From the Browser to the Bloodstream

When a company collapses, its debts and assets are tallied, auctioned, and parceled out. But what happens when the “asset” in question is your very biology? That’s the question millions of 23andMe customers now face in the wake of the company’s bankruptcy.

The post From the Browser to the Bloodstream appeared first on Purism.

Dialing Back to Move Forward: Why the Landline Revival Signals a Future for Privacy

On September 30, 2025, The Washington Post reported a quiet trend in Washington, D.C.: the return of landline phones among officials and journalists seeking refuge from the omnipresent surveillance of smartphones. In a recent story, NBC News spotlighted parents in Maine and Seattle who are reviving landlines for their children—creating “landline pods” so kids can connect without the addictive pull of screens or the predatory reach of social media platforms.

The post Dialing Back to Move Forward: Why the Landline Revival Signals a Future for Privacy appeared first on Purism.

Who Owns Your Digital Self?

The lawsuits now circling Apple are not just about stolen phones. They are about stolen selves—stolen data, stolen memories, stolen identities.

The post Who Owns Your Digital Self? appeared first on Purism.

Use of Generative AI in Scams

New report: “Scam GPT: GenAI and the Automation of Fraud.”

This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.

AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and...

A terminal for operating clouds: administering S3NS with image-based NixOS (asg2025)

S3NS is a trusted cloud operator that self-hosts Google Cloud infrastructure in France, targeting the SecNumCloud certification, the most stringent Cloud certification framework. SecNumCloud includes strict legal and operational constraints. To manage these systems securely and reproducibly, we’ve built a family of dedicated administration terminals based on the image based philosophy. These terminals rely on NixOS semantics and draw from the ParticleOS ecosystem: systemd-repart, and dm-verity, ensuring atomic updates, full immutability of the Nix store, and verifiable integrity of the boot chain and runtime system (measured boot), while using remote attestations by TPM2 when...

Shipping Flatpak applications with an image based system (asg2025)

Flatpak is the de-facto standard for distributing desktop applications across various Linux based systems. It also offers other advantages such as sandboxing. It is particularly useful for image based systems as it installs the applications into a separate location and doesn't try to modify the system. GNOME OS is GNOME's development, testing and QA operating system. It builds the latest and greatest in-development versions of the GNOME desktop and core applications. It is also Linux based system that tries to fully embrace the systemd ecosystem. The applications are however built into the system. While this might...

Closing session of All Systems Go! 2025 (asg2025)

Closing session of All Systems Go! 2025 Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/DR8ELH/
Video:asg2025-383-eng-Closing_session_of_All_Systems_Go_2025_hd.mp4

UKI, composefs and remote attestation for Bootable Containers (asg2025)

With Bootable Containers (bootc), we can place the operating system files inside a standard OCI container. This lets users modify the content of the operating system using familiar container tools and the Containerfile pattern. They can then share those container images using container registries and sign them using cosign. Using composefs and fs-verity, we can link a UKI to a complete read only filesystem tree, guaranteeing that every system file is verified on load. We integrate this in bootc by creating a reliable way to turn container images into composefs filesystem trees, and then including...

pidfd: What have we been up to? (asg2025)

File descriptors for processes on Linux have been available for quite some time now. Userspace has adapted them widely. Over the last two years or so we've extended the abilities of pidfds significantly. This talk will go over all the new features and deep dive into their implementation and usage. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2025/talk/3BMJVH/
Video:asg2025-381-eng-pidfd_What_have_we_been_up_to_hd.mp4

Yocto's hidden gem: OTA and seamless updates with systemd-sysupdate (asg2025)

Updates are a critical piece of managing your fleet of devices. Nowadays, Yocto-based distributions can utilize layers for well-established update mechanisms. But, did you know that recent releases of Yocto already come with a simple update mechanism? Enter systemd-sysupdate: a mechanism capable of automatically discovering, downloading, and installing A/B-style updates. By combining it with tools like systemd-boot, we can turn it into a comprehensive alternative for common scenarios. In this talk, we will briefly introduce systemd-sysupdate, show how it can be integrated with your Yocto distribution, and share thoughts on how it can be improved further. Licensed to...