LWN.net Weekly Edition for June 9, 2005

A tale of two distributions

If the net seems slow over the next week or so, it may well be due to the near-simultaneous releases from two major distributions. The long-awaited release of Debian GNU/Linux 3.1 (also known as "sarge") was announced on June 6. As it happens, Fedora Core 4 was due on the same day, but has been pushed back one week to June 13. This delay was not due to any particular technical problems; instead, it seems, the lawyers were a little slow to sign off on the code name for this release.

A comparison of a few key packages in these two distributions can be instructive:

Package	Debian 3.1	Fedora Core 4
Kernel	2.4.27 2.6.8	2.6.11
GNOME	2.8	2.10
KDE	3.3	3.4
X	XFree86 4.3.0	Xorg 6.8.2
gcc	3.3.5	4.0
postgresql	7.4.7	8.0.2
MySQL	4.0.24/4.1.11a	4.1.11

These numbers will come as little surprise to most; it is in the nature of Debian releases to be slow in coming and mildly obsolete when they arrive, while Fedora releases run closer to the bleeding edge. The two distributions have different goals: Debian seeks to produce a highly stable distribution for its users; Fedora, instead, is a rapidly updated distribution providing current software to users and a real-world test bed for Red Hat.

The table listed above is not entirely fair; many packages in Debian sarge (including important ones, like Firefox) are at or near their current versions. Then, there is this table, which provides a different view:

Package	Debian 3.1	Fedora Core 4
xine-ui	0.99.3	--
monotone	0.18	--
gforge	3.1	--
shorewall	2.2.3	--
GNUStep	3	--
xfce	4.0.5	--

This table could be made much longer, but the point should be clear: few distributions can offer the sheer variety of packages found in Debian. In all fairness, one should note that the Fedora Extras repository fills in some of the gaps on the Fedora side. Fedora Extras works reasonably well, but it remains a "second class citizen" repository without any commitment to future updates or security support. Debian also supports a much wider range of architectures than Fedora.

As these milestones are reached, both distributions are considering where they want to go in the future. On the Debian side, there is a general desire to improve the release process so that the next major release ("etch") comes a little more quickly. There is some planning happening for a painful gcc upgrade and a PostgreSQL transition, among other things. There is a continual low-level rumble on how Debian and derivatives (Ubuntu in particular) should work with each other. The "how many architectures should Debian support?" question still lacks a definitive answer. It also seems, however, that the Debian developers are taking a well-deserved break and deferring much of the "what now?" discussion until Debconf5, happening in mid-July. (As luck would have it, the conference has offered to fly LWN Distributions Page editor Rebecca Sobol to the event, so LWN will have coverage from Debconf5).

On the Fedora side, a deliberate effort was made to start a discussion on what should be in Fedora Core 5. A few goals were suggested: more security features and faster booting, for example. Most of the discussion, however, has centered around a suggestion to increase the length of the development cycle somewhat (to nine months or so). The current six-month cycle allows for a maximum of about two or three months before the stabilization efforts set in, and some developers are finding it difficult to get their changes in within that window. The suggestion has not been particularly well received by the powers that be within Red Hat, however.

In theory, opposition from Red Hat should matter less in the future. At the recently-concluded Red Hat Summit, the company announced that it planned to set Fedora free, and to put it under the control of an independent foundation. There have been no communications from the company on this subject outside of the conference, so details are scarce. Nothing has been said on how this foundation will be formed, funded, or governed. It remains to be seen whether Red Hat is truly willing to give up enough control to allow Fedora to pick its own directions. A truly independent Fedora, however, has the potential to combine a strong base distribution with a larger, more enthusiastic developer community; it could be a force to be reckoned with.

Debian and Fedora are two very different distributions. Debian is a huge, community-driven project with a "when it's ready" release policy. Fedora is, for now, a company-controlled, smaller distribution with scheduled releases. In many ways, however, they appear to be converging. Debian is facing the size issue (by considering which packages and architectures truly belong in the core distribution), release cycles, and, via efforts like Ubuntu, commercial appeal. Fedora, meanwhile, aims for a stronger community orientation and is debating package policies and release cycle issues of its own. Both distributions will remain part of our community for a long time - and we are richer for having both of them. But they are responding to many of the same pressures, so it would not be entirely surprising to see them look more alike in the future.

Comments (15 posted)

A sneak peak at Firefox and Thunderbird 1.1

The Mozilla project recently released alpha builds of Firefox 1.1 and Thunderbird 1.1. In addition to bugfixes and performance enhancements, there are several new features in Firefox and Thunderbird that look interesting. So, what's slated for Firefox 1.1 and Thunderbird 1.1? Let's start by looking at the "Deer Park" alpha build of Firefox 1.1.

Firefox 1.1

Firefox 1.1 is the first major milestone on the way to Firefox 2.0. Firefox 1.5, planned for sometime in 2006, is the second milestone, with 2.0 being the final milestone. Overall, the 1.1 release isn't a radical change from 1.0, but there are some pleasant new features to look forward to, and a few user interface changes as well.

The "Preferences" dialog has been modified quite a bit, which may throw users at first, but the overall layout seems a bit more logical. Some of the finer-grained controls have gone away, which may or may not be seen as a good thing. For example, in Firefox 1.0, users can disable specific JavaScript features such as "Move or resize existing windows," "Hide the status bar," and so forth. Firefox 1.1 gives users the option to enable JavaScript and then the option to "disable common annoyances." Firefox 1.1 also adds a "Tabs" dialog dealing with all of the tab functions in Firefox. The new Preferences dialog, and the new Thunderbird dialog, is very similar in layout to Apple's Safari browser Preferences dialog.

There is a new tool to quickly remove information from Firefox, called "Sanitize." One can choose to clear browsing history, saved form information, download history, cache, cookies and saved passwords with a hotkey or by choosing the "Sanitize" option from the tools menu. Sanitize is configurable, so one can choose to erase download history, cache and browsing history, for example, without erasing saved passwords or cookies. Users also have the option of erasing these items each time Firefox is shut down. This is a very useful option for those who share computers with other family members, roommates and co-workers.

Firefox 1.1 also improves browsing pages in the cache, so browsing forward and backward seems much faster than in Firefox 1.0. Granted, Firefox 1.0 isn't terribly slow, but even a few seconds improves the user experience drastically.

Users will also be able to report "broken" websites using Firefox 1.1. The release includes a "Report a Broken Web Site" wizard which provides the URL, a list of possible problems ("Browser not supported," "Can't log in," "Plugin not showing," and so forth) and a field to describe the problem in full. According to the Privacy Policy page for the feature, the Mozilla team will use this feature to work with webmasters to correct interoperability problems with Firefox. Whether the feature will actually encourage webmasters to fix the problems is another story.

The "Cookies" dialog has changed somewhat. Cookies are now organized in folders by site, and users can search to find the cookies that they're looking for rather than scrolling through the list, which can be handy if one has accumulated a long list of cookies.

Despite its alpha status, we didn't run into any serious glitches, crashes or other nastiness using Firefox 1.1. This writer plans to continue using Firefox 1.1 alpha as his primary browser, since it has proven to be stable (at least over the past three days) and offers some modest improvements over the 1.0 release.

Thunderbird

As with Firefox 1.1, there are no drastic interface changes or radical feature changes slated for Thunderbird 1.1, but there are a number of interesting improvements and new features that will make the upgrade worthwhile.

One spiffy new feature slated for 1.1, and working fine in the alpha release, is the "inline" spelling checker that underlines misspelled words (or words not yet in Thunderbird's dictionary) while you type. Thunderbird 1.0 does have spelling checking, but not as you type. Thunderbird also allows the user to add a word to the dictionary, or ignore it, on the fly by right-clicking on the word.

The Preferences dialog for Thunderbird has also been reworked, and is similar to the new Preferences dialog for Firefox. Users can now get to the "about:config" interface for Thunderbird easily, by going to the "Advanced" tab and selecting "Config editor." Several of the features in 1.1 seem to be inspired by Thunderbird extensions. The RSS features, and the "about:config" access are both available for Thunderbird 1.0 as extensions, for example. It will be interesting to see if the Mozilla developers manage to keep Thunderbird and Firefox free of the kitchen-sink syndrome that plagued the Mozilla suite. We're not suggesting these should only be available as extensions, but we do hope the Mozilla team will resist adding in popular functionality from extensions in order to keep Firefox and Thunderbird lean and allow users to pick and choose the extensions they desire.

Users who wish to use Thunderbird as an RSS reader will like the OPML import capability in Thunderbird 1.1. We tested Thunderbird with an OPML file exported from Bloglines with more than 130 feeds. Thunderbird handled it gracefully, and imported all the feeds with no apparent problems. There should be an "export" capability in the final 1.1 release, but it is not in the current release.

Thunderbird 1.1 will also come with features to help users avoid being scammed by phishing attacks. We didn't actually get any phishing scams to test this out with Thunderbird, but the client is supposed to display a warning message if a message looks like a phishing attack.

Again, as with Firefox's alpha, the Thunderbird alpha handled well enough that this writer will probably employ it for day to day use -- while making regular backups of mail, just in case.

The Firefox roadmap calls for a second alpha release in June, and a beta and final 1.1 release sometime later this year. The Thunderbird roadmap calls for a final 1.1 release in June, but that may need to be pushed back since the alpha release is only a few days old.

Comments (7 posted)

The CDT takes on infringement

The Center for Democracy & Technology has long been "working for democratic values in a digital age." CDT has taken on many issues, including encryption, freedom of speech, privacy, and more. So the new copyright policy paper [PDF] from CDT seemed worth a look. Unfortunately, the CDT appears to have lost track of some important goals in its desire to compromise.

The stated goal of the paper is:

Most of us, probably, can agree with the goal of "protecting copyright." The whole structure of free software licensing, after all, is based on copyright law. Without copyright, there could be no General Public License. Free software could still exist in such a world, but the rules would be different.

So how do we "protect copyright"? The CDT offers a three-pronged approach, the first of which is "punishing bad actors." The authors, it seems, are enthusiastic supporters of actions like mass lawsuits against file traders. Also big on their list is "secondary liability" for people who encourage file sharing - Grokster, for example. There is a token mention of how secondary liability should only target "bad activity" without "chilling the development of new technologies or the provision of online services," but no discussion of how the two can be separated. There is no mention of any situation where "secondary liability" has gone too far, leaving the reader with the impression that the CDT is entirely happy with the enforcement activities which have happened to this point.

Well, not entirely happy; the CDT would like to see more laws passed to get the Federal government more heavily involved in copyright enforcement. They would also like to see:

How this "positive step" would actually work is not discussed.

The core of the CDT paper, however, relates to the creation of "consumer-friendly" DRM schemes. Given a suitable "open market," the CDT believes that DRM can "enable" the flow of digital content we all hunger for in our souls without making life overly frustrating for us "consumers." The CDT does argue against specific mandates by government (but the group appears to favor broadcast flag regulations which provide "reasonable balance") and in favor of preserving consumer privacy. But, as a whole, DRM schemes are clearly seen as a good thing.

The final step advocated by the CDT is "public education." The paper tells us:

"Younger consumers" (and older ones too) could certainly benefit from a better understanding of copyright law. It is probably true that educating these "consumers" about fair use, ever-lengthening copyright periods, the starvation of the public domain, etc. is not something that we can expect industry to accomplish on its own. But, of course, the CDT shows no particular interest in helping industry out on that score; it's mostly interested in the infringement problem.

Remember that the CDT is supposed to be an advocate for democracy, civil rights, and the consumer. But this group has, perhaps out of fear of even worse alternatives, entirely given in to the demands of the entertainment industry in the name of making content available to "consumers." The CDT has sold out entirely on this issue.

There are numerous things the CDT could have addressed, were it truly interested in the wider debate. Perhaps a little mention of the DMCA would have been nice; seeing programmers arrested in the defense of DRM schemes might just have a "chilling effect" or two. An examination of just how well the market has done in producing "consumer-friendly" DRM so far might have been in order. And it might have been nice to see at least a passing mention of the public domain, the source of many of the ideas which have been incorporated into current, eternally-copyrighted content.

But there are two larger failures here. The first is the firm distinction between "producers" and "industry" on one side, and "consumers" on the other. We are, it seems, supposed to go off, be good little consumers, and not worry our pretty little heads about how the "producers," out there somewhere, will protect their content in a "friendly" manner. When your editor was young, it was often noted that freedom of the press is great if you happen to own a press. Now that your editor is no longer so young, we all own presses. We are no longer to be called "consumers," told to enjoy the products from "industry" in some business-friendly way. We, too, are producers, and we have a stake in this game. The CDT has not yet figured that out.

One of the most dramatic ways in which we are producers can be seen in the free software community. LWN readers are not "consumers" of Linux; they are its producers. And we have produced a world where many copyright infringement issues are no longer relevant. But, to the CDT, we do not exist. Any balanced look at DRM must include this fact: free software and DRM are absolutely incompatible with each other. When "consumers" actually have control over their computers (and DRM-capable devices are computers), they need not accept externally-imposed restrictions on what those computers can do. The CDT's "consumer-friendly" DRM vision, almost by definition, cannot include free software.

Certainly, we wish to live in a world where producers can make a living from their work. We are all producers now, remember? Besides, how else will we ever get to see the final three Star Wars movies we were promised back in the 1970's? The CDT's answer to this problem, however, does not describe a world that many of us would want to live in. Some of us, evidently, have a different idea of what constitutes "democratic values."

Comments (9 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

• Security: Intel processors and DRM; New vulnerabilities in dbus, the kernel, mailutils, ...
• Kernel: Dynamic ticks; RapidIO; Automated kernel testing.
• Distributions: A look at rpath Linux; Debian Sarge released; Debian Woody updated; Xandros Business Desktop 3.0
• Development: GePhex: a modular real-time video effect framework, GCC Newsletter, Schemer's Gazette, new versions of Speex, Crash Recovery Kit, Oscilloscope plugin, wxWidgets, AbiWord, KnowledgeTree, Perl, Darcs.
• Press: Best Products of 2005, GPLFlash revived, projects affected by BitKeeper, Red Hat Summit, Comparing Linux and Microsoft business models, Microsoft invites Tiemann for dialogue, Fedora Foundation.
• Announcements: Mandriva's Academia program, SourceLabs hires Perens, Python Certification, Firebird Conf, Online Forum on IP, Open Culture, Milan, Linux Vacation/Eastern Europe, PHP Conferences, YAPC::EU::2005, the Google Summer of Code.

Next page: Security>>