC processor rather than an Intel x86-compatible processor. The Raspberry Pi does not use Intel, most cellphones and pads does not use Intel, if I was to guess it's best to avoid Intel if one is optimizing for battery life - but I may be wrong. Please use that comment field if you have any knowledge or opinions on it.

Memory is a wonderful thing. Purism offers the best in class memory modules at the fastest speeds available in a laptop. You will notice how quickly software applications respond when using the highest quality freedom-respecting hardware.

I don't know much about memory, but I think the statement above is quite empty marketing speech. I do believe one can get the last "bleeding edge" chips for twice the price of the previous generation of chips, but for most users the performance difference will be negligible - I believe the most important thing with memory is that there should be enough of it - and for ordinary users today, the definition of "enough" depends on how many browser tabs one has open in the same time, and what kind of web applications one is running from them. For good security, error correcting code (ECC) may be important - as far as I know, the Librem 13/15 comes without ECC on the memory chips. Without ECC, data in the memory can become corrupted i.e. by cosmic radiation or solar storms (see also https://stackoverflow.com/questions/2580933/cosmic-rays-what-is-the-probability-they-will-affect-a-program and particularly my answer there). The probability that such a corruption will cause data leakages are very small, but it exists. Freedom-respecting memory chips? I don't think there is much of a difference. I think the only thing that is important is that standards are respected. I do believe that some systems does not give the owner the freedom of freely choosing memory chips from different competing vendors. I believe the Librems come with such freedom. Actually I believe only the biggest brands come with such restrictions, and probably mostly on the server side.

Seventh Generation Intel Graphics - Optimized for media, without the power drain, with Intel HD Graphics 620

Nowadays there is almost a duopoly between Intel and Nvidia when it comes to the graphics controlling hardware. Nvidia has generally been regarded as having the best performance, while the Intel systems have been more optimized for power saving. Linus Thorvalds is quite blunt in his opinion on Nvidia - they do not have a good track record when it comes to cooperating with the Linux community, trying to get the most out of Nvidia on Linux is ... messy.

Linus Thorvalds says ... So NVIDIA FUCK YOU

I don't like duopolities, so from an ideal point of view I'd like to see graphics coming from some other vendor ... but if one wants to be a bit pragmatical and still preserve freedom to control the hardware using free software, then ... Intel it is.

Two hardware kill switches, microphone/camera and wireless/bluetooth

This is important. At some point, vendors started with software-controlled kill switches - typically located on the keyboard. They don't actually do anything except sending a signal to the operating system - "can you please turn off the wifi?". I once got a laptop where the only way to turn on the wifi was ... "boot windows, press the key, then boot Linux" ... aaargh (I should have known before deleting Windows, for one thing). It's such a mess ... and also, requires one to trust the software. If your laptop with software kill switches gets compromised, then software-controlled kill switches cannot be trusted anymore. Install some random Linux distribution, and it's not sure the software kill switches will work at all. Hardware kill switches are better.

One thing about hardware kill-switches though ... it's important to be aware of them. If the laptop has a physical kill switch and you're unaware of it, then for sure at some point you'll manage to touch it by accident (or your child will play with the laptop and switch it), and then one can spend hours trying to troubleshoot the wifi connection problem.

I have a HP, and it do like the camera "kill switch" - it's simply a lid that one can slide in front of the camera. That's as simple and trustworthy as it can get. (I've seen other people putting pieces of black tape over the camera).

13.3″ Matte IPS Display - Enjoy your screen in all lighting conditions - With our anti-reflection matte IPS display you can view your screen from the position that is most comfortable for you, avoiding the uncomfortable mirror-like reflections of glossy displays.

For the Librem 15 it says ...

15.6″ 4K Matte Display (...) With the 15.6 inch screen now supporting a higher resolution (3840 x 2160), there will be more pixels per inch (PPI). More pixels per inch translate to a sharper display. Better for both work and play.

That sounds great.

That said, I'm pretty impressed with my current HP. It has a privacy-switch, when pressed it's impossible or very difficult to see what's on the screen when looking at it from an angle.

Large Multitouch Trackpad - Scroll, click, zoom, scale, all with an easy-to-use multitouch trackpad - First, there was the mouse. Then came joysticks, eraser-heads, trackballs…now welcome the ultimate interface: the multitouch trackpad, with gestures natively supported under PureOS.

Personally I've always been preferring the "eraser-head" aka "pointing stick" aka "trackpoint" thing at the middle of the keyboard, found at some Thinkpads and HPs, combined with physical buttons at the bottom of the keyboard. It's not in the way, one won't hit it accidentally, it doesn't go all crazy if a drop of sweat falls down on it on a hot day, it doesn't take space and I can use it without leaving the keyboard. Ok, a trackpad can be accessed by thumbs without leaving the keyboard, but one cannot do so with much precision. And yes, there are lots of different things one can do on a trackpad supporting multi-touch - and yes, there is a point that not all trackpads will work fine with Linux, and that not all Linux distros will support all the features.

Build quality starts from the first thing you touch. You will enjoy typing on your Librem so much, you may never stop typing. The Librem 13 offers a full-sized keyboard, with easy to press keys—but not too easy—floating high enough to feel “just right” when you push down. Enjoy typing day and night with the backlit keys with two levels of intensity.

Some people have strong opinions on keyboards ... I don't. I'm spending lots of time fumbling after the right keys when I'm coming to a "new" keyboard or when changing frequently between different keyboards, but eventually I think I'm equally productive at almost any keyboard as long as I get used to it. Most laptops I've had recently have been with either backlight or a LED-light for illuminating the keyboard at top of the screen. Well, I hardly ever bother to look at the keys anyway - and my keymap differs a bit from what's written on the keys.

On the subject of keyboards - I've been using some laptops really a lot, and after some years insane amount of dust, hairs and whatnot have been getting stuck below and between the keys. Hygiene is one thing, another thing is that the keyboard may be difficult to use after a while. I think it's important that it's possible to detach the keys easily and pop them easily back in place again. I've encountered keyboards where the keys can be removed but never put back in place again ... that's the worst. I have no clue if the keyboard on the Librem can be maintained. I hope it can, it would fit with their philosophy.

Super Sturdy Hinge - Designed to last, reinforced metal, mounted directly to the case and screen

I can attest - I've had two laptops with broken hinges. Admittedly, the first one was lost in the ground some few times, and that was the reason for the bad hinge. As for the second one - bought from ThinkPenguin - I had some restrictions in place putting it in sleep mode frequently as my child spent too much time in front of the screen, and my kid was taking the monitor down and up again to wake it up. Still, the computer is quite new, it shouldn't break that easily.

Purism Key - A powerful key to search your computer and applications - One button to rule them all. Quickly access all your favorite apps and documents from a single key.

That's the "Windows key" with another symbol on. I hope they made it better than on the ThinkPenguin, my ThinkPenguin laptop seems to have an ordinary windows key with a tux sticker on top of it.

Not a big selling point anyway. I do use my windows key for controlling my windows manager. I think the windows symbol on my current laptop looks quite neutral, either it's just a general window symbol, or perhaps the logo of MS Windows has been changed so much I don't recognize it anymore. What do I know, I don't use that product anyway.

All other laptops use hardware chips coupled with software that can betray you. News stories have shown how these chips can surreptitiously transmit voice, networking, picture or video signals. Other chips are used to install spyware, malware or viruses. These built-in vulnerabilities can turn “your” computer into “their” computer. Purism works with hardware component suppliers and the Free software community towards making hardware that respects your privacy and protects your security.

Well, there may be a point there ... one actually needs to trust the hardware. Still, are there any true stories out there (except for "remote control" functionality built into the BIOS ... and except bugs found in some Intel-chips) that hardware have been coming with built-in vulnerabilities? Are there any proof of any deliberately maliciously placed backdoors? Security flaws by accident can happen anywere, also in Open Source and Open Hardware. Yeah, even deliberate backdoors put in by malice can happen in Open Source, it's just much more difficult to keep it hidden and unknown in the length.

So, I believe it's pretty hard, if not impossible, to select hardware that guaranteed "cannot betray you". That said, it's important to choose hardware with as much openness as possible, hardware that works well with Linux, hardware where all features actually are supported under Linux. Ideally all the hardware should be as "open" and "free" as the software - anyone should be able to take the design drawings and produce their own copy freely, the firmware should be open source, at least making it possible for the public to audit it and ensure there are no backdoors. Most (if not all) parts on the Librem laptops come from hardware manufacturers that do want to keep some secrets and restrictions. The biggest issue with getting hardware to work under Linux is that some hardware manufacturers even wants to keep the interface protocols secret. The freedom to know how to use equipment you've just purchased is quite fundamental, and it's also impossible to keep that secret and at the same time provide open source drivers for it. I do hope the Librem have chosen hardware from vendors that are following well-established open standards or that have released all the protocol information and are cooperating with the open source community, rather than hardware that happens to work under Linux because someone has reverse-engineered the interface details. I do trust Purism to choose right when alternatives exists, but I don't trust them not to make any compromises.

Alternatives

Hardware

There are some other vendors out there selling computers with Linux pre-installed. As said above, I did order one from ThinkPenguin and was happy with it, except for the hinge problem. In their web shop, one can customize everything, and the "distribution to install" is a free-text field.

The EOMA68 may also be worth looking into.

I'm quite sure there are more vendors out there - just google for it!

OS distribution

I found an article "15 Most Secure Linux Distros for Privacy and Security Concern Users" out there the other day. It's not a thorough guide, but it's a nice reference.

Qubes OS is on the first place. Today that seems to be the best bet of getting a "reasonably secure operating system". It's based on Xen, I may be mistaken, but I believe Xen has become a bit deprecated, KVM is probably a better virtualization choice. One may probably also get more out of the resources without compromising much security by using lightweight containers rather than full virtualization for each process.

PureOS is also listed there, but there isn't much information about it.

Other thoughts

The browser coming with PureOS is configured for privacy. It may come with a cost, usability may suffer - i.e. if one has to log in "all the time" to all kind of services, if "single sign on"-solutions won't work, if your favorite news provider come up with pop-ops like "we use cookies, please click OK to accept it" every single time you visit it, etc.

Also, some of my thoughts in the previous post applies to the laptops as well, at least those two:

  • If the PureOS intends to give a unified user experience both on a 5" phone and on a 15" laptop, it's quite likely it comes with a GUI that's going to be uncomfortable and non-optimal both on the phone and on the laptop.
  • For good security it may be quite important to restrict permissions on the application level, or even run the applications in different containers to isolate them from each other. This is quite rare to do on Linux desktop systems, and so far I have found no indications that PureOS comes with any such protection, meaning that any backdoor in any application run can cause full compromisation of all your secrets, control of the video stream from the camera, etc.

I feel there ought to be a conclusion here at the end of this article, but it's already posted at the top ...

Sort:  

Thanks for all the info in the article. Resteeming.

I had looked into purism laptops in the past but i was put off by the fact that i would have to pay 25% tax to import one in Norway. At that price point it is probably better to buy something else and upgrade/replace some of the propriety hardware.
Of course buying something ready made saves a lot of time but i am assuming that privacy focused linux users are also a bit of tinkerers.
If Norway ever drops that 25% import tax then i would probably reconsider but for know i'll stick to lenovo/thnkpads.

I share your frustration about the 'Microsoft Tax'. If only one could return or resell the unused windows license somehow that would be great.

Did you have a chance to actually use a purism laptop, hands on?
If so can you give some feedback on the noise levels? I had some high fan noise problems in the past when installing linux on non lenovo/thinkpad laptops even though they had an intel gpu and not Nvdia.

No, I haven't had any hands-on experience so far. I will update as soon as I get some. I don't think there were any excessive noise from the ThinkPenguin laptop, should eventually try to fix it (mechanical problem, should be possible to mend it somehow ... I do have both epoxy, duct tape, glass fibre and polyester i my tool box ...)

It's quite common in modern laptops that all the power saving (even adjusting the fan speed) is supposed to be done by the operating system, at the same time different laptops may require very different configuration - hence a laptop with a pre-installed operating system (pre-configured and tuned exactly for that laptop) may work out better than when doing some generic operating system installation in the aftermath. On some Linux distributions it's needed to install some power management package (like laptop-tools or tlp) in addition.

Now that "everything" runs in a browser, and even devices without a fan (such as mobile phones and Raspberries) have sufficient computing power to run browser applications, fan noise ought to be a problem of the past.

Hi @tobixen!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 4.061 which ranks you at #3762 across all Steem accounts.
Your rank has not changed in the last three days.

In our last Algorithmic Curation Round, consisting of 89 contributions, your post is ranked at #46.

Evaluation of your UA score:
  • Some people are already following you, keep going!
  • The readers like your work!
  • Try to work on user engagement: the more people that interact with you via the comments, the higher your UA score!

Feel free to join our @steem-ua Discord server