GrapheneOSIn order to provide better support for blind users, we maintain a fork of the open source TalkBack app fixing serious issues with it, modernizing it and making the builds reproducible. One of the goals of making our own Setup Wizard has also been integrating TalkBack support.
Google unfortunately doesn't publish the source code for each stable release of TalkBack as they do for Android itself. The open source release of the app lags significantly behind. It also has a bunch of missing and broken features. We plan to gradually improve this situation.
In order to use GrapheneOS, blind users need to successfully install the OS and set up the device to be usable with a screen reader. This is an area we've been thinking about and working on improving for a while. Our new Setup Wizard provides a better base for integrating this.
The first barrier to someone using GrapheneOS without sight is installing the OS. We've done what we can to make our web installer as accessible as possible (https://grapheneos.org/install/web). However, users need to interact with the device's firmware interface which the user can see.
Due to the inaccessible firmware user interface, it's difficult to perform the installation correctly and safety, particularly confirming unlocking and then confirming locking. Confirming the verified boot key matches after installing/locking would require OCR on another device.
The next issue is the Android Open Source Project no longer includes a text-to-speech app. Pico TTS used to be included in AOSP but was not what Google Mobile Services devices use. It was quite primitive, awful to use and AOSP removed it after security issues were found.
We've wanted to include a text-to-speech app and bundle a language pack to have it working out-of-the-box for a long time. We could then add a shortcut for enabling TalkBack in our new Setup Wizard to make things accessible from the start of the post-install setup process.
To provide what we need, the TTS app needs to be built into the OS, enabled and set up to work by default without configuration. It doesn't do any good if you need to connect to a network and download a language pack. It also needs to work Before First Unlock via Direct Boot.
Since it will be enabled by default, security is quite relevant. It shouldn't be a bunch of C++ code without a modern coding style, use of sanitizers, decent tests, etc. It needs to be actively developed and properly maintained. This is why Pico TTS had to be removed from AOSP.
GrapheneOS is intended to be a drop-in replacement for the Android Open Source Project usable by companies to make all kinds of products. Due to this, we avoid non-commercial usage licenses. Lots of the language packs for TTS implementations have non-commercial usage licenses.
We also avoid including GPLv3 code in the base OS since it would add restrictions on how it can be used. We do add new GPLv2 licensed code. This doesn't mean we have issues with using GPLv3 code or making forks of GPLv3 projects, we just don't bundle it within GrapheneOS itself.
Alex L 🕊 🇵🇸GPL is working as intended here. Possible solutions:
1. Companies comply with GPL
2. Companies fund a MIT licensed alternative
@alxlg There are multiple permissively licensed text-to-speech implementations including ones far better than eSpeak NG. We're being attacked because we don't want to bundle eSpeak NG but it's far from the best open source option anyway. The people attacking us have little interest in helping us review and fork one of the options, then integrating it into the OS, and that is why it's not done already. Attacking us only drains our resources and extends the timeline for incorporating this.
Can you stop with this whining? You are getting criticized for making sure your product is parasite-friendly. Criticism, not attacks. And you criticize other people's work a lot.
@alxlg We don't spread fabrications about other projects and their development teams as this highly dishonest post was doing.
We're giving away our work for free to the world to use for any purpose. A company working with us and giving back to the project are hardly parasites. On the other hand, how about people using it who are not only not contributing in any way, not making donations and are actively trying to harm us pushing spin and fabrications about us? What do you call that?
I don't care about these "fabrications", "attacks" etc. I am criticizing you because apparently you have no idea of FOSS dynamics:
Rejecting GPL is parasitic, those companies you are talking about are parasitic and you are making sure they will use your product for parasites.
It doesn't matter that you are a security genius, this is about politics, everyone can have their opinion, even criticize you just like you criticize others all the time.
@alxlg There are many open source projects including FreeBSD and OpenBSD where the GPL is strongly disliked and avoided. They have different views about what freedom means and regard the GPL as significantly less free.
GrapheneOS is not one of those projects. We don't have an issue with the GPL. We simply have a pragmatic approach to licensing. We want to keep GrapheneOS usable by a large number of tech companies avoiding GPLv3. Therefore, we stick to using it only outside the OS itself.
@alxlg We use GPLv2-only licensing for a portion of our own code by choice, to protect it from being used by a GPLv3 project which was taking our work without giving back. We tend to use permissive licenses in general. Our experience has been that people using our code without giving back are not hindered by licensing. GPL has almost never helped us protect against it. There's 1 case where we were able to use GPLv2 to protect ourselves from being leeched off without getting anything usable back.
@alxlg That 1 case involved a GPLv3 licensed taking our MIT licensed code while not allowing us to use their GPLv3 licensed code under a license acceptable to us. Therefore, we switched to GPLv2-only which helpfully forbids GPLv3. We had to use the GPLv2 additional permissions feature to permit 2 licenses incompatible with GPLv2 (Apache 2 and the FreeType License). It has mostly worked fine.
In other cases, people did not care what licenses we use and have simply taken our code without credit.
@alxlg In several cases, people have falsely taken credit for the code we have written. In a couple cases, they've claimed they own the code we've written and that we somehow aren't allowed to use it. GPLv2 termination clause proved valuable for after the fact license enforcement against one of the companies which disregarded our licensing and claimed ownership over our work. The usefulness was cutting them off completely due to past violations. That clause was removed in GPLv3.
@alxlg We did not get anything useful back via the GPLv2, we were just able to block 1 group using our code and making it GPLv3 and permanently severed another company's ability to use part of our code after the fact. Neither of these things got us back anything in return. We would have been better off if copyright didn't exist where neither situation would have been a problem for us in the first place.