
Experiments with Matrix for the Purism Librem5, Starring Ubports and Nheko - rippsu
https://matrix.org/blog/2017/09/28/experiments-with-matrix-on-the-purism-librem5-starring-ubports-and-nheko/
======
ThatGeoGuy
Congrats to the Matrix team (mostly Matthew/Arathorn?) for this! This is a
really cool proof of concept for making a native mobile client for Linux. One
question, though: my understanding was that some of the work needed to use
megolm/olm correctly and securely was in matrix-js-sdk (unless I read the
audit wrong). That said, how much work would need to be done to current Qt/GTK
SDKs to replicate this (I assume it's mostly key management stuff), and how
would the team keep this in sync with any changes made to the JS SDK in the
future? Alternatively, am I misunderstanding something fundamental?

I've already backed Purism's Librem 5 campaign, and I think everyone else
should too, if they care about a fully free handset. It can be found at
[https://puri.sm/shop/librem-5/](https://puri.sm/shop/librem-5/) if you were
looking for it.

~~~
Arathorn
At the moment about 60% of the code required to do e2e encryption is in the
main SDK layer (as it has to hook into all of the Matrix API stuff, client
UI/UX and local storage), and 40% in libolm. This isn’t great as it makes
porting the app code between platforms more work than it could be and risks
bugs - but we have already ported it to ios and android, and kitsune is
working at porting to libqmatrixclient and penguin42 is porting it to glib for
use in libpurple. In future we’ll try to push more of this down into
crossplatform library on top of libolm (libolmmatrix?) which can then have a
slightly hairy API to call back to the main SDK to do HTTP and storage
operations etc - but for now we’re trying to get it out of beta in the current
architecture before we then go and refactor it all.

So: in an practice a native Librem client would use libqmatrixclient or
something similar, with the application layer E2E functionality handled by
that library - but in future that could be factored out to simplify life for
everyone.

Another approach could be to use a sidecar process to proxy the traffic and
offload all the E2E stuff (which we need for a shim for simple clients anyway
- even curl etc). But nobody has yet stepped up to build this, plus
integrating with UI is a bit of a pain (local popup notifs + local web
interfade for key management?). It would be a superfun project for someone
wanting to play with E2E though!

~~~
ThatGeoGuy
Thanks for the response. Seems like there's a lot of work to be done on
refactoring, but I can appreciate that E2E stuff is still in beta.

As for that last remark, perhaps it's a good GSoC proposal?

------
teddyh
Too bad that the Purism Libre5 won’t qualify for FSF’s RYF¹ certification².
I’m sorry, I really don’t mean to come off as snarkily dismissive as this
might appear. Let me try again.

This project certainly seems to _try_ to do their very best, and what they
have achieved might be all that’s possible to achieve at the present time. I
just wanted to, as politely as I might, note that there _are_ those of us for
this is a dealbreaker, and that we will rather go without than get the current
good-enough product. (If there were none of us, there would be no commercial
incentive for any company to keep improving in the right direction.)

I really don’t mean to dismiss anyone’s effort; honestly.

1\. [https://www.fsf.org/ryf](https://www.fsf.org/ryf)

2\. [https://puri.sm/shop/librem-5/](https://puri.sm/shop/librem-5/)

~~~
Etzos
Considering how they phrased it and the fact that no phone has the FSF's RYF
certification I would tend to think it's because it's currently impossible.

That they took the time to add a note about RYF certification and that they
will continue to keep the FSF up to date on this shows that they do care about
this. I honestly don't think there's any more you could ask of them.

~~~
teddyh
> _it 's currently impossible._ […] _I honestly don 't think there's any more
> you could ask of them._

I don’t dispute that. I have no ill will towards them. I just, you know, won’t
actually be buying the phone until one exists which _is_ RYF-certified. I just
felt it important that someone pointed this out – while surely their _effort_
towards RYF compliance counts for much, it won’t get me all the way towards
actually buying it. I’ll wish them all the luck in actually achieving it, but
I (at least) won’t be buying anything until they actually _get there_.

~~~
Etzos
I suppose I can understand this reasoning a bit, but it seems a little counter
intuitive to me. There is literally no alternative. And without efforts like
this it's unlikely there would ever be something that is RYF compliant.
Accomplishing something like RYF certification requires work, money, and
someone willing to try to accomplish it. There is someone that is willing to
invest work to at least attempt to accomplish it, but they need money. Why not
support them in their quest for this?

~~~
teddyh
Suppose that I’m a vegetarian, but I really like sausage (maybe I acquired the
taste before becoming vegetarian), but there are, for some reason, no makers
of vegetarian sausages. Should I then accept whatever sausage _is_ available
which has the least amount of meat in it? Of course not; I’ll simply go
without sausage.

Even if a sausage maker came along and tried to attract the vegetarian buyers
with a new kind of sausage which had no meat in it, just a little bit of
gelatin in it. They say they can’t currently make vegetarian sausage without
any gelatin in it, but they’re working on it. Should I “support” them and buy
the sausage with gelatin in it anyway? Of course not; I’m a _vegetarian_ ;
gelatin means it’s off the table.

(I’m not necessarily really a vegetarian, of course; it’s just an analogy.)

~~~
Etzos
I don't think that analogy is a fair comparison to make because it doesn't
fairly portray that Purism doesn't have a choice in this. It is the upstream
manufacturers who control this area, and they will have no reason at all to
make something which is RYF approved unless someone big enough is pushing for
it.

So to make this comparison more apt, it's more like a sausage maker who is
focused on making vegetarian sausage. Now, it just so happens that they'd also
_love_ to make these sausages vegan sausages, but the suppliers of the
contents of the sausage just don't make a "meat" which is vegan because
literally no one with any power has asked for it before. If no one buys their
sausages there is literally no chance of a vegan sausage being produced
because there is just no reason for it.

Even that isn't really an apt comparison because it doesn't correctly portray
the ubiquity of cell phones. I guess instead of a sausage maker it would be
something more like "a producer of food", where there is literally no vegan
food anywhere. So what I don't understand in all this is why someone who wants
an RYF certified cell phone would choose not to support the one group even
attempting such a thing. You don't even need to eat the sausage or use the
phone in this case either, they just need the support.

------
ZenoArrow
I really hope the Librem 5 meets its target (I'm a backer). I'd also hope that
the fundraising deadline could be extended if it only needs a few more days to
complete. Having a FLOSS phone platform, especially with a strong
communication platform like Matrix at its core, is something that should
ultimately do a lot of good for the continued growth of open source/free
software.

~~~
sexydefinesher
if they keep going at their current pace they will most likely make it.

~~~
ZenoArrow
$821,660 / 35 days = $23,476 a day (on average)

$23,476 * 25 days = $586,900

$821,660 + $586,900 = $1,408,560

Fundraising campaigns are rarely linear and often see an upsurge at the end,
but it's still clear that the fundraising trajectory is slightly behind the
$1,500,000 target at the moment.

------
jjrh
It's awesome to see they are so gung ho to get work started. Here's hoping the
librem gets funded and things get on track on the hardware side.

------
wink
> TL;DR: If you love FOSS-friendly hardware and if you love Matrix, please
> preorder a Purism Librem5 Matrix-native smartphone, so we can fully bring
> native Matrix communication to both phones and desktop!

Something about this header rubs me the wrong way. This is not "hey, throw us
10 bucks because $reason" (The Librem 5 seems to be 599$ and it's not from a
company I moderately trust to ship a good product, on time)

Call me cheap, but I've never bought a smart phone for more than 300 EUR, and
they've all worked fine at the time (HTC Click, HTC Vision, (ok, the Kingzone
wasn't great) and Nexus 5X (still 100% fine with it, right now).

------
creatonez
I am very excited for this. I will buy a free software phone with Matrix as a
first-class citizen in a heartbeat. Matrix and Purism seem to be putting a lot
of effort into paving the way for truly free phones.

------
Arathorn
(author here: i’m waiting for someone to tell me how installing qt5.9 on
ubports is actually a oneliner if you know what you’re doing... :D)

~~~
rippsu
installing qt5.9 on ubports is actually a oneliner if you know what you’re
doing

~~~
Arathorn
:D

