Is there any document where they describe how their focus on security shapes pureOS? I'm seeing stuff like bundling some add-ons for the browser, and kernel patches.
In my mind, securing users in 2018 means to have a decent password manager with an up-to-date browser, make sure that apps are sandboxed and prohibit the browser from accessing all my user's files. Do they tackle this?
Edit: Sorry, I realized you were only asking about the OS after making this post. Feel free to ignore.
I think it looks like an interesting project and will buy one. I especially like the hardware kill switches.
>Here are some benefits and key differentiators of the Librem 5, the world’s first ever IP-native mobile handset and the only user-respecting mobile phone product offering on the market:
- Privacy protection by default, instead your profile and data being products sold to the highest bidder.
- Does not use Android or iOS. The Librem 5 comes with the mobile version of our FSF-endorsed operating system PureOS by default, and is expected to be able to run most GNU+Linux distributions.
- CPU separate from baseband, isolating the blackbox that the modem may represent and allowing us to seek hardware certification of the main board by the Free Software Foundation.
- Hardware Kill Switches for camera, microphone, WiFi/Bluetooth, and baseband.
- End-to-end encrypted decentralized communications via Matrix over the Internet.
-We also intend the Librem 5 to integrate with the Librem Key security token in the future.
> I don't particularly see the point of kill switches when you trust the software.
In my view it's two things: 1. It's defense in depth. No one person will ever be able to review every single line of code running their device, but anyone can crack open the case (and/or check the open schematics) and verify that flicking the switch kills the microphone. And 2. The baseband still has proprietary code running it that you can't verify so the only reasonable thing you can do to it is power it down.
I'm excited for kill switches, mostly the baseband one. Cell providers sell real time location data. I will be happy knowing that my phone is doing no communication when I want it to.
No it's the other way round; with 61 MSPS sampling rate, the theoretical maximum bandwidth is 61 MHz, so they stay below.
[edit]
If you're missing the factor two, as in "sampling frequency must be twice the maximum signal frequency", the keyword is complex sampling. With complex signals, the sampling theorem is "sampling frequency must be greater than the maximum signal frequency".
[edit2]
I don't want to make anybody read about sampling. So we have a real signal - we're in the real world - and suddenly there's a complex signal? You basically fork the signal, and delay one signal path by half the clock period. You can then sample both signals at the same time, and collect the data you would get when sampling with the double frequency. Because we sample two signals, we store two samples at a time. One we call the real signal, one the imaginary -- and there we got our complex signal.
Yeah, the BladeRF uses an AD9361[1] as the transceiver, which features a pair of ADCs per channel, of which there are two (so, a total of 4 ADCs and 4 DACs in the package). It's got a bunch of other convenient features like built-in PLLs both LO and baseband.
Yes you need to burn a SIM card, but that's it basically. srsLTE and other "homebrew" eNodeB software is standards-compliant and your smartphone will most likely connect.
In practice, you need to worry about legal restrictions -- you're not allowed to transmit on common LTE bands.
Not sure how this will actually look in the future. Is the office mobile network physically separated, or do you use the public network with special SIM cards that connect to a virtually separated mobile network?
One idea is that commercial installations rely on unlicensed spectrum (like 6Ghz) to transmit LTE. Check out MuLTEfire for this. As far as I know, there are no LTE base stations transmitting these frequencies available for purchase.
With 5G some countries have also taken into concern a more liberal spectrum policy, which could result in more mobile network operators. One idea follows is that the spectrum would be "oversold" by selling the same frequency to organizations tied to particular cities, for example.
Finally, there is the notion of virtual SIM cards. And as far as I know, alternatively you could also just hack the LTE server to accept each incoming connection (with any SIM) and use a challenge after the Internet connection is established, and then just kick out any device which doesn't send the magic packet.
Yeah, the idea was to use ISM band. The problem was finding MTs that supported these bands. The LTE base station was much easier.
I was hoping 5G had taken this use case into account, and thought to optimize for those bands, or alternatively allow for use of 60 GHz, or something where i can get a local license for usage of that band.
You cannot accept unknown SIM cards due to mutual authentication -- the provider must know the shared secret that is burned into the SIM.
You can achieve network separation APNs, so there is no need for such a hack.
The question I have in mind is: Does your office advertise it's own PLMN with WiFi-like equipment, or do you outsource your office wireless network to an established operator which handles authentication and provides a virtual, separate network?
Regarding your question, I recall reading a paper which compared both cases: the office owning the whole infrastructure, and one in which it is rented/outsourced to an established MNO. While the paper suggested that both use-cases are plausible, in practice your preference is likely to vary depending on local regulation and use-case (e.g. latency requirements etc.).
KDE offers the integration that I expect from a desktop. Plasma was way ahead of others, when it came to management of
* audio, including Bluetooth
* network
* display
Unfortunately, little care is taken on security.
KDE Wallet simply offers an API to all your passwords, without any separation. Users cannot tell which application just accessed the "wallet". Certificate warnings randomly pop up, asking for "yes" or "no" without any explaination. Plasma "integration" will ask you for full access to your Google account, but it is unclear what for. The calendar integration will require separate authentication -- to the calendar only.
I think Linux desktops were ahead of others, some years ago, but right now I struggle to recommend it to anyone.
In my mind, securing users in 2018 means to have a decent password manager with an up-to-date browser, make sure that apps are sandboxed and prohibit the browser from accessing all my user's files. Do they tackle this?