zlacker

Was there ever? And is the situation improving or worsening?

I am alright with things that allow for improvement, at least in theory

replies(3): >>cousco+V2 >>bornfr+74 >>lrvick+lI

>>rtpg+(OP)
Anyways, we as informed consumers are hopefully all agreeing on striving for an open mobile OS and open hardware. For those of us, who consider themselves democratic, that is even an imperative.

>>rtpg+(OP)
Not sure what the situation is with Librem, Pine and Joola/SailfishOS, maybe those qualify?

replies(2): >>A4ET8a+1J >>strcat+la1

>>rtpg+(OP)
Replicant was the last time we had fully open Android devices. We have regressed.

replies(1): >>strcat+8a1

>>bornfr+74
I tried librem and pine a year or so ago. As long as it is basic phone use ( phone, text ), it is ok for daily use. That said, the experience is nowhere near ok experience in terms of speed or responsiveness, when compared to most basic android phones. I do not know if that changed since, but librem left a bad taste in my mouth based on how they seem to operate. Pine, by comparison, was a lot more honest about its limitations.

>>lrvick+lI
All of those were closed source hardware with tons of closed source firmware. Not shipping firmware updates doesn't mean the firmware doesn't exist. There aren't open source devices in general. It's not specific to smartphones.

replies(1): >>lrvick+Ve1

>>bornfr+74
The Librem 5 and Pinephone are closed source hardware with closed source firmware. It's a misconception that they're open source. They have open source drivers, not hardware and firmware.

SailfishOS is not open source itself. It's far less open source than Android which has the Android Open Source Project with the whole base OS.

replies(3): >>lrvick+ig1 >>mixmas+8u1 >>Daviey+Hn2

>>strcat+8a1
The entire point of Replicant was replacing all mutable closed software, firmware, and blobs with open alternatives and they did to a large degree succeed at that isolated goal.

Sadly this was, to your usual points, at the major expense of security making those devices purely research projects at best and not something anyone should ever actually use.

When you are stuck on a platform that requires closed firmware you are kind of stuck blindly accepting updates from the vendor to patch security bugs, stuck hoping they are not actually introducing new backdoors.

This is why I reject platforms that require closed firmware in the first place to the fullest extent I can.

replies(1): >>strcat+CU3

>>strcat+la1
Open source drivers is a big step forward we must not discount, creating a separation between hardware trust and OS trust.

That said, to your point, both are misrepresented as fully open frequently which is just not true, and obscures efforts by teams that are working on fully open hardware solutions the hard way.

replies(1): >>strcat+oE2

>>strcat+la1
Purism uses U-Boot on the Librem5 and modified coreboot (in other places) I believe.

https://docs.u-boot.org/en/latest/board/purism/librem5.html

replies(1): >>strcat+KC2

>>strcat+la1
AOSP is coming to an end...

https://old.reddit.com/r/StallmanWasRight/comments/1l8rhon/a...

>>44254540

replies(1): >>strcat+mC2

>>Daviey+Hn2
No, someone took an out-of-context screenshot of information conveyed by the GrapheneOS account and misrepresented it. We were describing what a source we described as unreliable told us based on what they said was a leak from Google. You can see we didn't say what was claimed but rather were describing information from a source ("they said", "according to the source"). It was fully clear in the context the screenshot was taken that this was someone's speculation to us based on a leak and that we didn't consider it reliable information. Part of it turned out to be correct so we shared the information to discuss it.

Following this, we posted multiple threads correcting inaccurate claims about what we had said about this and made it clear GrapheneOS was continuing. GrapheneOS was fully ported to Android 16 before the end of June, which took longer than usual due to the changes but was still completed.

>>mixmas+8u1
This doesn't mean it's open hardware or that it has open firmware. It has a closed source SoC and many other closed source components. Those components are closed source hardware with closed source firmware.

Snapdragon uses a fork of the open source EDK2 as their bootloader prior to the OS and publishes the source code. It doesn't mean Snapdragon is open source.

Most of the firmware has nothing to do with the boot chain leading up to the OS on the SoC.

replies(1): >>mixmas+UK3

>>lrvick+ig1
> creating a separation between hardware trust and OS trust

Typical Android devices have fully open source kernel drivers. There are usually dozens of closed source libraries in userspace such as the well known Mali GPU driver library. Closed source libraries can still be reviewed. Open source doesn't make something secure and trustworthy. It also isn't a hard requirement to review a library. Auditing a low-level C library doesn't imply finding all the vulnerabilities, particularly something hidden. Widely used open source code still has many vulnerabilities lasting for long periods of time after many people have reviewed it. It does not solve security or trust.

> That said, to your point, both are misrepresented as fully open frequently which is just not true, and obscures efforts by teams that are working on fully open hardware solutions the hard way.

A closed source SoC with open source hardware built around it and other closed source components including radios is not a fully open source computer either.

>>strcat+KC2
That’s standard at a low level I believe. There are almost no open choices way down there, especially with modems.

Looks like they are doing what a small company is able to do.

>>lrvick+Ve1
> The entire point of Replicant was replacing all mutable closed software, firmware, and blobs with open alternatives and they did to a large degree succeed at that isolated goal.

They did not replace firmware with open alternatives. Not updating firmware is not replacing it.

> Sadly this was, to your usual points, at the major expense of security making those devices purely research projects at best and not something anyone should ever actually use.

They steer people to devices with severe unpatched firmware vulnerabilities and an enormous number of severe unpatched software vulnerabilities in the case of Replicant. This is covered up and people are misled about it. These projects claiming to be focused on avoiding backdoors are in fact deliberately backdoored through not patching known vulnerabilities for ideological reasons.

> When you are stuck on a platform that requires closed firmware you are kind of stuck blindly accepting updates from the vendor to patch security bugs, stuck hoping they are not actually introducing new backdoors.

You still trust the developers of open source software and firmware. Open source doesn't result in all vulnerabilities being found, including intentional ones. It's not even close to providing it.

> This is why I reject platforms that require closed firmware in the first place to the fullest extent I can.

The platforms you're describing as having fully open firmware still have closed source firmware.