diff options
Diffstat (limited to 'markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md')
| -rw-r--r-- | markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md | 914 |
1 files changed, 454 insertions, 460 deletions
diff --git a/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md b/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md index 6706e81..7f3e9ce 100644 --- a/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md +++ b/markdown/2024_03_replicant-status-and-report-of-the-37c3-and-fosdem-2024-conferences.md @@ -1,475 +1,469 @@ -authors: dllud, GNUtoo -tags: Replicant news, dllud, GNUtoo date: 2024-03-01T17:55:10+00:00 title: Replicant status and report of the 37C3 and FOSDEM 2024 conferences. +authors: GNUtoo +tags: Replicant news, GNUtoo licenses: CC-BY-3.0 OR CC-BY-4.0 --- +# Replicant current status: -Replicant current status: -========================= The last Replicant release is still based on Android 6.0. In the previous years, a lot of work was done to make the Galaxy SIII -(GT-I9300) usable with an upstream kernel, both on graphics and on the -modem. - -While working on this report we also found that the removal of 3G -networks was more a serious problem than we originally understood. - -As we understand from [the Wikipedia article on -2G](https://en.wikipedia.org/wiki/2G#Past_2G_networks), GSM networks -are also being removed in Europe as well (where most Replicant users -probably reside). If somehow we understood it wrong please -contact us on the Replicant mailing list as this has big implications -for Replicant. - -This means that none of the currently supported devices will continue -to work on non-community networks in most areas of the world. - -About a year ago, the current Replicant maintainer talked with -someone that knows well European regulations and that person told him -that there was no chance to stop 3G from being removed (for instance -through legal activism) due to the low number of users still using -3G. Since we didn't ask about GSM at the time, we have no idea if that -can be blocked or not or how much effort that requires. - -In any case it means that the only way forward for Replicant is to -make sure it (also) supports devices that work on 4G networks. - -Furthermore such devices should also have VoLTE (Voice over 4G -networks) ; otherwise, although they would be able to get Internet over -4G networks, they could not to make regular calls or send SMS. - -Unfortunately even the Galaxy SIII 4G (GT-I9305) which is a Galaxy -SIII (GT-I9300) with a different modem doesn't support VoLTE. So we -cannot reuse most of the Replicant work we did. - -Even if in some areas of the world (like some European countries), the -devices currently supported will continue to work for very few years, -and there was a big amount of work done to make these devices -usable with more recent Android versions, a lot more work is needed to -make that work usable daily (making power management work, debugging -complex issues, etc). - -The majority of recent devices (like newer Samsung smartphones) have -too many freedom issues, making them unsuitable for Replicant. +(GT-I9300) usable with an upstream kernel, both on graphics and on the modem. + +While working on this report we also found that the removal of 3G networks was +more a serious problem than we originally understood. + +As we understand from [ the Wikipedia article on 2G ][1] , GSM networks are +also being removed in Europe as well (where most Replicant users probably +reside). If somehow we understood it wrong please contact us on the Replicant +mailing list as this has big implications for Replicant. + +This means that none of the currently supported devices will continue to work +on non-community networks in most areas of the world. + +About a year ago, the current Replicant maintainer talked with someone that +knows well European regulations and that person told him that there was no +chance to stop 3G from being removed (for instance through legal activism) due +to the low number of users still using 3G. Since we didn't ask about GSM at +the time, we have no idea if that can be blocked or not or how much effort +that requires. + +In any case it means that the only way forward for Replicant is to make sure +it (also) supports devices that work on 4G networks. + +Furthermore such devices should also have VoLTE (Voice over 4G networks) ; +otherwise, although they would be able to get Internet over 4G networks, they +could not to make regular calls or send SMS. + +Unfortunately even the Galaxy SIII 4G (GT-I9305) which is a Galaxy SIII +(GT-I9300) with a different modem doesn't support VoLTE. So we cannot reuse +most of the Replicant work we did. + +Even if in some areas of the world (like some European countries), the devices +currently supported will continue to work for very few years, and there was a +big amount of work done to make these devices usable with more recent Android +versions, a lot more work is needed to make that work usable daily (making +power management work, debugging complex issues, etc). + +The majority of recent devices (like newer Samsung smartphones) have too many +freedom issues, making them unsuitable for Replicant. Remains the PinePhone: -- The hardware already works under GNU/Linux. - -- The battery life (in hours) is now almost good enough. Furthermore, - it is possible to buy an additional keyboard that has a builtin - battery to extend it more. - -- There is an Android distribution (GloDroid) that supports the - PinePhone. It has some usability issues that need to be fixed: modem - disappearing on some models, no cellular data, no modem isolation, - etc. - -The PinePhone Pro and Librem 5 could also be supported but they are -not high priority right now due to incomplete power management -(PinePhone Pro) and high cost (Librem 5). - -In light of this, the current Replicant maintainer applied for funding -through NLnet (again) to fix some of the PinePhone's issues and -support it in Replicant. This application was accepted but he ended up -being sidetracked by another project instead of working on that. - -He got involved in what became GNU Boot and planned to have the -project in good state by the end of the last summer, in the hope -the work could be reused to ship a bootloader for the PinePhone -in the next Replicant version. - -See the [GNU Boot 0.1 RC3 -announcement](https://www.gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html) -and the [NLnet funding -application](https://git.replicant.us/contrib/GNUtoo/documentation/documents/tree/NLnet/porting_replicant_to_android9) -for more details. - -Unfortunately the work on GNU Boot took way longer than anticipated, -being unfinished yet. Because of that the work on the PinePhone didn't -even start. - -In addition to that, the main Replicant maintainer was also demotivated -(he did a lot of work that turned out not to be that useful) and he -thought that the project was poorly managed by him. He was trying -to understand what went wrong and how to fix it. Going to the 37C3 -to find help was part of the fixing plan. - -Identified issues: -================== -Discussions between GNUtoo, dllud (both Replicant contributors) and -several people we met during the 37C3 or on the train going to it -converged to the same points and together we identified several -issues: - -Replicant has not enough people: --------------------------------- - - - A diversity of profiles helps solving issues and not be stuck. It - also helps keeping the motivation as different people are good in - different areas and thus people can more easily work on what they - are good at and like to work on. - - - We cannot expect a single person to take care of the community, - help new contributors, handle project management, keep - relationships with other communities, keep track of what work is - getting done elsewhere to improve collaboration, manage the - infrastructure (servers) and modernize it a bit, and at the - same time work on the code towards new releases. So far the - current maintainer has been switching from a set of tasks to - another but that didn't really work out. - -It's too difficult to contribute to Replicant: ----------------------------------------------- - - - It requires computers that are not commonly available among - people: to build Replicant you need a lot of free space (200+ - GiB), a fast internet connection to download more than 50 - GiB, 32 GiB of RAM or more (for recent Android versions), - and sometimes run specific versions of distributions. - - - It requires specific hardware like a Galaxy SIII (GT-I9300). - People can't help with commonly available emulators or single - board computers. - - - There is extensive documentation but it's scattered around. - Documentation is also lacking for the tasks that are the most - important for Replicant (porting Replicant to newer Android - versions). Though we can also have people helping new contributors - again to compensate for documentation issues. - - - We have a list of tasks and required skills for them - but we lack information about the importance of the tasks. We also - need to organize a bit how to assign tasks to people according to - their skills and will. We were also advised to break the important - tasks in more details. - -Plan forwards: -============== - -Very short terms plans: ------------------------ - - - Write this report: As we were not always discussing with the same - people at the conference this should help us share information - between ourselves and also with all the people that helped - Replicant at the conference, to better organize the next steps. - - - Setup a Replicant meeting online at a fixed time, on IRC/Big blue - button/Jitsi/Mumble. If new people come we would do a short - introduction and people would present themselves (especially what - they are interested in). - - - Re-run the call for the Community Manager. We will run almost the - same call as before so the work will be less than last time. We - will be looking for a candidate that can do a subset of the tasks - in the call. As we were told multiple times that "Community - Manager" was not describing the job well, we are also looking for - a better term but so far no one found one that would feel right. - - - Amend the NLnet proposal to include GNU Boot work as well to - solve our dilemma. - -Medium term plans: ------------------- - - Find a way to get a build server. A KGPE-D16 would be a good - idea. The FSF can probably buy it and host it for us. - - - Work on the PinePhone (and on GNU Boot as well). - -Long term plans: ----------------- - -While discussing with NLnet we were also told that it might be useful -to collaborate more with DivestOS as part of our goals are -similar. So we will need to evaluate again if there is enough -proximity in our code to collaborate. - -In the past people from DivestOS were really helpful as they found -nonfree software inside Replicant and reported it to us. - -Apart from that we don't have long term plans yet. Once we have a -Replicant release that supports the PinePhone, we will need to decide -where to go next. - -For instance we could support more devices, reduce the amount of work -for adding support for newer Android versions, reduce the differences -between GNU/Linux and Android, or simply keep Replicant up to date by -supporting more recent Android versions with minimal work. - -Right now we also didn't spend much of the Replicant money and beside -paying for a "Community Manager" we don't have precise plans yet. - -We have about $200 000 and so far we relied on funding from NLnet to -bring Replicant back on track as it was easier not to mess up this -way. - -Money goes away fast and spending it all in the wrong direction would -prevent Replicant from using it to become more sustainable. Very few -projects have an opportunity to use money to grow or achieve more. - -Instead most of the ones that want to grow and become (bigger) -non-profits are stuck in a chicken and egg issue as they need more -money (that they don't have) to achieve more, which in turn leads -to a greater need for donations. - -As such, getting the project back on track before even starting to -evaluate how to use the money to do big changes to the project seems -a good idea, as many projects were destroyed after getting too -much money and failing to properly use it. - -Other advices for medium/long term: ------------------------------------ - -- One person also told us that businesses have interesting - methodologies like "tracer bullets" in Agile methodology, or - "Business model canvas" or some emotional approaches to tasks that - might be worth looking at as they can work for non-commercial - projects as well and can be adapted to a wide variety of cases. - -- One of the people we talked to insisted on the importance of - finding a good team and finding ways to divide tasks between - people. For that person it was also important to find people that - could work well together and that agreed on the same goal (to - avoid infightings). - -- We could also delegate more sysadmin work to the FSF: It would - require less time from our side without compromising on freedom and - with minimal extra work for the FSF sysadmins if we don't require - custom things. - -- We were also warned that delegating tasks among ourselves still - require time to organize. According to that person, in many cases - if a person delegates a task, only 50% of the time is saved. - -Other area of work: -=================== - -Android SDK: ------------- - -The main advantage of Replicant over other GNU/Linux distributions -certified by the FSF is that it can run Android applications, but that -is only relevant if there are 100% free software Android applications. - -Somewhat recently we found out that it was no longer possible to know -if Android applications shipped by F-Droid are really free, as F-Droid -now uses the nonfree Google SDK to build the applications. As such we -don't know if they build with another SDK on FSF certified GNU/Linux -distributions. We want to help fix that to make sure the solution -really suits our needs. - -If there were fully free drop-in replacement SDKs that also build on -a 100% free distributions, that issue could be fixed for both F-Droid -and Replicant. F-Droid may have further requirements as they probably -have higher security demands than Replicant. For instance, they -probably won't like to depend on the (free software) binaries shipped -in the SDK source code that are used to build it, and would rather -build everything from source. - -In the times of Replicant 4.2 (based on Android 4.2) Replicant -produced its own SDK. After that several GNU/Linux distributions -(Debian and some Debian derivatives) started shipping a fully free SDK -for Android 6.0 so Replicant stopped producing newer SDKs. - -Nowadays Debian and PureOS still package an Android 6.0 SDK but don't -support more recent versions of Android. They also don't support the -NDK that supports languages like C. F-Droid probably used these SDKs -for a while, specially because they are completely built from source -from well known distribution(s), but many Android applications don't -build anymore with these old SDKs. - -After that, free SDKs for various Android versions started being -released at https://android-rebuilds.beuc.net, but the main author of -this work at some point moved on. - -After that several people tried to continue that work somehow and -published source code that can build SDKs but none published the SDK -binaries. - -In the GNU 40 conference in Switzerland, the current Replicant -maintainer met the person behind SDK rebuilds (beuc.net) and also -someone interested in giving resources (like server space) to build an -SDK. +* The hardware already works under GNU/Linux. + +* The battery life (in hours) is now almost good enough. Furthermore, it is + possible to buy an additional keyboard that has a builtin battery to + extend it more. + +* There is an Android distribution (GloDroid) that supports the PinePhone. + It has some usability issues that need to be fixed: modem disappearing on + some models, no cellular data, no modem isolation, etc. + +The PinePhone Pro and Librem 5 could also be supported but they are not high +priority right now due to incomplete power management (PinePhone Pro) and high +cost (Librem 5). + +In light of this, the current Replicant maintainer applied for funding through +NLnet (again) to fix some of the PinePhone's issues and support it in +Replicant. This application was accepted but he ended up being sidetracked by +another project instead of working on that. + +He got involved in what became GNU Boot and planned to have the project in +good state by the end of the last summer, in the hope the work could be reused +to ship a bootloader for the PinePhone in the next Replicant version. + +See the [ GNU Boot 0.1 RC3 announcement ][2] and the [ NLnet funding +application ][3] for more details. + +Unfortunately the work on GNU Boot took way longer than anticipated, being +unfinished yet. Because of that the work on the PinePhone didn't even start. + +In addition to that, the main Replicant maintainer was also demotivated (he +did a lot of work that turned out not to be that useful) and he thought that +the project was poorly managed by him. He was trying to understand what went +wrong and how to fix it. Going to the 37C3 to find help was part of the fixing +plan. + +# Identified issues: + +Discussions between GNUtoo, dllud (both Replicant contributors) and several +people we met during the 37C3 or on the train going to it converged to the +same points and together we identified several issues: + +## Replicant has not enough people: + +* A diversity of profiles helps solving issues and not be stuck. It also + helps keeping the motivation as different people are good in different + areas and thus people can more easily work on what they are good at and + like to work on. + +* We cannot expect a single person to take care of the community, help new + contributors, handle project management, keep relationships with other + communities, keep track of what work is getting done elsewhere to improve + collaboration, manage the infrastructure (servers) and modernize it a bit, + and at the same time work on the code towards new releases. So far the + current maintainer has been switching from a set of tasks to another but + that didn't really work out. + +## It's too difficult to contribute to Replicant: + +* It requires computers that are not commonly available among people: to + build Replicant you need a lot of free space (200+ GiB), a fast internet + connection to download more than 50 GiB, 32 GiB of RAM or more (for recent + Android versions), and sometimes run specific versions of distributions. + +* It requires specific hardware like a Galaxy SIII (GT-I9300). People can't + help with commonly available emulators or single board computers. + +* There is extensive documentation but it's scattered around. Documentation + is also lacking for the tasks that are the most important for Replicant + (porting Replicant to newer Android versions). Though we can also have + people helping new contributors again to compensate for documentation + issues. + +* We have a list of tasks and required skills for them but we lack + information about the importance of the tasks. We also need to organize a + bit how to assign tasks to people according to their skills and will. We + were also advised to break the important tasks in more details. + +# Plan forwards: + +## Very short terms plans: + +* Write this report: As we were not always discussing with the same people + at the conference this should help us share information between ourselves + and also with all the people that helped Replicant at the conference, to + better organize the next steps. + +* Setup a Replicant meeting online at a fixed time, on IRC/Big blue + button/Jitsi/Mumble. If new people come we would do a short introduction + and people would present themselves (especially what they are interested + in). + +* Re-run the call for the Community Manager. We will run almost the same + call as before so the work will be less than last time. We will be looking + for a candidate that can do a subset of the tasks in the call. As we were + told multiple times that “Community Manager” was not describing the job + well, we are also looking for a better term but so far no one found one + that would feel right. + +* Amend the NLnet proposal to include GNU Boot work as well to solve our + dilemma. + +## Medium term plans: + +* Find a way to get a build server. A KGPE-D16 would be a good idea. The FSF + can probably buy it and host it for us. + +* Work on the PinePhone (and on GNU Boot as well). + +## Long term plans: + +While discussing with NLnet we were also told that it might be useful to +collaborate more with DivestOS as part of our goals are similar. So we will +need to evaluate again if there is enough proximity in our code to +collaborate. + +In the past people from DivestOS were really helpful as they found nonfree +software inside Replicant and reported it to us. + +Apart from that we don't have long term plans yet. Once we have a Replicant +release that supports the PinePhone, we will need to decide where to go next. + +For instance we could support more devices, reduce the amount of work for +adding support for newer Android versions, reduce the differences between +GNU/Linux and Android, or simply keep Replicant up to date by supporting more +recent Android versions with minimal work. + +Right now we also didn't spend much of the Replicant money and beside paying +for a “Community Manager” we don't have precise plans yet. + +We have about $200 000 and so far we relied on funding from NLnet to bring +Replicant back on track as it was easier not to mess up this way. + +Money goes away fast and spending it all in the wrong direction would prevent +Replicant from using it to become more sustainable. Very few projects have an +opportunity to use money to grow or achieve more. + +Instead most of the ones that want to grow and become (bigger) non-profits are +stuck in a chicken and egg issue as they need more money (that they don't +have) to achieve more, which in turn leads to a greater need for donations. + +As such, getting the project back on track before even starting to evaluate +how to use the money to do big changes to the project seems a good idea, as +many projects were destroyed after getting too much money and failing to +properly use it. + +## Other advices for medium/long term: + +* One person also told us that businesses have interesting methodologies + like “tracer bullets” in Agile methodology, or “Business model canvas” or + some emotional approaches to tasks that might be worth looking at as they + can work for non-commercial projects as well and can be adapted to a wide + variety of cases. + +* One of the people we talked to insisted on the importance of finding a + good team and finding ways to divide tasks between people. For that person + it was also important to find people that could work well together and + that agreed on the same goal (to avoid infightings). + +* We could also delegate more sysadmin work to the FSF: It would require + less time from our side without compromising on freedom and with minimal + extra work for the FSF sysadmins if we don't require custom things. + +* We were also warned that delegating tasks among ourselves still require + time to organize. According to that person, in many cases if a person + delegates a task, only 50% of the time is saved. + +# Other area of work: + +## Android SDK: + +The main advantage of Replicant over other GNU/Linux distributions certified +by the FSF is that it can run Android applications, but that is only relevant +if there are 100% free software Android applications. + +Somewhat recently we found out that it was no longer possible to know if +Android applications shipped by F-Droid are really free, as F-Droid now uses +the nonfree Google SDK to build the applications. As such we don't know if +they build with another SDK on FSF certified GNU/Linux distributions. We want +to help fix that to make sure the solution really suits our needs. + +If there were fully free drop-in replacement SDKs that also build on a 100% +free distributions, that issue could be fixed for both F-Droid and Replicant. +F-Droid may have further requirements as they probably have higher security +demands than Replicant. For instance, they probably won't like to depend on +the (free software) binaries shipped in the SDK source code that are used to +build it, and would rather build everything from source. + +In the times of Replicant 4.2 (based on Android 4.2) Replicant produced its +own SDK. After that several GNU/Linux distributions (Debian and some Debian +derivatives) started shipping a fully free SDK for Android 6.0 so Replicant +stopped producing newer SDKs. + +Nowadays Debian and PureOS still package an Android 6.0 SDK but don't support +more recent versions of Android. They also don't support the NDK that supports +languages like C. F-Droid probably used these SDKs for a while, specially +because they are completely built from source from well known distribution(s), +but many Android applications don't build anymore with these old SDKs. + +After that, free SDKs for various Android versions started being released at +https://android-rebuilds.beuc.net, but the main author of this work at some +point moved on. + +After that several people tried to continue that work somehow and published +source code that can build SDKs but none published the SDK binaries. + +In the GNU 40 conference in Switzerland, the current Replicant maintainer met +the person behind SDK rebuilds (beuc.net) and also someone interested in +giving resources (like server space) to build an SDK. In the 37C3 we met additional people: -- Starfish, that wrote potentially 100% free Android applications and - that also publishes source code to build a free Android SDK. His - applications build with this free SDK. - - Starfish doesn't publish binaries in order to avoid dealing with - license compliance in case something is wrong in the SDK binaries. - Replicant is happy to do that. - - Starfish can also accept contributions and bug reports for - supporting FSF certified GNU/Linux distributions and for removing - nonfree software from the SDK if any if found. - - As a bonus we also reviewed the applications that Starfish wrote - so if the SDK works on 100% free distributions we'll also have 100% - free applications to promote to people without any freedom caveats. - -- Another person (wizzard) jumped in to automatize the builds, making - them run unattended on each new release. - -So thanks to all these people everything is now in motion to get the -SDK problem fixed once for good and in a better way than before: one -that makes sure people can actually build Android applications with -100% free software. - -Conferences: -============ - -At the 37C3 we managed to understand Replicant issues and a way -forward probably because we started discussing the project issues in -advance, which allowed just enough understanding to be able to ask for -help. If we didn't do that we probably would not have managed to get -help that is that useful. - -37C3 talks and interesting people: ----------------------------------- - -While we (GNUtoo, dllud, and the people that helped us) did a lot at -the congress (and even too much since we missed our own lightning -talk due to too much cognitive load) at the end we managed to -achieve the most important goal: finding a path forward for Replicant. - -Alongside our main goal of putting the project back on track, we -found time to host a variety of talks and events: - -- We had an [official Replicant - assembly](https://events.ccc.de/congress/2023/hub/en/assembly/replicant/) - where people could meet us. - -- We did [a presentation named Smartphones freedom status in - 2023](https://events.ccc.de/congress/2023/hub/en/event/smartphones-freedom-status-in-2023/) - which looked at smartphone hardware and operating systems available - in 2023. It wasn't recorded. The slides are available as - [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Smartphones_freedom_status_2023.pdf) - and [source - code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Smartphones_freedom_status_2023?id=628319ae80491328b85958159e4511156fe20bc9). - - At the end of the presentation, after the questions, we also got - some feedback: - - - We were told that there are more applications for GNU/Linux that - work on smartphones than what we assumed. They are referenced in - https://linuxphoneapps.org and they also list applications - available in [PureOS landing](https://linuxphoneapps.org/packaged-in/pureos-landing/) - (a rolling release version of PureOS) and - [Guix](https://linuxphoneapps.org/packaged-in/gnuguix/). Still - they probably have less applications available than on F-Droid but - things are progressing in the right direction. - -- We also did a talk [presenting the Replicant as part of the Critical Decentralization Cluster](https://events.ccc.de/congress/2023/hub/en/event/cdc-critical-decentralization-cluster-cluster-reco/). - Unfortunately it wasn't recorded due to a technical issue, but we - [re-did it again the day after on a longer format](https://events.ccc.de/congress/2023/hub/en/event/introduction-to-replicant/). - The slides [source code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_introduction?id=628319ae80491328b85958159e4511156fe20bc9) - and [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Replicant_introduction.pdf) - are available. - -- We did a [presentation on the status of Replicant](https://events.ccc.de/congress/2023/hub/en/event/replicant-struggle-past-and-present-successes-and-/). - It wasn't recorded so if you want to know what was said, [the slides are available](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.pdf?id=628319ae80491328b85958159e4511156fe20bc9), - but you also need to read the [presentation.txt](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.txt?id=628319ae80491328b85958159e4511156fe20bc9) - to understand it. - -- As a follow up to the presentation on the status of Replicant, we - also had [a meetup on the last day](https://events.ccc.de/congress/2023/hub/en/event/replicant-meetup/) - where we had discussions with the people attending the talk. - -- We met someone repurposing smartphones who told us that on some - Samsung smartphones/tablets, erasing the PARAM partition (with - dd if=/dev/zero) sometimes removes restrictions that prevent - the phone from booting custom distributions. - -- Among those helping us, there was someone interested in using - Replicant for education. The most problematic issue found is - that the current requirements to work on Replicant are too - much for students. Supporting single board computers or emulators - would be a first step to help here. In general this would help - finding new contributors. - -OFFDEM / FOSDEM 2024: ---------------------- - -The main maintainer of Replicant had already planned to go to an event -of [OFFDEM](https://oxygen.offdem.net/pub/offdem-ourstory) (an -alternative conference to FOSDEM) on Friday night, and also to FOSDEM -2024 on Saturday and Sunday. Train tickets were already bought before -Replicant took the decision to go to the 37C3, so he kept the plan. - -As expected it was not as useful as the 37C3 for Replicant (it was way -more useful for GNU Boot) but still some interesting things happened: - -- He met Hans-Christoph Steiner from F-Droid and explained the status - on having a fully free Android SDK. He detailed our work to provide - binaries by setting up an automated build system that reuses - [the maintained scripts to build the SDK](https://codeberg.org/Starfish/SDK-Rebuilds) - and that runs on a FSF certified distribution (Trisquel) to make - this solution also work for Replicant. - -- He was introduced to people working on CalyxOS by Michiel from - NLnet. - - Before that he thought that CalyxOS was deeply problematic because - even if on paper CalyxOS had the same freedoms as LineageOS, its - security system removed users control of the devices (users don't - have root, etc) and didn't have access to their data. - - But in reality CalyxOS [uses SeedVault](https://calyxinstitute.org/projects/seedvault-encrypted-backup-for-android), - a backup application that enables users to backup their data and - restore it on any other distribution that may not have the same - security model. SeedVault is also used by most Android distributions. - It is therefore a good idea to see how it can be integrated into - Replicant, as it seems to be made with user's empowerment in mind. It can - backup data (encrypted) to an USB key, so users don't need a server or - external services. - - In addition he was told by a CalyxOS contributor that it is - relatively simple for users to build CalyxOS with their own keys, - and so be in full control of the device. - - He was also told that newer Android versions don't need [F-Droid - privilege extension](https://gitlab.com/fdroid/privileged-extension) - anymore due to the inclusion of an API for stores inside recent - Android versions (thanks to some European regulations). - -- He met someone who is working on understanding the European - regulations that aim to standardize digital identity - papers and the way to store it. He already met that person at the - 37C3 but this time there was more understanding and more time to - discuss the issue more in depth. The regulation has requirements for - smartphones so it will most likely affect smartphones distributions - that use free software drivers (like Replicant, various GNU/Linux - distributions, etc.). If done wrong, it would prevent free - software users from storing their identity papers in their - smartphones with free software (for instance because it could be - stored "securely" in areas of the phone inaccessible to users and - free software). One of the issue is that this person looks for help - to understand the technical parts, and also for some associations to - help in the fight to modify the laws to fit free software. Since - Replicant has very little time to look at this now, he referred her - to the Osmocom project that already analyzes somewhat similar - designs like eSIM. - -- He also met with Tiberiu from Technoethical, a shop that sells FSF +* Starfish, that wrote potentially 100% free Android applications and that + also publishes source code to build a free Android SDK. His applications + build with this free SDK. + +Starfish doesn't publish binaries in order to avoid dealing with license +compliance in case something is wrong in the SDK binaries. Replicant is happy +to do that. + +Starfish can also accept contributions and bug reports for supporting FSF +certified GNU/Linux distributions and for removing nonfree software from the +SDK if any if found. + +As a bonus we also reviewed the applications that Starfish wrote so if the SDK +works on 100% free distributions we'll also have 100% free applications to +promote to people without any freedom caveats. + +* Another person (wizzard) jumped in to automatize the builds, making them + run unattended on each new release. + +So thanks to all these people everything is now in motion to get the SDK +problem fixed once for good and in a better way than before: one that makes +sure people can actually build Android applications with 100% free software. + +# Conferences: + +At the 37C3 we managed to understand Replicant issues and a way forward +probably because we started discussing the project issues in advance, which +allowed just enough understanding to be able to ask for help. If we didn't do +that we probably would not have managed to get help that is that useful. + +## 37C3 talks and interesting people: + +While we (GNUtoo, dllud, and the people that helped us) did a lot at the +congress (and even too much since we missed our own lightning talk due to too +much cognitive load) at the end we managed to achieve the most important goal: +finding a path forward for Replicant. + +Alongside our main goal of putting the project back on track, we found time to +host a variety of talks and events: + +* We had an [ official Replicant assembly ][4] where people could meet us. + +* We did [ a presentation named Smartphones freedom status in 2023 ][5] + which looked at smartphone hardware and operating systems available in + 2023. It wasn't recorded. The slides are available as [ PDF ][6] and [ + source code ][7] . + +At the end of the presentation, after the questions, we also got some +feedback: + + * We were told that there are more applications for GNU/Linux that work on smartphones than what we assumed. They are referenced in https://linuxphoneapps.org and they also list applications available in [ PureOS landing ][8] (a rolling release version of PureOS) and [ Guix ][9] . Still they probably have less applications available than on F-Droid but things are progressing in the right direction. + +* We also did a talk [ presenting the Replicant as part of the Critical + Decentralization Cluster ][10] . Unfortunately it wasn't recorded due to a + technical issue, but we [ re-did it again the day after on a longer format + ][11] . The slides [ source code ][12] and [ PDF ][13] are available. + +* We did a [ presentation on the status of Replicant ][14] . It wasn't + recorded so if you want to know what was said, [ the slides are available + ][15] , but you also need to read the [ presentation.txt ][16] to + understand it. + +* As a follow up to the presentation on the status of Replicant, we also had + [ a meetup on the last day ][17] where we had discussions with the people + attending the talk. + +* We met someone repurposing smartphones who told us that on some Samsung + smartphones/tablets, erasing the PARAM partition (with dd if=/dev/zero) + sometimes removes restrictions that prevent the phone from booting custom + distributions. + +* Among those helping us, there was someone interested in using Replicant + for education. The most problematic issue found is that the current + requirements to work on Replicant are too much for students. Supporting + single board computers or emulators would be a first step to help here. In + general this would help finding new contributors. + +## OFFDEM / FOSDEM 2024: + +The main maintainer of Replicant had already planned to go to an event of [ +OFFDEM ][18] (an alternative conference to FOSDEM) on Friday night, and also +to FOSDEM 2024 on Saturday and Sunday. Train tickets were already bought +before Replicant took the decision to go to the 37C3, so he kept the plan. + +As expected it was not as useful as the 37C3 for Replicant (it was way more +useful for GNU Boot) but still some interesting things happened: + +* He met Hans-Christoph Steiner from F-Droid and explained the status on + having a fully free Android SDK. He detailed our work to provide binaries + by setting up an automated build system that reuses [ the maintained + scripts to build the SDK ][19] and that runs on a FSF certified + distribution (Trisquel) to make this solution also work for Replicant. + +* He was introduced to people working on CalyxOS by Michiel from NLnet. + +Before that he thought that CalyxOS was deeply problematic because even if on +paper CalyxOS had the same freedoms as LineageOS, its security system removed +users control of the devices (users don't have root, etc) and didn't have +access to their data. + +But in reality CalyxOS [ uses SeedVault ][20] , a backup application that +enables users to backup their data and restore it on any other distribution +that may not have the same security model. SeedVault is also used by most +Android distributions. It is therefore a good idea to see how it can be +integrated into Replicant, as it seems to be made with user's empowerment in +mind. It can backup data (encrypted) to an USB key, so users don't need a +server or external services. + +In addition he was told by a CalyxOS contributor that it is relatively simple +for users to build CalyxOS with their own keys, and so be in full control of +the device. + +He was also told that newer Android versions don't need [ F-Droid privilege +extension ][21] anymore due to the inclusion of an API for stores inside +recent Android versions (thanks to some European regulations). + +* He met someone who is working on understanding the European regulations + that aim to standardize digital identity papers and the way to store it. + He already met that person at the 37C3 but this time there was more + understanding and more time to discuss the issue more in depth. The + regulation has requirements for smartphones so it will most likely affect + smartphones distributions that use free software drivers (like Replicant, + various GNU/Linux distributions, etc.). If done wrong, it would prevent + free software users from storing their identity papers in their + smartphones with free software (for instance because it could be stored + “securely” in areas of the phone inaccessible to users and free software). + One of the issue is that this person looks for help to understand the + technical parts, and also for some associations to help in the fight to + modify the laws to fit free software. Since Replicant has very little time + to look at this now, he referred her to the Osmocom project that already + analyzes somewhat similar designs like eSIM. + +* He also met with Tiberiu from Technoethical, a shop that sells FSF certified hardware and Replicant compatible smartphones (that aren't - certified by the FSF due to nonfree bootloaders and other - issues). Technoethical will be negatively affected by Replicant's - decision to drop support for the current Samsung phones in future - versions, as PinePhone will become the major focus. - -- The main maintainer of Replicant also met with Paul - Kocialkowski. Before that meeting he thought that on GNU/Linux the - [eg25-manager program](https://gitlab.com/mobian1/eg25-manager) for - the PinePhone only did simple things like setting up udev rules and - had simple hacks to make the modem work fine. He thought that - all stability issues were to be handled by Modem Manager. - However the EC 25 Manager may also be monitoring the modem - and restarting it when it crashes. This could explain modem - stability issues with Android/GloDroid on PinePhones with 3GiB of - RAM. The fix may be to port/reimplement that feature to make this - model usable. + certified by the FSF due to nonfree bootloaders and other issues). + Technoethical will be negatively affected by Replicant's decision to drop + support for the current Samsung phones in future versions, as PinePhone + will become the major focus. + +* The main maintainer of Replicant also met with Paul Kocialkowski. Before + that meeting he thought that on GNU/Linux the [ eg25-manager program ][22] + for the PinePhone only did simple things like setting up udev rules and + had simple hacks to make the modem work fine. He thought that all + stability issues were to be handled by Modem Manager. However the EC 25 + Manager may also be monitoring the modem and restarting it when it + crashes. This could explain modem stability issues with Android/GloDroid + on PinePhones with 3GiB of RAM. The fix may be to port/reimplement that + feature to make this model usable. + +Edits: + +1. Refrased Technoethical paragraph. + + [1]: <https://en.wikipedia.org/wiki/2G#Past_2G_networks> + + [2]: <https://www.gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html> + + [3]: +<https://git.replicant.us/contrib/GNUtoo/documentation/documents/tree/NLnet/porting_replicant_to_android9> + + [4]: <https://events.ccc.de/congress/2023/hub/en/assembly/replicant/> + + [5]: <https://events.ccc.de/congress/2023/hub/en/event/smartphones-freedom-status-in-2023/> + + [6]: +<https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Smartphones_freedom_status_2023.pdf> + + [7]: +<https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Smartphones_freedom_status_2023?id=628319ae80491328b85958159e4511156fe20bc9> + + [8]: <https://linuxphoneapps.org/packaged-in/pureos-landing/> + + [9]: <https://linuxphoneapps.org/packaged-in/gnuguix/> + + [10]: <https://events.ccc.de/congress/2023/hub/en/event/cdc-critical-decentralization-cluster-cluster-reco/> + + [11]: <https://events.ccc.de/congress/2023/hub/en/event/introduction-to-replicant/> + + [12]: +<https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_introduction?id=628319ae80491328b85958159e4511156fe20bc9> + + [13]: +<https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Replicant_introduction.pdf> + + [14]: <https://events.ccc.de/congress/2023/hub/en/event/replicant-struggle-past-and-present-successes-and-/> + + [15]: +<https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.pdf?id=628319ae80491328b85958159e4511156fe20bc9> + + [16]: +<https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.txt?id=628319ae80491328b85958159e4511156fe20bc9> + + [17]: <https://events.ccc.de/congress/2023/hub/en/event/replicant-meetup/> + + [18]: <https://oxygen.offdem.net/pub/offdem-ourstory> + + [19]: <https://codeberg.org/Starfish/SDK-Rebuilds> + + [20]: <https://calyxinstitute.org/projects/seedvault-encrypted-backup-for-android> + + [21]: <https://gitlab.com/fdroid/privileged-extension> + + [22]: <https://gitlab.com/mobian1/eg25-manager> + + |