Coliberator 2016: keynotes and workshops

Replicant will take part in Coliberator, the free software conference organized by Fundația Ceata in Bucharest, Romania on June 4-5 2016. Fundația Ceata is the Romanian foundation for Free Software and Free Culture, that proposed to host both a keynote and a workshop about Replicant at Coliberator this year. The keynote will be a great opportunity to learn about freedom and privacy/security in mobile devices. The Replicant workshop will showcase devices running Replicant and will be the occasion to get help installing Replicant, verify the project’s release key or just come by and have a chat! The Tehnoetic team will also take part in the workshop, with Replicant devices available for sale and more!

Scheduling details are still being worked out by the organization team and will be available soon. Either way, note that a GNU Libreboot keynote and workshop will be held as well during Coliberator. This year’s edition of the conference will thus highlight freedom at the lower levels in various ways! Note that Coliberator is organized by the Ceata team from small individual donations, so any contribution to fund the conference is welcome!

As usual, we are looking forward to meeting you there!

Replicant at FOSDEM 2016

Just like previous years, Replicant will be at FOSDEM, during the last weekend of January in Brussels, Belgium.

A lightning talk about the road to liberating software at the lower levels will be given at 18:40 on Saturday, in room H.2215 (Ferrer). This talk will be broader than the scope of Replicant. It will detail how liberating the software running at the lower levels can prove to be quite challenging. Those considerations will be made not only regarding the main processor, but also regarding controllers, peripherals and auxiliary processors.

As usual, there will also be plenty of other interesting things to see and nice people to meet!

This year, devices from Tehnoetic with Replicant preinstalled will be available for sale on the FSFE booth, as well as other Replicant goodies, such as 3D-printed keychains! Remember that part of the sales will go to Replicant.

We will also organize an informal Replicant developer meeting at some point during the event, so people interested in contributing to the project are welcome to join in!

In addition, note that Richard M. Stallman, launcher of the GNU project and founder of the Free Software Foundation, will be giving a talk about Free/Libre/Vrije Software: The Goal and the Path on Friday evening (the day before FOSDEM), at Brussels Campus Etterbeek, VUB.

Shops selling devices pre-installed with Replicant

A few months ago, we were contacted to discuss the endorsement of an online shop selling mobile devices pre-installed with Replicant: Qibre Computer Hardware. While we’re very happy to see such initiatives being developed, we asked for some conditions to be met before endorsing the shop, especially conditions that have to do with informing final users:

  • Users should not be mislead into believing that the devices are fine for freedom and privacy/security. There are plenty of issues remaining, that are explained in general on the Freedom and privacy/security issues page of the website and in greater details on each device’s wiki page (when documented). Those are out of the scope of free software support in Replicant, but it is crucial to mention them when selling a full device. Linking to these resources is a fine way to ensure that customers have access to that information.
  • The devices should ship with the official version of Replicant, not a version that was built from source and signed with different keys. However, it is fine to pre-install free applications originating from F-Droid on top of the system, as long as users are made aware of it.

Qibre has now stopped its activity until further notice.

A few weeks ago, Tehnoetic started selling devices pre-installed with Replicant and was featured on the FSF’s Ethical Tech Giving Guide and FSFE’s Free Your Android campaign. At this point, the following devices can be bought pre-installed with Replicant from Tehnoetic:

Tehnoetic donates a part of the phone sales profits to Replicant and F-Droid projects. In December, Tehnoetic donated Replicant $101 USD.

Thus, buying devices actually helps Replicant move forward! Buying from these shops rather than third-party resellers also helps them secure money to get stocks of Replicant-supported devices in large quantities, so that it remains possible to buy them for a long time!

Upcoming events for Replicant in October/November 2015

Even though development on Replicant is still moving forward at a pretty slow pace, we believe it is crucial to spread the word about the project in order to encourage more people to get involved but also to teach people about the underlying problems for freedom and privacy/security on mobile devices.

During the next two months, Replicant will take part in various free software conferences and events in France. A talk about Replicant, freedom and privacy/security will be given at each event, sometimes with a workshop or some form of public discussion, such as participation in a round table.

Starting next week-end, Replicant will be at the following events:

Those talks will be opened by Benjamin Bayart, iconic figure in the French free software community and long time activist for electronic liberties and net neutrality.

We hope to see as many of you as possible, to help spread the word about Replicant, freedom and privacy/security on mobile devices! As usual, each event will be an occasion to verify the Replicant release key and get some help installing the system on your device! Donations are also welcome, as they make it possible for me to attend such events at all.

See you soon!

November update: Due to the recent attacks in Paris, Capitole du Libre was canceled and Bazar du Libre is taking place in Toulouse on November 21-22. The talk about Replicant was rescheduled in Mix’art Myrys, room 2 at 3:00 pm.

Replicant 4.2 0004 images release

Even though things are moving slowly at Replicant, we figured it was time to release another batch of Replicant 4.2 images. This release doesn’t add support for any new device, but has a focus on security instead, thanks to an active member of the community: Moritz (also known as My Self on the forums). For months, Moritz has been evaluating whether Replicant is affected by various vulnerabilities, retrofitting patches to close those vulnerabilities and submitting these for inclusion in Replicant. Thanks to his great work, this release includes fixes for security issues such as the Stagefright vulnerability or the Installer Hijacking vulnerability.

Since the previous release, all the Replicant-specific source code was moved over to git.replicant.us, that is gracefully hosted by the FSF. We are planning on moving all the Replicant source code over to that new server, so that we don’t have to rely on third parties such as CyanogenMod and AOSP to provide the full source code for Replicant. In the meantime, we have started tagging the commits used for each release and signing those tags with the Replicant release key, so that it’s possible to reliably retrieve the source code for a given Replicant release. Those tags are also combined in the release metadata’s git-tags.

For a complete list of changes, you can take a look at the changelog. Installation instructions are available for each device, as well as build guides.

You’re welcome to join-in and contribute code to Replicant! Resources to get started on development are available on the wiki, as well as a list of tasks to improve Replicant.

Replicant and friends at Chaos Communication Camp 2015

As advertised in the previous blog post, I’ll be at CCCamp 2015 to talk about Replicant (as well as other things that I’m working on, like porting Libreboot to the C201 Chromebook), starting tomorrow.

Formally, I’ll be giving a 45 minute long talk at the Neo village tent on Sunday, about Replicant, software freedom and privacy/security on mobile devices. In addition, I have asked to give a lightning talk to highlight the necessity to have more developers involved in Replicant on Saturday at 17:05. The project is still mostly a one-man-effort and this situation cannot ensure the growth the project deserves.

People from the Neo900 project will organize the Neo village, where I’ll have my tent at, next to Osmocom. As usual, you’re welcome to come and say hi (and possibly verify the Replicant release public key as well)! I may just as well hang around the Quadrature village, where they have a nice tea house set up!

Neo900 folks also plan on giving presentations, starting with a lightning talk about Neo900 on Friday and a full talk about the project on Saturday, at the BER village.

See you there! By the way, my GSM network at camp is 5198, feel free to send me a message if you require my presence!

Update: The talks have been added to the Conferences wiki page. Unfortunately, the longer talk on Sunday had to be interrupted because of the lightning storm and couldn’t be resumed later. The slides are however available and hold the main elements of the talk.

RMLL feedback, Optimus Black advancement and CCCamp

Two weeks ago, I took part in RMLL as advertised on the Replicant blog shortly before the event. This year again, it was a really nice event to be a part of. Lots of people showed interest for Replicant and some even came specifically to see my talks about the project: what a pleasant surprise! The videos of my talks are already available on the RMLL website and they were also added to the Conferences page of the Replicant wiki.

Back from the event, the development effort was focused on cleaning up the bits and pieces laying around for Optimus Black support in U-Boot, now that the merge window is open. A patch series was sent for review earlier today and despite being incomplete as of now, it will serve as a solid base for future additions. Some more work is indeed required to have all the necessary features supported, but those patches will be written in a non-upstreamable way for Replicant at first. The current status of those dirty patches allows booting CyanogenMod without too much trouble, except for the occasional random reboot and other oddities that still have to be sorted out before it can seriously be used for daily use.

Thus, with basic bootloader support out of the way, it’s time to start the Replicant port to the device. Communication with the modem will require some heavy work on Hayes-RIL, our implementation of the AT protocol radio interface layer, that is supposed to be more modern and robust than other implementations. Other fundamental parts required to have Replicant running with sufficient features to make the device useful should be less trouble.

In a month or so, the Chaos Communication Camp will take place in Germany, organized by the almost mythical Chaos Computer Club. Replicant is going to take part in the event, hopefully with a lightning talk and/or less formal self-organized events. The camp will be a great occasion to chat a bit about the current state of the art of software freedom on mobile devices, and more! Various other interesting projects will be there as well: members of the Neo900 project will hold the Neo village, where I’ll be likely to be found. As usual, I’ll also be available to verify the Replicant release key fingerprint, help newcomers install Replicant on their device and basically anything else that I can help with!

Replicant source code hosting and RMLL 2015

As mentioned a few months ago, Gitorious is closing down and even though the Replicant project page can still be reached there, cloning the repositories has been broken for some time. After thoroughly evaluating all the hosting possibilities for Replicant (thanks to the many suggestions from the community!), we have finally reached a decision. We didn’t want to be affiliated with a hosting provider that doesn’t match Replicant’s core values, that are all about software freedom. In addition, it seemed better not to be hosted by a third party, to ensure the security of the source code. These criteria left us with very little choice available, but thankfully, we were able to comply with them, as the Replicant source code is now hosted by the Free Software Foundaton, at git.replicant.us!

We are very thankful to the FSF for providing us with that solution and the hardware required for our needs (the Replicant source code is very large). Eventually, we will move all the Replicant source there, as opposed to only the parts of CyanogenMod and AOSP that we modified, so that we don’t have to rely on any third party at all.

With all those discussions going on, I almost forgot to mention that I will be taking part in RMLL/LSM again this summer. The event takes place in Beauvais, France (near Paris) from July 6th to 10th (sorry for the short notice). I will be presenting two talks there, one about the overall state of the Replicant project, in French, and one about liberating mobile devices from the ground up, in English. In addition, I will be taking part in a workshop on free embedded devices in room 219, were I will show a few embedded devices running free software.

As usual, everyone is welcome to come, say hi and have a nice chat. It’s also possible to verify the Replicant release GPG key in person to trust the verification of our images releases. And of course, I’ll be available to help install Replicant on supported devices!

What’s happening (or not) at Replicant

Two months ago, I (Paul Kocialkowski) gave a talk about reached milestones and ongoing development on Replicant at FOSDEM, one of the biggest yearly European gatherings of free software developers. I was thrilled to meet people interested in Replicant there and pleased to chat with many other free software developers, working on various fields. As usual, talks were recorded and most of those recordings are now available on the FOSDEM website, with no exception for the embedded devroom, where I gave my talk and joined an embedded freedom roundtable with Carsten Munk from Jolla and the attendance. A WebM version of the talk is available on the Conferences page of the wiki.

Back from FOSDEM, most of my work was focused on U-Boot (the universal bootloader) for the LG Optimus Black and Sunxi (Allwinner) devices. Things are starting to look good on the LG Optimus Black, which now correctly boots Android without random run-time faults. As usual, things are moving very slowly due to the lack of time. The next step there will be to submit the first batch of LG Optimus Black support for inclusion in upstream U-Boot.

The Replicant code itself hasn’t changed much in the past months, since I am focusing on bootloaders development at this point. In addition, Gitorious is now closing down and while we have all the source code uploaded there backed up, we’re looking for an alternative solution that doesn’t compromise on the core values behind Replicant and offers significant guarantees. Because of this situation, nothing is to be committed to the repositories before they are moved to a new location, that we are yet to find.
However, some security updates were kindly submitted by the community and those will be reviewed and integrated as soon as everything is back up and running.

So hopefully, things will start moving faster in a bit!

Replicant at FOSDEM 2015

This year’s edition of FOSDEM, one of the major free software conferences in Europe, is just around the corner! Among the various talks that mention the state of free software on embedded devices, I (Paul Kocialkowski) will be presenting a talk entitled “Reached milestones and ongoing development on Replicant” on Sunday afternoon, that will first highlight the various achievements that were accomplished within the Replicant project to handle the numerous devices it supports today, only to explain how the majority of those devices are fatally flawed when it comes to freedom and privacy/security. Thus, the second part of the talk will put the emphasis on the new focus of the development effort, on devices that can take freedom to the next level. In particular, the current status of the Goldelico GTA04, LG Optimus Black (P970) and Allwinner (Sunxi) devices ports will be mentioned in detail, along with a description of the various plans for the work that is left to be done.

FOSDEM is also a great opportunity to meet members of the community, so do not hesitate to say hi if you bump into me in the embedded devroom or around the place! Remember that face-to-face meetings also allow for verifying the Replicant project’s release key‘s fingerprint and creating a chain of trust for verifying the software released by the Replicant project.