37c3/FOSDEM 2024: Add Wordpress link, move CommonMark file.

The existing CommonMark file was moved in the place where the
html would be converted to CommonMark. When running 'make markdown',
this avoids silently having two similar files under different names in
the markdown directory.

Instead any modifications of the file would show up in git and could
be caught by humans more easily.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

1 files changed, 475 insertions, 0 deletions

diff --git a/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md b/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md
new file mode 100644
index 0000000..6706e81
--- /dev/null
+++ b/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md
@@ -0,0 +1,475 @@
+authors: dllud, GNUtoo
+tags: Replicant news, dllud, GNUtoo
+date: 2024-03-01T17:55:10+00:00
+title: Replicant status and report of the 37C3 and FOSDEM 2024 conferences.
+licenses: CC-BY-3.0 OR CC-BY-4.0
+---
+
+Replicant current status:
+=========================
+The last Replicant release is still based on Android 6.0.
+
+In the previous years, a lot of work was done to make the Galaxy SIII
+(GT-I9300) usable with an upstream kernel, both on graphics and on the
+modem.
+
+While working on this report we also found that the removal of 3G
+networks was more a serious problem than we originally understood.
+
+As we understand from [the Wikipedia article on
+2G](https://en.wikipedia.org/wiki/2G#Past_2G_networks), GSM networks
+are also being removed in Europe as well (where most Replicant users
+probably reside). If somehow we understood it wrong please
+contact us on the Replicant mailing list as this has big implications
+for Replicant.
+
+This means that none of the currently supported devices will continue
+to work on non-community networks in most areas of the world.
+
+About a year ago, the current Replicant maintainer talked with
+someone that knows well European regulations and that person told him
+that there was no chance to stop 3G from being removed (for instance
+through legal activism) due to the low number of users still using
+3G. Since we didn't ask about GSM at the time, we have no idea if that
+can be blocked or not or how much effort that requires.
+
+In any case it means that the only way forward for Replicant is to
+make sure it (also) supports devices that work on 4G networks.
+
+Furthermore such devices should also have VoLTE (Voice over 4G
+networks) ; otherwise, although they would be able to get Internet over
+4G networks, they could not to make regular calls or send SMS.
+
+Unfortunately even the Galaxy SIII 4G (GT-I9305) which is a Galaxy
+SIII (GT-I9300) with a different modem doesn't support VoLTE. So we
+cannot reuse most of the Replicant work we did.
+
+Even if in some areas of the world (like some European countries), the
+devices currently supported will continue to work for very few years,
+and there was a big amount of work done to make these devices
+usable with more recent Android versions, a lot more work is needed to
+make that work usable daily (making power management work, debugging
+complex issues, etc).
+
+The majority of recent devices (like newer Samsung smartphones) have
+too many freedom issues, making them unsuitable for Replicant.
+
+Remains the PinePhone:
+
+- The hardware already works under GNU/Linux.
+
+- The battery life (in hours) is now almost good enough. Furthermore,
+  it is possible to buy an additional keyboard that has a builtin
+  battery to extend it more.
+
+- There is an Android distribution (GloDroid) that supports the
+  PinePhone. It has some usability issues that need to be fixed: modem
+  disappearing on some models, no cellular data, no modem isolation,
+  etc.
+
+The PinePhone Pro and Librem 5 could also be supported but they are
+not high priority right now due to incomplete power management
+(PinePhone Pro) and high cost (Librem 5).
+
+In light of this, the current Replicant maintainer applied for funding
+through NLnet (again) to fix some of the PinePhone's issues and
+support it in Replicant. This application was accepted but he ended up
+being sidetracked by another project instead of working on that.
+
+He got involved in what became GNU Boot and planned to have the
+project in good state by the end of the last summer, in the hope
+the work could be reused to ship a bootloader for the PinePhone
+in the next Replicant version.
+
+See the [GNU Boot 0.1 RC3
+announcement](https://www.gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html)
+and the [NLnet funding
+application](https://git.replicant.us/contrib/GNUtoo/documentation/documents/tree/NLnet/porting_replicant_to_android9)
+for more details.
+
+Unfortunately the work on GNU Boot took way longer than anticipated,
+being unfinished yet. Because of that the work on the PinePhone didn't
+even start.
+
+In addition to that, the main Replicant maintainer was also demotivated
+(he did a lot of work that turned out not to be that useful) and he
+thought that the project was poorly managed by him. He was trying
+to understand what went wrong and how to fix it. Going to the 37C3
+to find help was part of the fixing plan.
+
+Identified issues:
+==================
+Discussions between GNUtoo, dllud (both Replicant contributors) and
+several people we met during the 37C3 or on the train going to it
+converged to the same points and together we identified several
+issues:
+
+Replicant has not enough people:
+--------------------------------
+
+  - A diversity of profiles helps solving issues and not be stuck. It
+    also helps keeping the motivation as different people are good in
+    different areas and thus people can more easily work on what they
+    are good at and like to work on.
+
+  - We cannot expect a single person to take care of the community,
+    help new contributors, handle project management, keep
+    relationships with other communities, keep track of what work is
+    getting done elsewhere to improve collaboration, manage the
+    infrastructure (servers) and modernize it a bit, and at the
+    same time work on the code towards new releases. So far the
+    current maintainer has been switching from a set of tasks to
+    another but that didn't really work out.
+
+It's too difficult to contribute to Replicant:
+----------------------------------------------
+
+  - It requires computers that are not commonly available among
+    people: to build Replicant you need a lot of free space (200+
+    GiB), a fast internet connection to download more than 50
+    GiB, 32 GiB of RAM or more (for recent Android versions),
+    and sometimes run specific versions of distributions.
+
+  - It requires specific hardware like a Galaxy SIII (GT-I9300).
+    People can't help with commonly available emulators or single
+    board computers.
+
+  - There is extensive documentation but it's scattered around.
+    Documentation is also lacking for the tasks that are the most
+    important for Replicant (porting Replicant to newer Android
+    versions). Though we can also have people helping new contributors
+    again to compensate for documentation issues.
+
+  - We have a list of tasks and required skills for them
+    but we lack information about the importance of the tasks. We also
+    need to organize a bit how to assign tasks to people according to
+    their skills and will. We were also advised to break the important
+    tasks in more details.
+
+Plan forwards:
+==============
+
+Very short terms plans:
+-----------------------
+
+  - Write this report: As we were not always discussing with the same
+    people at the conference this should help us share information
+    between ourselves and also with all the people that helped
+    Replicant at the conference, to better organize the next steps.
+
+  - Setup a Replicant meeting online at a fixed time, on IRC/Big blue
+    button/Jitsi/Mumble. If new people come we would do a short
+    introduction and people would present themselves (especially what
+    they are interested in).
+
+  - Re-run the call for the Community Manager. We will run almost the
+    same call as before so the work will be less than last time. We
+    will be looking for a candidate that can do a subset of the tasks
+    in the call. As we were told multiple times that "Community
+    Manager" was not describing the job well, we are also looking for
+    a better term but so far no one found one that would feel right.
+
+  - Amend the NLnet proposal to include GNU Boot work as well to
+    solve our dilemma.
+
+Medium term plans:
+------------------
+  - Find a way to get a build server. A KGPE-D16 would be a good
+    idea. The FSF can probably buy it and host it for us.
+
+  - Work on the PinePhone (and on GNU Boot as well).
+
+Long term plans:
+----------------
+
+While discussing with NLnet we were also told that it might be useful
+to collaborate more with DivestOS as part of our goals are
+similar. So we will need to evaluate again if there is enough
+proximity in our code to collaborate.
+
+In the past people from DivestOS were really helpful as they found
+nonfree software inside Replicant and reported it to us.
+
+Apart from that we don't have long term plans yet. Once we have a
+Replicant release that supports the PinePhone, we will need to decide
+where to go next.
+
+For instance we could support more devices, reduce the amount of work
+for adding support for newer Android versions, reduce the differences
+between GNU/Linux and Android, or simply keep Replicant up to date by
+supporting more recent Android versions with minimal work.
+
+Right now we also didn't spend much of the Replicant money and beside
+paying for a "Community Manager" we don't have precise plans yet.
+
+We have about $200 000 and so far we relied on funding from NLnet to
+bring Replicant back on track as it was easier not to mess up this
+way.
+
+Money goes away fast and spending it all in the wrong direction would
+prevent Replicant from using it to become more sustainable. Very few
+projects have an opportunity to use money to grow or achieve more.
+
+Instead most of the ones that want to grow and become (bigger)
+non-profits are stuck in a chicken and egg issue as they need more
+money (that they don't have) to achieve more, which in turn leads
+to a greater need for donations.
+
+As such, getting the project back on track before even starting to
+evaluate how to use the money to do big changes to the project seems
+a good idea, as many projects were destroyed after getting too
+much money and failing to properly use it.
+
+Other advices for medium/long term:
+-----------------------------------
+
+- One person also told us that businesses have interesting
+  methodologies like "tracer bullets" in Agile methodology, or
+  "Business model canvas" or some emotional approaches to tasks that
+  might be worth looking at as they can work for non-commercial
+  projects as well and can be adapted to a wide variety of cases.
+
+- One of the people we talked to insisted on the importance of
+  finding a good team and finding ways to divide tasks between
+  people. For that person it was also important to find people that
+  could work well together and that agreed on the same goal (to
+  avoid infightings).
+
+- We could also delegate more sysadmin work to the FSF: It would
+  require less time from our side without compromising on freedom and
+  with minimal extra work for the FSF sysadmins if we don't require
+  custom things.
+
+- We were also warned that delegating tasks among ourselves still
+  require time to organize. According to that person, in many cases
+  if a person delegates a task, only 50% of the time is saved.
+
+Other area of work:
+===================
+
+Android SDK:
+------------
+
+The main advantage of Replicant over other GNU/Linux distributions
+certified by the FSF is that it can run Android applications, but that
+is only relevant if there are 100% free software Android applications.
+
+Somewhat recently we found out that it was no longer possible to know
+if Android applications shipped by F-Droid are really free, as F-Droid
+now uses the nonfree Google SDK to build the applications. As such we
+don't know if they build with another SDK on FSF certified GNU/Linux
+distributions. We want to help fix that to make sure the solution
+really suits our needs.
+
+If there were fully free drop-in replacement SDKs that also build on
+a 100% free distributions, that issue could be fixed for both F-Droid
+and Replicant. F-Droid may have further requirements as they probably
+have higher security demands than Replicant. For instance, they
+probably won't like to depend on the (free software) binaries shipped
+in the SDK source code that are used to build it, and would rather
+build everything from source.
+
+In the times of Replicant 4.2 (based on Android 4.2) Replicant
+produced its own SDK. After that several GNU/Linux distributions
+(Debian and some Debian derivatives) started shipping a fully free SDK
+for Android 6.0 so Replicant stopped producing newer SDKs.
+
+Nowadays Debian and PureOS still package an Android 6.0 SDK but don't
+support more recent versions of Android. They also don't support the
+NDK that supports languages like C. F-Droid probably used these SDKs
+for a while, specially because they are completely built from source
+from well known distribution(s), but many Android applications don't
+build anymore with these old SDKs.
+
+After that, free SDKs for various Android versions started being
+released at https://android-rebuilds.beuc.net, but the main author of
+this work at some point moved on.
+
+After that several people tried to continue that work somehow and
+published source code that can build SDKs but none published the SDK
+binaries.
+
+In the GNU 40 conference in Switzerland, the current Replicant
+maintainer met the person behind SDK rebuilds (beuc.net) and also
+someone interested in giving resources (like server space) to build an
+SDK.
+
+In the 37C3 we met additional people:
+
+- Starfish, that wrote potentially 100% free Android applications and
+  that also publishes source code to build a free Android SDK. His
+  applications build with this free SDK.
+
+  Starfish doesn't publish binaries in order to avoid dealing with
+  license compliance in case something is wrong in the SDK binaries.
+  Replicant is happy to do that.
+
+  Starfish can also accept contributions and bug reports for
+  supporting FSF certified GNU/Linux distributions and for removing
+  nonfree software from the SDK if any if found.
+
+  As a bonus we also reviewed the applications that Starfish wrote
+  so if the SDK works on 100% free distributions we'll also have 100%
+  free applications to promote to people without any freedom caveats.
+
+- Another person (wizzard) jumped in to automatize the builds, making
+  them run unattended on each new release.
+
+So thanks to all these people everything is now in motion to get the
+SDK problem fixed once for good and in a better way than before: one
+that makes sure people can actually build Android applications with
+100% free software.
+
+Conferences:
+============
+
+At the 37C3 we managed to understand Replicant issues and a way
+forward probably because we started discussing the project issues in
+advance, which allowed just enough understanding to be able to ask for
+help. If we didn't do that we probably would not have managed to get
+help that is that useful.
+
+37C3 talks and interesting people:
+----------------------------------
+
+While we (GNUtoo, dllud, and the people that helped us) did a lot at
+the congress (and even too much since we missed our own lightning
+talk due to too much cognitive load) at the end we managed to
+achieve the most important goal: finding a path forward for Replicant.
+
+Alongside our main goal of putting the project back on track, we
+found time to host a variety of talks and events:
+
+- We had an [official Replicant
+  assembly](https://events.ccc.de/congress/2023/hub/en/assembly/replicant/)
+  where people could meet us.
+
+- We did [a presentation named Smartphones freedom status in
+  2023](https://events.ccc.de/congress/2023/hub/en/event/smartphones-freedom-status-in-2023/)
+  which looked at smartphone hardware and operating systems available
+  in 2023. It wasn't recorded. The slides are available as
+  [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Smartphones_freedom_status_2023.pdf)
+  and [source
+  code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Smartphones_freedom_status_2023?id=628319ae80491328b85958159e4511156fe20bc9).
+
+  At the end of the presentation, after the questions, we also got
+  some feedback:
+
+  - We were told that there are more applications for GNU/Linux that
+    work on smartphones than what we assumed. They are referenced in
+    https://linuxphoneapps.org and they also list applications
+    available in [PureOS landing](https://linuxphoneapps.org/packaged-in/pureos-landing/)
+    (a rolling release version of PureOS) and
+    [Guix](https://linuxphoneapps.org/packaged-in/gnuguix/). Still
+    they probably have less applications available than on F-Droid but
+    things are progressing in the right direction.
+
+- We also did a talk [presenting the Replicant as part of the Critical Decentralization Cluster](https://events.ccc.de/congress/2023/hub/en/event/cdc-critical-decentralization-cluster-cluster-reco/).
+  Unfortunately it wasn't recorded due to a technical issue, but we
+  [re-did it again the day after on a longer format](https://events.ccc.de/congress/2023/hub/en/event/introduction-to-replicant/).
+  The slides [source code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_introduction?id=628319ae80491328b85958159e4511156fe20bc9)
+  and [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Replicant_introduction.pdf)
+  are available.
+
+- We did a [presentation on the status of Replicant](https://events.ccc.de/congress/2023/hub/en/event/replicant-struggle-past-and-present-successes-and-/).
+  It wasn't recorded so if you want to know what was said, [the slides are available](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.pdf?id=628319ae80491328b85958159e4511156fe20bc9),
+  but you also need to read the [presentation.txt](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.txt?id=628319ae80491328b85958159e4511156fe20bc9)
+  to understand it.
+
+- As a follow up to the presentation on the status of Replicant, we
+  also had [a meetup on the last day](https://events.ccc.de/congress/2023/hub/en/event/replicant-meetup/)
+  where we had discussions with the people attending the talk.
+
+- We met someone repurposing smartphones who told us that on some
+  Samsung smartphones/tablets, erasing the PARAM partition (with
+  dd if=/dev/zero) sometimes removes restrictions that prevent
+  the phone from booting custom distributions.
+
+- Among those helping us, there was someone interested in using
+  Replicant for education. The most problematic issue found is
+  that the current requirements to work on Replicant are too
+  much for students. Supporting single board computers or emulators
+  would be a first step to help here. In general this would help
+  finding new contributors.
+
+OFFDEM / FOSDEM 2024:
+---------------------
+
+The main maintainer of Replicant had already planned to go to an event
+of [OFFDEM](https://oxygen.offdem.net/pub/offdem-ourstory) (an
+alternative conference to FOSDEM) on Friday night, and also to FOSDEM
+2024 on Saturday and Sunday. Train tickets were already bought before
+Replicant took the decision to go to the 37C3, so he kept the plan.
+
+As expected it was not as useful as the 37C3 for Replicant (it was way
+more useful for GNU Boot) but still some interesting things happened:
+
+- He met Hans-Christoph Steiner from F-Droid and explained the status
+  on having a fully free Android SDK. He detailed our work to provide
+  binaries by setting up an automated build system that reuses
+  [the maintained scripts to build the SDK](https://codeberg.org/Starfish/SDK-Rebuilds)
+  and that runs on a FSF certified distribution (Trisquel) to make
+  this solution also work for Replicant.
+
+- He was introduced to people working on CalyxOS by Michiel from
+  NLnet.
+
+  Before that he thought that CalyxOS was deeply problematic because
+  even if on paper CalyxOS had the same freedoms as LineageOS, its
+  security system removed users control of the devices (users don't
+  have root, etc) and didn't have access to their data.
+
+  But in reality CalyxOS [uses SeedVault](https://calyxinstitute.org/projects/seedvault-encrypted-backup-for-android),
+  a backup application that enables users to backup their data and
+  restore it on any other distribution that may not have the same
+  security model. SeedVault is also used by most Android distributions.
+  It is therefore a good idea to see how it can be integrated into
+  Replicant, as it seems to be made with user's empowerment in mind. It can
+  backup data (encrypted) to an USB key, so users don't need a server or
+  external services.
+
+  In addition he was told by a CalyxOS contributor that it is
+  relatively simple for users to build CalyxOS with their own keys,
+  and so be in full control of the device.
+
+  He was also told that newer Android versions don't need [F-Droid
+  privilege extension](https://gitlab.com/fdroid/privileged-extension)
+  anymore due to the inclusion of an API for stores inside recent
+  Android versions (thanks to some European regulations).
+
+- He met someone who is working on understanding the European
+  regulations that aim to standardize digital identity
+  papers and the way to store it. He already met that person at the
+  37C3 but this time there was more understanding and more time to
+  discuss the issue more in depth. The regulation has requirements for
+  smartphones so it will most likely affect smartphones distributions
+  that use free software drivers (like Replicant, various GNU/Linux
+  distributions, etc.). If done wrong, it would prevent free
+  software users from storing their identity papers in their
+  smartphones with free software (for instance because it could be
+  stored "securely" in areas of the phone inaccessible to users and
+  free software). One of the issue is that this person looks for help
+  to understand the technical parts, and also for some associations to
+  help in the fight to modify the laws to fit free software. Since
+  Replicant has very little time to look at this now, he referred her
+  to the Osmocom project that already analyzes somewhat similar
+  designs like eSIM.
+
+- He also met with Tiberiu from Technoethical, a shop that sells FSF
+  certified hardware and Replicant compatible smartphones (that aren't
+  certified by the FSF due to nonfree bootloaders and other
+  issues). Technoethical will be negatively affected by Replicant's
+  decision to drop support for the current Samsung phones in future
+  versions, as PinePhone will become the major focus.
+
+- The main maintainer of Replicant also met with Paul
+  Kocialkowski. Before that meeting he thought that on GNU/Linux the
+  [eg25-manager program](https://gitlab.com/mobian1/eg25-manager) for
+  the PinePhone only did simple things like setting up udev rules and
+  had simple hacks to make the modem work fine. He thought that
+  all stability issues were to be handled by Modem Manager.
+  However the EC 25 Manager may also be monitoring the modem
+  and restarting it when it crashes. This could explain modem
+  stability issues with Android/GloDroid on PinePhones with 3GiB of
+  RAM. The fix may be to port/reimplement that feature to make this
+  model usable.