<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p> </p>
<p>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,
initial-scale=1.0">
<title>The Librem 15 Sale - End of Year Sale</title>
<meta name="description" content="The End of year Librem 15 Sale">
<style>
*{box-sizing:border-box}body{font-family:helvetica,arial,sans-serif;font-size:18px;line-height:1.4;margin:0 auto;width:100%}.align-center{text-align:center}.align-right{text-align:right}ul.list-unstyled{list-style:none;padding-left:0}ol.list-unstyled{list-style:none;padding-left:0}p.sub-heading{font-size:24px;margin-top:0}h1,h2,h3,h4,h5,h6{margin-top:0}h2{margin-top:40px;}h4{text-transform:uppercase}blockquote{background:rgba(255,255,255,.3);border-left:4px solid currentColor;margin:0;padding:20px 20px 20px 30px}blockquote p{font-size:24px;margin:0 0 10px 0;padding:0}blockquote cite{font-weight:600}ol li,ul li{margin-bottom:10px}i{font-style:normal;font-weight:100}a,a:visited{color:#333}img{height:auto;max-width:100%}figure{margin:40px 0;}figcaption{font-style:italic;}video{width:100%;}.button,.button:visited{background:linear-gradient(#396afc 0,#2948ff 100%);border-color:#2948ff;border-radius:7px;color:#fff;display:inline-block;font-size:20px;font-weight:700;margin:20px 0;padding:13px 18px 10px;text-decoration:none}.button:hover{background:linear-gradient(#7194fc 0,#2948ff 100%)}.main-wrapper,footer{margin:0 auto;max-width:640px;padding:40px 20px}.grey-wrapper{background-color:#ededed}.black-wrapper{background-color:#2d2d2d;color:#fff}footer img{opacity:.5;width:120px}.black-wrapper a{color:white !important;}</style>
<div class="main-wrapper"> <img
src="https://wp.puri.sm/wp-content/uploads/2020/11/l15-shadow.png"
alt="Librem 15">
<h1>Last Day to Save $300!</h1>
<p>Today is the last day to get <strong>$300 off</strong> the
Librem 15</p>
<p>Get your new Desktop Replacement before this sale ends
January 1st</p>
<p>Ultra-portable workstation laptop that was designed
chip-by-chip, line-by-line, to respect your rights to privacy,
security, and freedom.</p>
<a href="https://shop.puri.sm/shop/librem-15" class="button">Order
Now</a> </div>
<div class="grey-wrapper">
<div class="main-wrapper">
<h2>Why FSF Endorsing PureOS Matters</h2>
<p>It was three years ago today, December 21, 2017, that the <a
href="https://www.fsf.org/news/fsf-adds-pureos-to-list-of-endorsed-gnu-linux-distributions-1">Free
Software Foundation announced it had endorsed PureOS</a>.
Getting FSF endorsement is not an easy task and involves a
lot of rigorous evaluation. Sometimes people ask us why we
decided to create and maintain PureOS instead of using an
existing distribution such as Debian (which PureOS is based
on). After all, it’s a lot of extra work to maintain your
own distribution, and even more work to maintain one that
qualifies for FSF endorsement. In this article we will
discuss why we consistently choose the harder road and why
PureOS being endorsed by the FSF benefits your freedom, your
privacy and your security (in particular supply chain
security).</p>
<p>Tech companies, especially those who are in the FOSS
community, often find themselves in a situation where they
must choose between compromising on their values to take an
easier path, or sticking with those values even if it means
a lot of extra work. At each step in Purism’s history we
would have had a much easier path if we had compromised like
so many others have. Instead we have consistently chosen the
longer and more difficult road <strong>because we believe
in free software</strong> <a
href="https://puri.sm/about/social-purpose/">to our core</a>.</p>
<h3>Choosing the Harder Road</h3>
<p>It would have been a lot easier to rebrand an off-the-shelf
laptop, slap a pre-existing Linux distribution on it, use
proprietary drivers for everything, and not care about
coreboot support. There are plenty of successful businesses
out there that do precisely that.</p>
<p>It was a lot harder to design our own laptop not just so it
had kill switches to protect privacy, but design it so that
all the hardware worked out of the box with free software
drivers and the CPU supported coreboot. It was also extra
work to maintain our own Linux distribution that only had
free software, so we could qualify for FSF endorsement.</p>
<p>It would have been a lot easier to take an off-the-shelf
ARM phone that already had kernel support with proprietary
drivers, and use some pre-existing mobile-only OS. It would
have been easier (and thinner!) to discard modularity and
just have everything on one chip.</p>
<p>It was a lot harder <a
href="https://puri.sm/posts/breaking-ground/">to design a
phone from the ground up</a> so that it would qualify for
RYF (a designation that not even everyone in FOSS community
values, much less society at large), that separated the
cellular modem from the CPU, and made it possible to disable
it with a hardware kill switch. It was also harder to invest
the software engineering time to have our phone supported in
the mainline Linux kernel and write (and upstream!)
phosh/phoc/libhandy/squeekboard so that the current Linux
desktop ecosystem could work on a mobile platform not just
in PureOS, but Debian (and any other distribution that
wanted to package it) as well.</p>
<h3>What's In It For Me?</h3>
<p>So why is it so important that the Free Software Foundation
endorsed PureOS? In addition to the fact that we firmly
believe in free software, we also believe that having an
operating system that runs on 100% free software <strong>directly
benefits you and the rest of society</strong>. We often
say that we sit on a three-legged stool of Freedom, Privacy
and Security. Let’s talk about how an OS that runs 100% free
software directly benefits you in each of those categories.</p>
<h3>Freedom</h3>
<p>Perhaps the most obvious benefit of PureOS being 100% free
software is <a
href="https://www.gnu.org/philosophy/free-sw.en.html">freedom</a>.
Every piece of software in PureOS has a corresponding source
code repository that is licensed with a FSF-approved
license. This means you are free to download, inspect, and
modify any of the software in PureOS directly. If you want
to improve a piece of PureOS software you are free to fix it
and share your fix with the rest of the world under the same
freedom-preserving license.</p>
<p>You are also free from the whims or poor decisions of a
software maintainer. If a software developer decides to
abandon their project, if they take it in a direction you or
the community don’t like, or if you submit improvements the
maintainer doesn’t accept, you are even free to create a
competing version of the software (forking) based on your
modified code.</p>
<h3>Privacy</h3>
<p>Privacy is perhaps a benefit that isn’t so obvious in free
software. Yet, one of the main effects of smartphone apps
being proprietary shareware is that they are funded by and
large by ads and directly or indirectly capture and share
your private data. This same approach often extends into
proprietary desktop applications as well.</p>
<p>Because PureOS is 100% free software, it doesn’t suffer
from these same privacy problems. Why? Besides the fact that
all software has to go through a rigorous acceptance process
before it is added to the OS, if a developer decided to
write software that benefited you while also violating your
privacy, you would be free to fork their code and remove the
privacy-violating bits.</p>
<p>Many proprietary phone apps hide their privacy-violating
features as well. After all, why exactly does a flashlight
application need full access to the Internet, your contact
list, your location, and your photos? In the free software
world, you could inspect such an application and confirm
whether they are actually capturing any of that data,
discover how they are using it, and disable or remove those
bits.</p>
<h3>Security</h3>
<p>The final area where free software provides a huge benefit
is in security. Supply chain security has started to be a
hot topic in the security world, for good reason, and <strong>you
cannot get better supply chain security than with free
software</strong>. While we’ve written about <a
href="https://puri.sm/posts/protecting-the-digital-supply-chain/">protecting
the digital supply chain</a> before in the context of how
we protect our products both in firmware and software, it’s
worth highlighting here where a free software OS provides
the biggest benefits.</p>
<p>At the initial level free software and proprietary software
use similar security measures to protect against supply
chain attacks. A software repository is owned by a limited
list of maintainers who control what source code and files
are allowed in the repository and approve all changes. Both
free and proprietary software developers these days
typically sign their code changes with a personal signature
verifying that the change came from them. When the software
gets packaged, that binary package is also typically signed
with a key owned by the company or software project so the
end user can verify that the package hasn’t been modified by
anyone else, before they install it.</p>
<p>Yet we have seen that supply chain attacks can bypass these
security measures most often by compromising build servers,
injecting malicious code into the binary package, and
getting it signed with official signatures so it looks
legitimate. While supply chain attacks do sometimes target
the source code itself, it’s rarer because it’s easier to
trace and more difficult to hide changes to the source code
long-term, even with proprietary software which has a
smaller group of people allowed to audit the code.</p>
<p>Free software adds an additional layer of supply chain
security that proprietary software simply can’t, due to the
freedom of the code. While an attacker can try to sneak
malicious code into the source code itself, it’s much more
challenging to hide that code long-term, given that code
changes are not only audited by the software maintainers
themselves, but any interested third party as well as
security researchers and even regular end users. While some
security researchers are just as comfortable auditing
binaries as source code, for many it’s a lot easier and
faster to audit code for backdoors when the code is freely
available.</p>
<p>Finally, free software has a gigantic advantage over
proprietary software in supply chain security due to <a
href="https://reproducible-builds.org/">Reproducible
Builds</a>. With Reproducible Builds you can download the
source code used to build your software, build it yourself,
and compare your output with the output you get from a
vendor. If the output matches, you can be assured that no
malicious code was injected somewhere in the software supply
chain and it 100% matches the public code that can be
audited for back doors. Because proprietary software can’t
be reproducibly built by third parties (because they don’t
share the code), you are left relying on the package
signature for all your supply chain security.</p>
<h3>Conclusion</h3>
<p>We are proud of PureOS’s Free Software Foundation
endorsement, not only because we spent a lot of effort to
get it, because we believe in free software, or because of
our <a href="https://puri.sm/about/social-purpose/">Social
Purpose Corporation charter</a>, but also because we
believe free software directly benefits our customers and
society at large and that is why our laptops, PCs, servers
and phones all ship with PureOS.</p>
</div>
</div>
<div class="white-wrapper">
<div class="main-wrapper">
<h2>Phosh Overview</h2>
<p><a href="https://honk.sigxcpu.org/con/phosh_overview.html">phosh</a>
is graphical shell for mobile, touch based devices like
smart phones. It’s the default graphical shell on Purism’s <a
href="https://puri.sm/products/librem-5/">Librem 5</a>
(and that’s where it came to life) but projects like <a
href="https://wiki.postmarketos.org/wiki/Phosh">Postmarket
OS</a>, <a
href="https://wiki.mobian-project.org/doku.php?id=intro">Mobian</a>
and <a href="https://packages.debian.org/sid/phosh">Debian</a>
have picked it up putting it into use on other devices as
well and contributing patches.</p>
<p>This post is meant as a short overview how things are tied
together so further posts can provide more details.</p>
<h3>A PHone SHell</h3>
<p>As mobile shell phosh provides the interface components
commonly found on mobile devices to:</p>
<ul>
<li>launch applications</li>
<li>switch between running applications and close them</li>
<li>lock and unlock the screen</li>
<li>display status information (e.g. network connectivity,
battery level)</li>
<li>provide quick access to things like torch or Bluetooth</li>
<li>show notifications</li>
</ul>
<img
src="https://puri.sm/wp-content/uploads/2020/12/phosh-1.png"
alt="Phosh">
<p>It uses <a href="https://en.wikipedia.org/wiki/GObject">GObject</a>
object system and <a
href="https://en.wikipedia.org/wiki/GTK">GTK</a> to build
up the user interface components. Mobile specific patterns
are brought in via <a
href="https://gitlab.gnome.org/GNOME/libhandy">libhandy</a>.</p>
<p>Since phosh is meant to blend into <a
href="https://www.gnome.org/">GNOME</a> as seamlessly as
possible it uses the common interfaces present there via <a
href="https://en.wikipedia.org/wiki/D-Bus">D-Bus</a> like
<code>org.gnome.Screensaver</code> or <code>org.gnome.keyring.SystemPrompter</code>
and retrieves user configuration like keybindings via <a
href="https://developer.gnome.org/GSettings/">GSettings</a>
from preexisting schema.</p>
<p>The components of a running graphical session roughly look
like this:</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/phosh-session.png"
alt="Phosh Session">
<p>The blue boxes are the very same found on GNOME desktop
sessions while the white ones are currently only found on
phones.</p>
<p><a href="https://source.puri.sm/Librem5/feedbackd">feedbackd</a>
is explained quickly: It’s used for providing haptic or
visual user feedback and makes your phone rumble and blink
when applications (or the shell) want to notify the user
about certain events like incoming phone calls or new
messages. What about phoc and squeekboard?</p>
<h3>phoc and squeekboard</h3>
<p>Although some stacks combine the graphical shell with the
display server (the component responsible for drawing
applications and handling user input) this isn’t the case
for phosh. phosh relies on a <a
href="https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)">Wayland</a>
compositor to be present for that. Keeping shell and
compositor apart has some advantages like being able to
restart the shell without affecting other applications but
also adds the need for some additional communication between
compositor and shell. This additional communication is
implemented via Wayland protocols. The Wayland compositor
used with phosh is called <a
href="https://source.puri.sm/Librem5/phoc"><em>phoc</em></a>
for <em>PHone Compositor</em>.</p>
<p>One of these additional protocols is <a
href="https://github.com/swaywm/wlr-protocols/blob/master/unstable/wlr-layer-shell-unstable-v1.xml">wlr-layer-shell</a>.
It allows the shell to reserve space on the screen that is
not used by other applications and allows it to draw things
like the top and bottom bar or lock screen. Other protocols
used by phosh (and hence implemented by phoc) are <a
href="https://github.com/swaywm/wlr-protocols/blob/master/unstable/wlr-output-power-management-unstable-v1.xml">wlr-output-management</a>
to get information on and control properties of monitors or
<a
href="https://github.com/swaywm/wlr-protocols/blob/master/unstable/wlr-foreign-toplevel-management-unstable-v1.xml">wlr-foreign-toplevel-management</a>
to get information about other windows on the display. The
later is used to allow to switch between running
applications.</p>
<p>However these (and other) Wayland protocols are not
implemented in phoc from scratch. phoc leverages the <a
href="https://github.com/swaywm/wlroots">wlroots</a>
library for that. The library also handles many other
compositor parts like interacting with the video and input
hardware.</p>
<p>The details on how phoc actually puts things up on the
screen deserves a separate post. For the moment it’s
sufficient to note that phosh requires a Wayland compositor
like phoc.</p>
<p>We’ve not talked about entering text without a physical
keyboard yet – phosh itself does not handle that either. <a
href="https://source.puri.sm/Librem5/squeekboard">squeekboard</a>
is the on screen keyboard for text (and emoji) input. It
again uses Wayland protocols to talk to the Wayland
compositor and it’s (like phosh) a component that wants
exclusive access to some areas of the screen (where the
keyboard is drawn) and hence leverages the <em>layer-shell</em>
protocol. Very roughly speaking it turns touch input in that
area into text and sends that back to the compositor that
then passes it back to the application that currently gets
the text input. squeekboard’s main author dcz has some more
details <a
href="https://dcz_self.gitlab.io/posts/input_method/">here</a>.</p>
<h3>The session</h3>
<p>So how does the graphical session in the picture above come
into existence? As this is meant to be close to a regular
GNOME session it’s done via <a
href="https://gitlab.gnome.org/GNOME/gnome-session">gnome-session</a>
that is invoked somewhat like:</p>
<pre><code>
phoc -E 'gnome-session --session=phosh'
</code></pre>
<p>So the compositor <em>phoc</em> is started up, launches <em>gnome-session</em>
which then looks at <em>phosh.session</em> for the
session’s components. These are <em>phosh</em>, <em>squeekboard</em>
and <em>gnome-settings-daemon</em>. These then either
connect to already running services via D-Bus (e.g.
NetworkManager, ModemManager, …) or spawn them via D-Bus
activation when required (e.g. feedbackd).</p>
<h3>Calling conventions</h3>
<p>So when talking about phosh it’s good to keep several
things apart:</p>
<ul>
<li>phosh – the graphical <em>shell</em></li>
<li>phoc – the <em>compositor</em></li>
<li>squeekboard – the <em>on screen keyboard</em></li>
<li>phosh.session: The <em>session</em> that ties these and
GNOME together</li>
</ul>
<p>On top of that people sometimes refer to ‘Phosh’ as the
software collection consisting of the above plus more
components from GNOME (<em>Settings</em>, <em>Contacs</em>,
<em>Clocks</em>, <em>Weather</em>, <em>Evince</em>, …) and
components that currently aren’t part of GNOME but adapt to
small screen sizes, use the same technologies and are needed
to make a phone fun to use e.g. <em>Geary</em> for email, <em>Calls</em>
for making phone calls and <em>Chats</em> for SMS handling.</p>
<p>Since just overloading the term Phosh is confusing <em>GNOME/Phosh
Mobile Environment</em> or <em>Phosh Mobile Environment</em>
have been <a
href="https://salsa.debian.org/DebianOnMobile-team/meta-phosh/-/blob/debian/master/debian/control">used</a>
to describe the above collection of software and I’ve
contacted GNOME on how to name this properly, to not
infringe on the GNOME trademark but also give proper credit
and hopefully being able to move things upstream that can
live upstream.</p>
<p>That’s it for a start. phosh’s development documentation
can be browsed <a
href="https://honk.sigxcpu.org/projects/phosh/docs/">here</a>
but is also available in the <a
href="https://source.puri.sm/Librem5/phosh">source code</a>.</p>
<p>Besides the projects mentioned above credits go to <a
href="https://puri.sm/">Purism</a> for allowing me and
others to work on the above and other parts related to
moving Free Software on mobile Linux forward.</p>
</div>
</div>
<div class="black-wrapper">
<div class="main-wrapper dark-mode">
<h2>App Showcase: Animatch</h2>
<p>Animatch is a fun, easy to install app on the Librem 5. Pop
open the PureOS store and install.</p>
<video controls="controls"> <source
src="https://videos.puri.sm/promo/Animatch.mp4?_=1"
type="video/webm"> Sorry, your client doesn't seem to
support embedded videos. View the video <a
href="https://videos.puri.sm/promo/Animatch.mp4?_=1">directly
here</a></video>
<p>Each subsequent level is more difficult, changing the shape
of the board and adding additional items into the game.</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/2020-12-21-095032.png"
alt="Animatch">
<p>Like all our software, this is install-able on a Desktop as
well as completely open for you to <a
href="https://gitlab.com/HolyPangolin/animatch/-/blob/master/COPYING">modify
share, or reuse</a>.</p>
</div>
</div>
<div class="white-wrapper">
<div class="main-wrapper">
<h2>App Showcase: Lollypop</h2>
<p>Within the PureOS Store, you can easily install Lollypop, a
desktop music player that has been adapted for use on the
go. Simply put your music in ~/Music and start the app.</p>
<video controls="controls"> <source
src="https://videos.puri.sm/promo/lollypop2.mp4?_=1"
type="video/webm"> Sorry, your client doesn't seem to
support embedded videos. View the video <a
href="https://videos.puri.sm/promo/lollypop2.mp4?_=1">directly
here</a></video>
<p>Like most music players, you can select a category like,
genres, artists, and albums, but you get the extra bonus of
being able to use the desktop features like Audio
Scrobbling.</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/2020-12-21-120453.png"
alt="Lollypop">
<p>Cut out the ads, and keep the music playing, try out <a
href="https://wiki.gnome.org/Apps/Lollypop">Lollypop</a>
today.</p>
</div>
</div>
<div class="grey-wrapper">
<div class="main-wrapper">
<h2>App Showcase: Backups</h2>
<p><a href="https://wiki.gnome.org/Apps/DejaDup">Déjà Dup</a>
is the recommended way to backup your data on all Librem
hardware. It allows you to schedule backups or restore past
backups.</p>
<video controls="controls"> <source
src="https://videos.puri.sm/promo/bk.mp4?_=1"
type="video/webm"> Sorry, your client doesn't seem to
support embedded videos. View the video <a
href="https://videos.puri.sm/promo/bk.mp4?_=1">directly
here</a></video>
<p>Before you run a backup, you’ll need to set up somewhere
for the backup to go. In most cases, that will be an
internal SD card. FAT32 will work for backups but is not
ideal because it lacks support for large files. Likewise,
larger SDs come with an NTFS partition, which is not
suitable for use with PureOS. The solution is to reformat
your SD with EXT4. Install Gparted and you’re off.</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/gparted-1.png"
alt="Backups View">
<p>With an SD card installed and formatted, you can open the
backups app, and select the files you want and don’t want to
be backed up, then start a backup.</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/backing_up.png"
alt="Encrypted Passwords">
<p>Restoring after a backup is straightforward and intuitive.
Select the backup by date and let the restore begin.</p>
<img
src="https://puri.sm/wp-content/uploads/2020/12/restoring.png"
alt="Restoring">
<p>If you run into issues starting GParted. Try applying this
workaround:</p>
<pre><code>
sudo apt install x11-xserver-utils
DISPLAY=:0 xhost +SI:localuser:root
</code></pre>
<p>As the video pointed out, you may also need to install
python-gobject if you see the error: No module named
gi.repository.</p>
<pre><code>
sudo apt install -y python-gobject
</code></pre>
</div>
</div>
<div class="black-wrapper">
<div class="main-wrapper dark-mode">
<h2>App Showcase: Password Safe</h2>
<p>Using strong passwords is a good way to help protect your
accounts. On the Librem 5, we recommend you use <a
href="https://gitlab.gnome.org/World/PasswordSafe">Password
Safe</a> to keep track of and generate better passwords.</p>
<video controls="controls"> <source
src="https://videos.puri.sm/promo/pass_safe2.mp4?_=1"
type="video/webm"> Sorry, your client doesn't seem to
support embedded videos. View the video <a
href="https://videos.puri.sm/promo/pass_safe2.mp4?_=1">directly
here</a></video>
<p>Password safe is compatible with Keypass databases, this
helps make the switch simple if you're already using a
password manager.</p>
<p>Own and manage your own keys, on your own hardware.</p>
</div>
</div>
<footer class="align-center"> <img
src="https://puri.sm/wp-content/themes/wp-purism/images/brand.svg"
alt="Purism">
<p>Thanking you for your support,<br>
— the Purism team <span>(feedback at puri.sm)</span></p>
<hr>
<p>Note: contents of this email are CC-by-SA; feel free to
forward it to friends!</p>
<p><i>To remove yourself from our announcements list, simply
email <a href="mailto:announce-leave@announce.puri.sm">announce-leave@announce.puri.sm</a>
and you will automatically be instructed how to unsubscribe.</i></p>
</footer>
</p>
</body>
</html>