LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LWN.net Weekly Edition for June 16, 2005

A few notes on the OpenSolaris release

Sun has followed through on its promises, and placed the bulk of its Solaris source on OpenSolaris.org. Regardless of whether you intend to do anything with this code, or with Solaris in general, this release is a significant event. Observers have noted for years that Linux was likely to bring about the end of proprietary Unix systems. With the opening of Solaris, that prediction has come to pass. While some proprietary Unix offerings still exist, Solaris was the largest and most significant of them. With Solaris in the open, the proprietary Unix era is done.

OpenSolaris is not a small download. Anybody not already running Solaris will have to bootstrap themselves with a binary distribution. Then there's the core source tarball, compiler, and "closed binaries" packages. Throw in the BFU package to get the latest stuff: "BFU" is said to stand for "blindingly fast upgrade," but other interpretations of the acronym are certainly possible. Sun's site requires registration before it will allow you to download files; interestingly, however, it also makes torrents and a (no-registration) third-party site available.

Note that, if you simply want to wander around in the source code, it is not necessary to download the whole thing. Sun has provided a web-based source browser which makes digging through the code easy.

The "closed binary" package is said to be a temporary thing. It comes with a relatively reasonable "free beer" license, though it does require that you only run the binaries on an OpenSolaris system. The list of binary-only programs is somewhat strange: it includes od, patch, rdist, sed, ssh, telnet, and kernel drivers for hardware like the Intel e1000 network adaptor - stuff which, seemingly, should be free. The Sun compilers come with a rather more restrictive license; users are required to be "a participant of the OpenSolaris community," may not publish benchmark results, and cannot modify the "java technology" included with the software. Also:

Software may contain programs that perform automated collection of system data and/or automated software updating services. System data collected through such programs may be used by Sun, its subcontractors, and its service delivery partners for the purpose of providing you with remote system services and/or improving Sun's software and systems

So it is, perhaps, not surprising that even developers within Sun are interested in using free compilers with OpenSolaris. An effort to Build OpenSolaris with GCC is apparently well advanced, so the need for the proprietary Sun compilers should go away soon. Interesting, according to one developer, much of the pain of porting to gcc was caused by gcc's insistence on putting constant data into read-only memory. OpenSolaris, it seems, did a lot of writing to "constant" strings.

One of the more significant omissions from OpenSolaris currently is an X server. Two servers actually run on Solaris: X.org and the venerable Xsun server. The plan is, apparently, to move toward releasing a version of the X.org server, but that has not happened yet.

Much has been said about Sun's choice of the CDDL as the license for the Solaris source code; there is not much to add at this time. It is worth noting, though, that if you choose to contribute code to OpenSolaris, you not only have to contribute it under the CDDL, but you must sign Sun's contributor agreement [PDF] as well. That agreement has some obvious things, like patent licensing. It also, however, requires you to give Sun an ownership stake in your code:

You hereby assign to Sun joint ownership in all worldwide common law and statutory rights associated with the copyrights, copyright applications and copyright registrations in Your Contribution, to the extent allowable under applicable local laws and copyright conventions, and agree never to assert against Sun any "moral rights" therein. You understand that (i) this Agreement may be submitted by Sun to register a copyright in Your Contribution, and (ii) Sun may exercise all rights as a copyright owner of Your Contribution.

Sun, in other words, can take your code and make it into a proprietary product, or release it under any other license that it sees fit. It doesn't seem to have occurred to Sun that terms like this might reduce the size of the "vibrant developer community" that it wishes to create.

The CDDL license will prevent any code in the Solaris kernel from finding its way into Linux - we can only hope that nobody tries to sneak some in anyway. It is amusing to note, however, that the first OpenSolaris-inspired kernel patch has already been posted; it is a small optimization to how SYSV semaphores work. With luck, good ideas will flow from the OpenSolaris kernel to Linux (and vice versa), even if the code itself cannot.

Large dumps of corporate code are always a little hard for the community to digest. So it may be some time before OpenSolaris grows into a true free software project with active user and developer communities. It will probably get there: the code is good enough, and there are enough established Solaris users now, to give OpenSolaris some momentum. Whether OpenSolaris can develop into a truly successful project over the long term remains to be seen, however. There is some good stuff there, but it may turn out to be too little, too late from a company which is still struggling to understand what free software is about.

Comments (10 posted)

What is firefox prefetching?

One reason many of us insist on using free software is its relative lack of surprises. Free programs rarely contain features which cause them to behave in a way which is contrary to the interests of their users. Unlike many proprietary programs, free applications tend not to phone home without permission, unnecessarily restrict what their users can do, or perform unexpected operations behind users' backs. As Lauren Weinstein recently discovered, however, the Firefox browser can be made to behave in a way which is surprising indeed - and Google, in the name of faster browsing, is taking advantage of that behavior.

In particular, Firefox will, at times, "prefetch" the contents of a web page which it thinks you might want to see soon. If a page is marked as being the "next" page in a series, Firefox, by default, will prefetch that page's contents. (And, yes, for those who have asked for "next" tags for the LWN Weekly Edition, it will happen when we get a chance). When the user hits the link for the next page, it will already be resident in the Firefox cache, and will display more quickly.

The interesting thing is that Firefox can be told explicitly to prefetch pages; all it takes is a tag like: 

    <link rel="prefetch" href="URL">

Google will, if it decides that you should be feeling lucky, add such a tag to the first in a series of search results, causing that first result to be prefetched. Among other things, this prefetch can cause cookies to be set in the browser even though the person ostensibly in control of the browser [Firefox screenshot] never decides to visit the site. An easy experiment will verify this behavior: turn on cookie notifications, then search for a term with a relatively obvious top result - Lauren used "soundbite." The result will be a screen somewhat like that shown on the right: the soundbite.com web server is attempting to set cookies, even though your editor never clicked on a link which would lead to that site.

Prefetching in this way can lead to a number of undesirable consequences: unwanted cookies, bandwidth use, etc. More seriously, it could lead to accesses to truly unwanted sites: stumbling into non-work-safe sites is already too easy, without one's browser deciding to fetch additional pages from arbitrary servers with no user participation. Should an unpleasant Firefox security hole be discovered, prefetching could, for the right sort of vulnerability, be exploited to compromise systems. That would be an unwelcome sort of surprise.

Google's use of prefetching in this way is unfortunate; it seems certain to lead to trouble for somebody, somewhere down the line. The real problem, however, is with Firefox, which is shipped with prefetching turned on. There is no indication, anywhere in the preference screens, that an option controlling prefetching even exists. Anybody wanting to disable prefetching will have to edit their prefs.js file, or tweak the network.prefetch-next option on the about:config screen. Turning off prefetch in this way will slow down some page loads, but, for many users, the extra delay will be worth it.

[As a postscript, your editor can't help but poke at a bit of poor user interface design in Firefox. An attempt to pull up a long page yielded this dialog, asking: "A script on this page is causing mozilla to run slowly... Do you want to abort the script?" The two buttons are marked "Cancel" and "OK". It is nice that Firefox does not entirely lose control in such situations. But does "Cancel" kill the script, or let it run?]

Comments (13 posted)

A foundation for Zope

Back in 1998, LWN got one of its first scoops by reporting that a company called Digital Creations was planning to release its well-respected Principia product under an open source license. Even more interestingly, this release had been advocated by the company's venture capital backers. Over the years, both the software and the company were renamed "Zope," and the Zope platform has been used for many applications, including the popular Plone framework.

Zope Corporation has, throughout, retained copyrights for - and control over - the Zope platform. Recently, however, the company announced that a foundation would be created for Zope. This foundation will be given the copyrights to the code and the right to the Zope trademark; its task will be to ensure the future success of Zope independently from Zope Corporation. We talked briefly with Zope Corp. head Rob Page about this change.

Why have you decided to make this move at this time?

The global potential for Zope 3 is huge. The design principles in Zope 3 make it the perfect platform for "Web 3.0" development. By way of example, we (Zope Corporation) are developing a large document management project for the US Department of Defense on Zope 3, and Mark Shuttleworth is working to bring SchoolTool/SchoolBell to the world -- all on top of Zope 3.

Everyone with a vested interest in Zope benefits from its widespread adoption and deployment. Users benefit from the support network and commercial organizations benefit from more platform-based opportunity. We believe the explicit vendor neutrality of a Foundation will accelerate the adoption of Zope (version 2 *and* version 3).

Bottom line: We want to remove any objections to adopting Zope, and we see the Zope Foundation as the last step.

Were there any particular problems or pressures which led to the creation of the foundation?

No. A confluence of events -- the availability of Zope 3.1 (whose release is imminent), the release of SchoolTool, our imminent completion of our large DoD project and the community's launch of a Zope 3 ECM (Enterprise Content Management) project made this an excellent time to launch the Foundation.

That said, members in the Zope community have been discussing a Foundation for more than a year and we take it at face value that a Foundation would help them sell more Zope-based products and services to their prospective and current customers.

How many engineers do you have working on Zope now? Do you expect that to change as Zope moves over to the foundation?

From November 2001 through November 2004 our Chief Technology Officer, Jim Fulton worked on little other than Zope 3. Typically, at least 2 additional Zope Corporation engineers spent 80% of their time throughout that period working on Zope 3 work as well.

He was assisted by the incredible efforts of some really smart people. At the risk of insult by omission, it's appropriate to specifically mention and appreciate the efforts of Steven Alexander, Stephan Richter, and Philipp von Weitershausen.

Since October of 2004 we have had more than 4 full-time engineers working on the above-mentioned Zope 3 based Document Management project. We have already contributed large amounts of code into Zope 3 (XPDL support is one specific example). We intend to release additional significant contributions into both Zope 3 and the upcoming Zope 3 Enterprise Content Management project.

Of course, everyone here works on Zope. :^) Most developers are working on the delivery of our products into specific customer environments. This involves installation, custom development, configuration and transition to internal operations. We don't expect that to change.

What sort of governance structure do you see for the foundation?

The governance structure of the foundation will be developed by taking the best ideas from the likes of the Apache Software Foundation, Eclipse Foundation and others. Since it's early we haven't drawn any specific conclusions. We intend to work these issues out during the summer and launch the foundation by October 2005.

Will Zope Corp. retain any sort of veto power over changes it doesn't like?

Zope Corporation won't have a veto per se. Some changes (e.g., changing Zope's license) will require a unanimous vote of the Board of Directors.

How will you ensure that the development of Zope continues to meet your business needs?

In an open source world we can't ensure_ anything. :^)

What we can do is continue to demonstrate productive leadership and contribute great software and ideas. The Zope community is distinguished by having gathered some really smart people so we're extremely optimistic about the Foundation's success.

How will the foundation be funded?

We will be recruiting a few start-up partners to fund the initial formation and operation of the Foundation.

The Foundation will have a dues structure that will support ongoing operations.

What's the status of Zope 3? There does not appear to have been a Zope X3 release since last November; has development stalled?

There hasn't been a tagged release of Zope 3 since last November, though by the time I send this (or the time it's published) Zope 3.1 will be out.

Development has done anything but stall. The last seven months have been spent fixing bugs, refactoring implementations and polishing interfaces. We have a large customer to thank for providing the real-world application to thoroughly exercise Zope 3.

A lot of community work has gone into Zope 2.8 and a project called "Five" (Zope 2 + Zope 3 = Five ;-) - these are Zope 2 focused projects which aim to bridge the gap between Zope 2 and Zope 3 architectures. Zope 2.8, which now includes Five in the distribution, was released officially on June 11th, 2005.

How's business? Is the services model working for you?

Depends on what you mean by services.. :^)

Since 2001 we have been de-emphasizing our professional services capacity in favor of a more productized delivery model.

Our product business -- specifically the delivery of our products through managed hosting (aka ASP/Software as a Service) has been extremely successful. We recently announced the addition of CNHI as a managed hosting customer. CNHI will be launching 133 newspapers on our Zope4Media product.

Our managed hosting offering provides our customers with a managed/guaranteed environment in which they can assemble composite applications (i.e., applications built from Zope, Squid, LAMP, etc.), without assuming the operational responsibilities.

We thank Mr. Page for taking the time to answer our questions.

Comments (3 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

  • Security: MD5 collisions; New vulnerabilities in gaim (twice), gedit, firefox, wget, ...
  • Kernel: DCO v1.1; The end of the devfs story; Realtime and interrupt latency; NAPI performance.
  • Distributions: Debian Sarge Declared Stable; Fedora Core 4; Debian Sarge for AMD64; the security state of Fedora Core 4; Slamd64 10.1
  • Development: Bazaar-NG: a distributed version control system, new versions of Speex, MaxDB, ZODB, EVMS, OpenBGPD, OpenNTPD, BASE, pam-mysql, PassReminder, Caravel CMS, mnoGoSearch, SchoolBell, SchoolTool Calendar, QjackCtl, XCircuit, Open Clip Art, FOX, Qt, GIMP, Gaim, OO.o, Drivel, GDC, Bluefish.
  • Press: Thoughts on Debian's future, Power.org for Open Hardware, Linux and BSD comparisons, open-source Geospatial tools, grid computing for finance, Linux saves a corrupted USB drive, EMR consolidation.
  • Announcements: Intel's Compiler 9.0, Mandriva acquires Lycoris, VariCAD 2005, REALbasic 2005, Zope Foundation, GNOME Women, GPL V3, EFF legal guide for bloggers, FUDCon2, OOoCon CFP.
Next page: Security>>

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds