diff options
Diffstat (limited to 'markdown')
| -rw-r--r-- | markdown/2024_03_replicant-37c3-and-fosdem-2024-report.md | 472 |
1 files changed, 472 insertions, 0 deletions
diff --git a/markdown/2024_03_replicant-37c3-and-fosdem-2024-report.md b/markdown/2024_03_replicant-37c3-and-fosdem-2024-report.md new file mode 100644 index 0000000..6254706 --- /dev/null +++ b/markdown/2024_03_replicant-37c3-and-fosdem-2024-report.md @@ -0,0 +1,472 @@ +tags: Replicant news, dllud, GNUtoo +date: 2024-03-01 00:00 +title: Replicant status and report of the 37C3 and FOSDEM 2024 conferences. +--- + +Replicant current status: +========================= +The last Replicant release is still based on Android 6.0. + +In the previous years, a lot of work was done to make the Galaxy SIII +(GT-I9300) usable with an upstream kernel, both on graphics and on the +modem. + +While working on this report we also found that the removal of 3G +networks was more a serious problem than we originally understood. + +As we understand from [the Wikipedia article on +2G](https://en.wikipedia.org/wiki/2G#Past_2G_networks), GSM networks +are also being removed in Europe as well (where most Replicant users +probably reside). If somehow we understood it wrong please +contact us on the Replicant mailing list as this has big implications +for Replicant. + +This means that none of the currently supported devices will continue +to work on non-community networks in most areas of the world. + +About a year ago, the current Replicant maintainer talked with +someone that knows well European regulations and that person told him +that there was no chance to stop 3G from being removed (for instance +through legal activism) due to the low number of users still using +3G. Since we didn't ask about GSM at the time, we have no idea if that +can be blocked or not or how much effort that requires. + +In any case it means that the only way forward for Replicant is to +make sure it (also) supports devices that work on 4G networks. + +Furthermore such devices should also have VoLTE (Voice over 4G +networks) ; otherwise, although they would be able to get Internet over +4G networks, they could not to make regular calls or send SMS. + +Unfortunately even the Galaxy SIII 4G (GT-I9305) which is a Galaxy +SIII (GT-I9300) with a different modem doesn't support VoLTE. So we +cannot reuse most of the Replicant work we did. + +Even if in some areas of the world (like some European countries), the +devices currently supported will continue to work for very few years, +and there was a big amount of work done to make these devices +usable with more recent Android versions, a lot more work is needed to +make that work usable daily (making power management work, debugging +complex issues, etc). + +The majority of recent devices (like newer Samsung smartphones) have +too many freedom issues, making them unsuitable for Replicant. + +Remains the PinePhone: + +- The hardware already works under GNU/Linux. + +- The battery life (in hours) is now almost good enough. Furthermore, + it is possible to buy an additional keyboard that has a builtin + battery to extend it more. + +- There is an Android distribution (GloDroid) that supports the + PinePhone. It has some usability issues that need to be fixed: modem + disappearing on some models, no cellular data, no modem isolation, + etc. + +The PinePhone Pro and Librem 5 could also be supported but they are +not high priority right now due to incomplete power management +(PinePhone Pro) and high cost (Librem 5). + +In light of this, the current Replicant maintainer applied for funding +through NLnet (again) to fix some of the PinePhone's issues and +support it in Replicant. This application was accepted but he ended up +being sidetracked by another project instead of working on that. + +He got involved in what became GNU Boot and planned to have the +project in good state by the end of the last summer, in the hope +the work could be reused to ship a bootloader for the PinePhone +in the next Replicant version. + +See the [GNU Boot 0.1 RC3 +announcement](https://www.gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html) +and the [NLnet funding +application](https://git.replicant.us/contrib/GNUtoo/documentation/documents/tree/NLnet/porting_replicant_to_android9) +for more details. + +Unfortunately the work on GNU Boot took way longer than anticipated, +being unfinished yet. Because of that the work on the PinePhone didn't +even start. + +In addition to that, the main Replicant maintainer was also demotivated +(he did a lot of work that turned out not to be that useful) and he +thought that the project was poorly managed by him. He was trying +to understand what went wrong and how to fix it. Going to the 37C3 +to find help was part of the fixing plan. + +Identified issues: +================== +Discussions between GNUtoo, dllud (both Replicant contributors) and +several people we met during the 37C3 or on the train going to it +converged to the same points and together we identified several +issues: + +Replicant has not enough people: +-------------------------------- + + - A diversity of profiles helps solving issues and not be stuck. It + also helps keeping the motivation as different people are good in + different areas and thus people can more easily work on what they + are good at and like to work on. + + - We cannot expect a single person to take care of the community, + help new contributors, handle project management, keep + relationships with other communities, keep track of what work is + getting done elsewhere to improve collaboration, manage the + infrastructure (servers) and modernize it a bit, and at the + same time work on the code towards new releases. So far the + current maintainer has been switching from a set of tasks to + another but that didn't really work out. + +It's too difficult to contribute to Replicant: +---------------------------------------------- + + - It requires computers that are not commonly available among + people: to build Replicant you need a lot of free space (200+ + GiB), a fast internet connection to download more than 50 + GiB, 32 GiB of RAM or more (for recent Android versions), + and sometimes run specific versions of distributions. + + - It requires specific hardware like a Galaxy SIII (GT-I9300). + People can't help with commonly available emulators or single + board computers. + + - There is extensive documentation but it's scattered around. + Documentation is also lacking for the tasks that are the most + important for Replicant (porting Replicant to newer Android + versions). Though we can also have people helping new contributors + again to compensate for documentation issues. + + - We have a list of tasks and required skills for them + but we lack information about the importance of the tasks. We also + need to organize a bit how to assign tasks to people according to + their skills and will. We were also advised to break the important + tasks in more details. + +Plan forwards: +============== + +Very short terms plans: +----------------------- + + - Write this report: As we were not always discussing with the same + people at the conference this should help us share information + between ourselves and also with all the people that helped + Replicant at the conference, to better organize the next steps. + + - Setup a Replicant meeting online at a fixed time, on IRC/Big blue + button/Jitsi/Mumble. If new people come we would do a short + introduction and people would present themselves (especially what + they are interested in). + + - Re-run the call for the Community Manager. We will run almost the + same call as before so the work will be less than last time. We + will be looking for a candidate that can do a subset of the tasks + in the call. As we were told multiple times that "Community + Manager" was not describing the job well, we are also looking for + a better term but so far no one found one that would feel right. + + - Amend the NLnet proposal to include GNU Boot work as well to + solve our dilemma. + +Medium term plans: +------------------ + - Find a way to get a build server. A KGPE-D16 would be a good + idea. The FSF can probably buy it and host it for us. + + - Work on the PinePhone (and on GNU Boot as well). + +Long term plans: +---------------- + +While discussing with NLnet we were also told that it might be useful +to collaborate more with DivestOS as part of our goals are +similar. So we will need to evaluate again if there is enough +proximity in our code to collaborate. + +In the past people from DivestOS were really helpful as they found +nonfree software inside Replicant and reported it to us. + +Apart from that we don't have long term plans yet. Once we have a +Replicant release that supports the PinePhone, we will need to decide +where to go next. + +For instance we could support more devices, reduce the amount of work +for adding support for newer Android versions, reduce the differences +between GNU/Linux and Android, or simply keep Replicant up to date by +supporting more recent Android versions with minimal work. + +Right now we also didn't spend much of the Replicant money and beside +paying for a "Community Manager" we don't have precise plans yet. + +We have about $200 000 and so far we relied on funding from NLnet to +bring Replicant back on track as it was easier not to mess up this +way. + +Money goes away fast and spending it all in the wrong direction would +prevent Replicant from using it to become more sustainable. Very few +projects have an opportunity to use money to grow or achieve more. + +Instead most of the ones that want to grow and become (bigger) +non-profits are stuck in a chicken and egg issue as they need more +money (that they don't have) to achieve more, which in turn leads +to a greater need for donations. + +As such, getting the project back on track before even starting to +evaluate how to use the money to do big changes to the project seems +a good idea, as many projects were destroyed after getting too +much money and failing to properly use it. + +Other advices for medium/long term: +----------------------------------- + +- One person also told us that businesses have interesting + methodologies like "tracer bullets" in Agile methodology, or + "Business model canvas" or some emotional approaches to tasks that + might be worth looking at as they can work for non-commercial + projects as well and can be adapted to a wide variety of cases. + +- One of the people we talked to insisted on the importance of + finding a good team and finding ways to divide tasks between + people. For that person it was also important to find people that + could work well together and that agreed on the same goal (to + avoid infightings). + +- We could also delegate more sysadmin work to the FSF: It would + require less time from our side without compromising on freedom and + with minimal extra work for the FSF sysadmins if we don't require + custom things. + +- We were also warned that delegating tasks among ourselves still + require time to organize. According to that person, in many cases + if a person delegates a task, only 50% of the time is saved. + +Other area of work: +=================== + +Android SDK: +------------ + +The main advantage of Replicant over other GNU/Linux distributions +certified by the FSF is that it can run Android applications, but that +is only relevant if there are 100% free software Android applications. + +Somewhat recently we found out that it was no longer possible to know +if Android applications shipped by F-Droid are really free, as F-Droid +now uses the nonfree Google SDK to build the applications. As such we +don't know if they build with another SDK on FSF certified GNU/Linux +distributions. We want to help fix that to make sure the solution +really suits our needs. + +If there were fully free drop-in replacement SDKs that also build on +a 100% free distributions, that issue could be fixed for both F-Droid +and Replicant. F-Droid may have further requirements as they probably +have higher security demands than Replicant. For instance, they +probably won't like to depend on the (free software) binaries shipped +in the SDK source code that are used to build it, and would rather +build everything from source. + +In the times of Replicant 4.2 (based on Android 4.2) Replicant +produced its own SDK. After that several GNU/Linux distributions +(Debian and some Debian derivatives) started shipping a fully free SDK +for Android 6.0 so Replicant stopped producing newer SDKs. + +Nowadays Debian and PureOS still package an Android 6.0 SDK but don't +support more recent versions of Android. They also don't support the +NDK that supports languages like C. F-Droid probably used these SDKs +for a while, specially because they are completely built from source +from well known distribution(s), but many Android applications don't +build anymore with these old SDKs. + +After that, free SDKs for various Android versions started being +released at https://android-rebuilds.beuc.net, but the main author of +this work at some point moved on. + +After that several people tried to continue that work somehow and +published source code that can build SDKs but none published the SDK +binaries. + +In the GNU 40 conference in Switzerland, the current Replicant +maintainer met the person behind SDK rebuilds (beuc.net) and also +someone interested in giving resources (like server space) to build an +SDK. + +In the 37C3 we met additional people: + +- Starfish, that wrote potentially 100% free Android applications and + that also publishes source code to build a free Android SDK. His + applications build with this free SDK. + + Starfish doesn't publish binaries in order to avoid dealing with + license compliance in case something is wrong in the SDK binaries. + Replicant is happy to do that. + + Starfish can also accept contributions and bug reports for + supporting FSF certified GNU/Linux distributions and for removing + nonfree software from the SDK if any if found. + + As a bonus we also reviewed the applications that Starfish wrote + so if the SDK works on 100% free distributions we'll also have 100% + free applications to promote to people without any freedom caveats. + +- Another person (wizzard) jumped in to automatize the builds, making + them run unattended on each new release. + +So thanks to all these people everything is now in motion to get the +SDK problem fixed once for good and in a better way than before: one +that makes sure people can actually build Android applications with +100% free software. + +Conferences: +============ + +At the 37C3 we managed to understand Replicant issues and a way +forward probably because we started discussing the project issues in +advance, which allowed just enough understanding to be able to ask for +help. If we didn't do that we probably would not have managed to get +help that is that useful. + +37C3 talks and interesting people: +---------------------------------- + +While we (GNUtoo, dllud, and the people that helped us) did a lot at +the congress (and even too much since we missed our own lightning +talk due to too much cognitive load) at the end we managed to +achieve the most important goal: finding a path forward for Replicant. + +Alongside our main goal of putting the project back on track, we +found time to host a variety of talks and events: + +- We had an [official Replicant + assembly](https://events.ccc.de/congress/2023/hub/en/assembly/replicant/) + where people could meet us. + +- We did [a presentation named Smartphones freedom status in + 2023](https://events.ccc.de/congress/2023/hub/en/event/smartphones-freedom-status-in-2023/) + which looked at smartphone hardware and operating systems available + in 2023. It wasn't recorded. The slides are available as + [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Smartphones_freedom_status_2023.pdf) + and [source + code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Smartphones_freedom_status_2023?id=628319ae80491328b85958159e4511156fe20bc9). + + At the end of the presentation, after the questions, we also got + some feedback: + + - We were told that there are more applications for GNU/Linux that + work on smartphones than what we assumed. They are referenced in + https://linuxphoneapps.org and they also list applications + available in [PureOS landing](https://linuxphoneapps.org/packaged-in/pureos-landing/) + (a rolling release version of PureOS) and + [Guix](https://linuxphoneapps.org/packaged-in/gnuguix/). Still + they probably have less applications available than on F-Droid but + things are progressing in the right direction. + +- We also did a talk [presenting the Replicant as part of the Critical Decentralization Cluster](https://events.ccc.de/congress/2023/hub/en/event/cdc-critical-decentralization-cluster-cluster-reco/). + Unfortunately it wasn't recorded due to a technical issue, but we + [re-did it again the day after on a longer format](https://events.ccc.de/congress/2023/hub/en/event/introduction-to-replicant/). + The slides [source code](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_introduction?id=628319ae80491328b85958159e4511156fe20bc9) + and [PDF](https://ftp2.osuosl.org/pub/replicant/conferences/37c3/Replicant_introduction.pdf) + are available. + +- We did a [presentation on the status of Replicant](https://events.ccc.de/congress/2023/hub/en/event/replicant-struggle-past-and-present-successes-and-/). + It wasn't recorded so if you want to know what was said, [the slides are available](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.pdf?id=628319ae80491328b85958159e4511156fe20bc9), + but you also need to read the [presentation.txt](https://git.replicant.us/contrib/GNUtoo/documentation/presentations/tree/37c3/Replicant_struggle/presentation.txt?id=628319ae80491328b85958159e4511156fe20bc9) + to understand it. + +- As a follow up to the presentation on the status of Replicant, we + also had [a meetup on the last day](https://events.ccc.de/congress/2023/hub/en/event/replicant-meetup/) + where we had discussions with the people attending the talk. + +- We met someone repurposing smartphones who told us that on some + Samsung smartphones/tablets, erasing the PARAM partition (with + dd if=/dev/zero) sometimes removes restrictions that prevent + the phone from booting custom distributions. + +- Among those helping us, there was someone interested in using + Replicant for education. The most problematic issue found is + that the current requirements to work on Replicant are too + much for students. Supporting single board computers or emulators + would be a first step to help here. In general this would help + finding new contributors. + +OFFDEM / FOSDEM 2024: +--------------------- + +The main maintainer of Replicant had already planned to go to an event +of [OFFDEM](https://oxygen.offdem.net/pub/offdem-ourstory) (an +alternative conference to FOSDEM) on Friday night, and also to FOSDEM +2024 on Saturday and Sunday. Train tickets were already bought before +Replicant took the decision to go to the 37C3, so he kept the plan. + +As expected it was not as useful as the 37C3 for Replicant (it was way +more useful for GNU Boot) but still some interesting things happened: + +- He met Hans-Christoph Steiner from F-Droid and explained the status + on having a fully free Android SDK. He detailed our work to provide + binaries by setting up an automated build system that reuses + [the maintained scripts to build the SDK](https://codeberg.org/Starfish/SDK-Rebuilds) + and that runs on a FSF certified distribution (Trisquel) to make + this solution also work for Replicant. + +- He was introduced to people working on CalyxOS by Michiel from + NLnet. + + Before that he thought that CalyxOS was deeply problematic because + even if on paper CalyxOS had the same freedoms as LineageOS, its + security system removed users control of the devices (users don't + have root, etc) and didn't have access to their data. + + But in reality CalyxOS [uses SeedVault](https://calyxinstitute.org/projects/seedvault-encrypted-backup-for-android), + a backup application that enables users to backup their data and + restore it on any other distribution that may not have the same + security model. SeedVault is also used by most Android distributions. + It is therefore a good idea to see how it can be integrated into + Replicant, as it seems to be made with user's empowerment in mind. It can + backup data (encrypted) to an USB key, so users don't need a server or + external services. + + In addition he was told by a CalyxOS contributor that it is + relatively simple for users to build CalyxOS with their own keys, + and so be in full control of the device. + + He was also told that newer Android versions don't need [F-Droid + privilege extension](https://gitlab.com/fdroid/privileged-extension) + anymore due to the inclusion of an API for stores inside recent + Android versions (thanks to some European regulations). + +- He met someone who is working on understanding the European + regulations that aim to standardize digital identity + papers and the way to store it. He already met that person at the + 37C3 but this time there was more understanding and more time to + discuss the issue more in depth. The regulation has requirements for + smartphones so it will most likely affect smartphones distributions + that use free software drivers (like Replicant, various GNU/Linux + distributions, etc.). If done wrong, it would prevent free + software users from storing their identity papers in their + smartphones with free software (for instance because it could be + stored "securely" in areas of the phone inaccessible to users and + free software). One of the issue is that this person looks for help + to understand the technical parts, and also for some associations to + help in the fight to modify the laws to fit free software. Since + Replicant has very little time to look at this now, he referred her + to the Osmocom project that already analyzes somewhat similar + designs like eSIM. + +- He also met with Tiberiu from Technoethical, a shop that sells FSF + certified hardware and Replicant compatible smartphones (that aren't + certified by the FSF due to nonfree bootloaders and other + issues). Technoethical will be affected negatively by Replicant's + switch to the PinePhone. + +- The main maintainer of Replicant also met with Paul + Kocialkowski. Before that meeting he thought that on GNU/Linux the + [eg25-manager program](https://gitlab.com/mobian1/eg25-manager) for + the PinePhone only did simple things like setting up udev rules and + had simple hacks to make the modem work fine. He thought that + all stability issues were to be handled by Modem Manager. + However the EC 25 Manager may also be monitoring the modem + and restarting it when it crashes. This could explain modem + stability issues with Android/GloDroid on PinePhones with 3GiB of + RAM. The fix may be to port/reimplement that feature to make this + model usable. |