LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LWN.net Weekly Edition for December 10, 2009

A look at Qt 4.6

December 9, 2009

This article was contributed by Nathan Willis

Nokia updated its Qt application framework to version 4.6 on December 1st, adding support for several operating systems — most notably its own mobile platforms: the recently open source Symbian and the Linux-based Maemo. Qt 4.6 introduces new graphics features, new input methods, and updates to the QtScript scripting engine. Along with the framework itself, Nokia updated its cross-platform Qt integrated development environment (IDE) Qt Creator to support the new features and new target platforms.

Qt everywhere

Previous releases of Qt have supported Linux, similar X11-based Unix clones, Mac OS X, and Windows desktop operating systems, plus embedded Linux systems and the Windows smartphone platforms (Windows CE and Windows Mobile). Qt 4.6 updates the proprietary platform support to the latest offerings from Apple and Microsoft: Mac OS X 10.6 and Windows 7.

More interesting to open source users is the official addition of three mobile platforms to the line-up: Symbian S60, Maemo 5 "Fremantle," and the still-in-development Maemo 6 "Harmattan." S60 was Nokia's platform of choice for high-end smartphones for years, but its recent moves indicate it is positioning Symbian as a lower-end phone operating system and cultivating Maemo for high-end devices. "Preview" Qt releases for both S60 and Maemo 5 have been periodically released over the past year, but the platforms' official support in 4.6 is new.

Given that the first Maemo 5 device (Nokia's N900) only started shipping in November, support for Maemo 6 may sound premature. The early release is in line with Nokia's past Maemo development behavior, however. The core Nokia-developed applications in Maemo 6 will be rewritten in Qt instead of GTK+ and Hildon, and Qt will be designated the officially supported toolkit for application development. Nokia has long tried to get development tools into the hands of the open source community as early as possible to accelerate Maemo application development, and the Maemo 6 shift in toolkits is undoubtedly a disruption the company wants to minimize.

Inside the release

The headlining new features in 4.6 are the Qt Animation Framework and State Machine Framework. The two APIs work together; more generally the state machine framework allows application developers to construct their code around state graphs, in which the system reacts to stimuli such as user input by changing between pre-defined states — hopefully leading to better dynamic user interfaces. As the documentation points out, writing a state-based application is not required, and simple applications may not see the benefit. But using the state machine does open up some other useful APIs, including animation.

The animation framework allows developers to animate transitions between states, rather than defining animations as timeline-based behavior triggered by events. The animation framework automatically interpolates between the "start" and "stop" states of the animated object, and handles pausing, synchronizing multiple animations, and other details.

Two new input methods debut in 4.6, gesture input and multi-touch. Multi-touch builds on the existing touch-sensitive interface of the QTouchEvent class. Qt now handles multiple QTouchEvents simultaneously, and can send different events to different widgets, or to the same widget. The framework maintains backward-compatibility with older code by translating QTouchEvents into QMouseEvents for multi-touch unaware applications. Gestures are built on top of multi-touch, as gestures may involve multiple touch points. The QGestureEvent class provides gesture descriptions and handling.

The QGraphicsEffect class allows Qt to perform basic visual effects on arbitrary elements, including blurring, drop-shadowing, colorization, and changing opacity. There are also new classes in 4.6 to handle audio, and a Qt3D API to simplify writing 3-D applications.

Nokia highlights several changes as "performance optimizations." Some, like a new renderer for the QGraphicsView class, are enhancements to existing features. Others, such as the QContiguousCache class (which enables more efficient memory caching by keeping larger chunks of cached data in contiguous locations) and hardware-acceleration for 2-D vector graphics via the OpenVG API, qualify as new features in their own right.

Several key pieces of code for web integration made their way into 4.6. QtScript, the framework's JavaScript/ECMAScript scripting engine, has a new backend in 4.6 based on WebKit's JavaScriptCore, which is reportedly considerably faster. The QWebElement class provides an API to access and manipulate the document object model (DOM) of both web pages and XML documents.

Qt Creator and ... world domination?

[Qt Creator]

The Qt Creator IDE was bumped to version 1.3 when Qt 4.6 was released and supports the new features of the toolkit. The official changelog details a long list of improvements, most of which fall under the category of regular enhancements to a still-growing IDE: improved syntax highlighting and semantic parsing, better searching, better code refactoring, and so on.

It is telling, however, that here again Nokia's press releases lead off with the fact that Qt Creator now supports Symbian as a target platform. Nokia's corporate interest is in building Qt into a cross-platform toolkit and SDK that can run on every platform available. Linux users may occasionally lose sight of that fact because of the framework's prominence in desktop projects like KDE (which will be migrating to 4.6 in version 4.4.0). But in the broader technology market, the sheer number of Symbian-powered phones (half of all smartphones, on the order of hundreds of millions) dwarfs the desktop Linux market easily.

Symbian is now open source, of course, following its 2008 acquisition by Nokia. Maemo may be the company's ace in the hole for future smartphone products, but Qt is the tool it will use to keep the programmers developing for those millions of smartphones from migrating to other platforms as Maemo matures.

Fortunately for open source users, Nokia seems to be working well with the community. In addition to its code contributions, Nokia has also opened up the Qt development process itself, accepting around 160 code contributions from outside the company, and making the source code repository and official bug tracker publicly accessible. Qt 4.6 adds some exciting new features, including multi-touch gestures and an easy-to-use animation API. But the open development process that brought it to market is just as welcome.

Comments (11 posted)

SELinux and PostgreSQL: a worthwhile union?

By Jonathan Corbet
December 4, 2009
When your editor was in Tokyo recently, he had the privilege to talk with KaiGai Kohei at some length about the SE-PgSQL patch set. This work, developed by KaiGai for the last two years or so, integrates SELinux with the PostgreSQL database manager, enabling fine-grained control over access to data stored within a database. The SE-PgSQL patch has struggled to get into the PostgreSQL mainline; it is now preparing for what may well be its last push to be merged. Whether it's successful may, in the end, depend on whether it receives support from potential users.

SELinux works by attaching labels to objects and roles to actors, then enforcing rules describing what sort of access to objects with specific labels is allowed to specific roles. It is a highly flexible system, but also highly complex; even a minimal SELinux policy can involve thousands of rules. The complexity of SELinux has almost certainly inhibited its adoption in the broader Linux community; when SELinux gets in the way of real work, figuring out how to fix it can be a nontrivial task. Over the years, many administrators have concluded, like Ted Ts'o, that "life is too short for SELinux."

That said, Fedora and Red Hat have slowly made progress in using SELinux to confine parts of the system without creating too much user pain. And there is certainly a place for more comprehensive security models in general. But once one starts protecting data at the filesystem level, it makes sense to ask whether data which is accessed through higher-level mechanisms - a relational database manager, say - should also be subject to the system's security policies. In an ideal world, the same security policy would be operative at all levels.

That is the idea behind SE-PgSQL. With this patch, a database administrator can assign labels to databases, schemas, rows, and columns, then write access control rules for them. These are SELinux rules, which are evaluated by SELinux and enforced by PostgreSQL. So access to objects within the database can be governed by the same policy as access to objects elsewhere in the system. On the surface, it is an elegant concept. It is also a concept that NEC (KaiGai's employer) sees as an important component of its future offerings based around cloud computing. For this reason, NEC has funded this work for the last couple of years.

The world is full of free software projects which are starved for developers and which would be overjoyed to accept a feature contribution at this level. The PostgreSQL hackers are somewhat more finicky, though. As is the case with a number of longstanding, successful projects, PostgreSQL developers understand that they will be maintaining any code they accept for many years, and that they cannot afford to accept code which might compromise the project's reputation for stability. So they have been balking at merging SE-PgSQL.

There would appear to be two specific objections getting in the way of this patch: (1) it's big, complicated, and hard to understand, and (2) it's not clear that the benefit of merging this functionality will be worth the costs.

To address the first qualm, KaiGai has worked to minimize the patch to the greatest extent possible, stripping out much of the functionality in the process. Among other things, the latest version of the code does not support row-level labeling. He has also written some extensive documentation which should be required reading for anybody wanting to understand how this patch should work. The end result is a patch which still weighs in at 13,000 lines - but the bulk of it is documentation and regression tests.

PostgreSQL hacker Bruce Momjian was pleased with the reduced patch, saying that is "exactly what I was hoping to see." He also noted, though:

So, one big problem is that no one has agreed to review it, partly or probably because few developers understand the SE-Linux API, and many people who have used SE-Linux have been confused by it.

He expressed willingness to do the review, but requested help from developers who understand SELinux better. KaiGai has offered to try to round up such a developer, so, with luck, this particular obstacle can be overcome.

That leaves the cost/benefit question. The strongest critic of this patch is almost certainly Tom Lane, who said:

Even if we were to accept the SEPostgres patches lock stock and barrel tomorrow, I don't foresee that it will ever get to the point of being useful except to an extremely small group of users who are driven by extreme need. Nobody else is going to have the motivation needed to develop custom security policies, and there simply isn't any chance of anyone developing any generally useful default policy.

On the other hand, Josh Berkus noted that he has seen interest in the feature:

PostgreSQL is the most security-conscious of the OSS databases, and is widely used by certain groups (security software, military, credit card processing) precisely because of this reputation. These folks, while unlikely to speak up on -hackers, are interested in new/further security features; when I was at the Pentagon 2 years ago several people there from HS were quite interested in SE-Postgres specifically. Further, I've been mentioning SE-Postgres in my "DB security talk" for the last 18 months and I *always* get a question about it.

This unwillingness to speak up on the part of potential users could well doom this patch. The code probably cannot be minimized much further without becoming pointless, and even a contributor as persistent and patient as KaiGai can only get discouraged eventually. It would not be surprising if this PostgreSQL development cycle were the last go-round for SE-PgSQL if it is not accepted.

Part of participating in a free software community is contributing code. But another important part is providing feedback to the developers. Otherwise, they are unlikely to know which development directions make sense for many of their users, and they might just turn down patches which their users would rather see incorporated. Companies are often reluctant to talk about their security needs and plans. But, for potential SE-PgSQL users, that kind of silence at this time could be counterproductive. If nobody shows up to express a need for SELinux integration into PostgreSQL, the developers might conclude that there is no interest in this feature and act accordingly.

Comments (22 posted)

The 2009 Linux and free software timeline - Q2

Here is LWN's twelfth annual timeline of significant events in the Linux and free software world for the year.

2009 offered few surprises to those that have been following Linux and free software for as long as we have. As expected, there were new releases of many of the tools and underlying infrastructure that we use on a daily basis. There were also lawsuits over software patents, arguments over licensing, and various security flaws found and fixed. Distributions were packaged up and released, more phones and other devices with Linux and free software were sold, and so forth. All part of the march to "world domination". We look forward to 2010—and beyond.

This year we will be breaking things up into quarters, and this is our report on April-June 2009. Over the next few weeks, we will be putting out timelines of the other two quarters of the year.

First quarter timeline (Jan-Mar 2009)

This is version 0.8 of the 2009 timeline. There are almost certainly some errors or omissions; if you find any, please send them to timeline@lwn.net.

LWN subscribers have paid for the development of this timeline, along with previous timelines and the weekly editions. If you like what you see here, or elsewhere on the site, please consider subscribing to LWN.

For those with a nostalgic bent, our timeline index page has links to the previous eleven timelines and some other retrospective articles going all the way back to 1998.

April
When I joined in 2001, Debian was The Distribution that a lot of users were using and all my friends knowing Free Software were dreaming of contributing to. Things have changed since then: newbies now use Ubuntu or Fedora, and contributors can easily join their communities. Debian is too often seen as the old distro that some old timers still use, having a process to join which is not worth trying. The Debian value that needs to be improved the most is changing that: putting Debian back into its place.

-- Debian project leader candidate Stefano "Zack" Zacchiroli

CentOS 5.3 released. (announcement) [Ardour]

Ardour, the multi-track audio editor, releases version 2.8. (announcement)

Intel turns over stewardship of Moblin to the Linux Foundation. (press release)

SGI acquired by Rackable Systems for $25 million. (press release)

Openmoko downsizes and stops work on the GTA03 to focus on the then-mysterious "Project B" (Steve Mosher email, PDF slides from Sean Moss-Pultz's presentation)

BIOS writers tend to have been on pain medication for so long that they can hardly remember their own name, much less actually make sure they follow all the documentation.

-- Linus Torvalds

[Filesystems workshop]

Steve McIntyre is re-elected as Debian project leader. (announcement)

Oracle buys Sun, though surely they didn't think it would be held up in the EU regulatory process until at least December. (announcement)

GCC 4.4.0 is released. (announcement, LWN coverage)

Because I care about folks who don't make computing their life blood, I think the consumer story is a really interesting one. So for that reason, I think netbooks are really fascinating.

-- Mark Shuttleworth

[Ubuntu]

Ubuntu 9.04, "Jaunty Jackalope", is released. (announcement) [NetBSD]

NetBSD 5.0 is released. (announcement, LWN review)

Mandriva 2009 Spring (2009.1) released. (announcement)

May
We believe that you can't make software that pleases everyone. You can make software that pleases experts, but most of the time non-experts hate that software.

-- GNOME Foundation board member Luis Villa

A patch to avoid Microsoft's VFAT patent claim, which was asserted in the TomTom lawsuit, is proposed on linux-kernel. (LWN article)

OpenBSD 4.5 is released. (announcement)

Debian announces a switch to EGLIBC, instead of glibc for its C runtime library. (announcement, LWN article)

The GNOME volume control exposed a lot of low-level hardware-specific features that only a tiny minority of people actually really understood, and the PA volume control exposed a lot of low-level software features that a slightly larger minority of people only actually really understood.

-- PulseAudio (PA) developer Lennart Poettering

OpenOffice.org 3.1 is released. (announcement)

AMD releases 3D programming guide for R6xx/R7xx chips. (announcement)

[Slackware]

Slackware64 is released—based on Slackware 13.0, it is the first official 64-bit Slackware release. (announcement)

Cisco and the Free Software Foundation settle a GPL compliance lawsuit; Cisco will appoint a Free Software Director for its Linksys subsidiary. (announcement) [Linux Mint]

Linux Mint 7 ("Gloria") distribution is released (announcement, LWN review)

A few months ago, I had to dive into the configuration of sendmail to make a very small change. It turns out I spent almost an hour trying to make sense out of a maze of files that were plain unreadable.

-- OpenSMTPD developer Gilles Chehade

Wikipedia switches from the GNU Free Documentation License to the Creative Commons attribution-sharealike license. (announcement, LWN coverage)

TurboGears 2.0 is released; it is a Python-based web application framework. (announcement) [KOffice]

KOffice 2.0.0 is released. (announcement)

June
That's like saying that a squirrel is 48% juicier than an orange - maybe it's true, but anybody who puts the two in a blender to compare them is kind of sick.

-- Linus Torvalds

The US Supreme Court agrees to hear the Bilski case, which could change the software patent landscape. (SCOTUS Blog report)

The 2.6.30 kernel is released with the TOMOYO security module, nilfs filesystem, reliable datagram sockets, FS-Cache, and more. (announcement, KernelNewbies coverage)

Fedora 11 ("Leonidas") is released. (announcement)

Here, we find the quadruped leaping to action in a flash with its 20-second startup -- and do observe the animal's graceful form, achieved through kernel mode setting and Plymouth. We discovered, upon further examination, that the Leonidas maintains his sleek figure through the help of his new Presto feature, which allows him to keep his bandwidth trim while digesting updates that keep him healthy and content.

-- Paul Frields announces Fedora 11

Intel acquires embedded Linux vendor Wind River Systems. (press release) [Amarok]

KDE audio player Amarok 2.1 is released. (announcement, LWN review)

Ubuntu announces switch to the GRUB2 bootloader for 9.10 ("Karmic Koala"). (announcement, LWN coverage)

Sugar Labs announces Sugar on a Stick "Strawberry" featuring Fedora 11 and Sugar learning environment version 0.84. (announcement)

We've always said that the talent and creativity of those outside the company is superior to that inside the company. We have stuck to these principles. We've have opened up more than any other phone, from any other company, in the history of this industry.

-- Openmoko CEO Sean Moss-Pultz

Richard Stallman warns about dependence on Mono and C#,which stirs up a lot of controversy. (RMS's warning, LWN coverage)

Firefox 3.5 is released with private browsing, HTML5 video and audio support for Ogg Theora and Vorbis, a faster JavaScript engine, and more. (announcement) [PHP]

PHP 5.3 is released. (announcement)

Python 3.1 is released, focusing on the "stabilization and optimization of the features and changes that Python 3.0 introduced". (announcement)

The Ogg codecs (Vorbis and Theora) are dropped from HTML5, which means there will be no standard codecs for <video> and <audio> in HTML5. (announcement)

Comments (2 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

  • Security: Pogoplug makes internet data sharing easy; New vulnerabilities in grub2, kernel, kvm, ntp,...
  • Kernel: 2.6.33 merge window part 1; Minimizing instrumentation impacts; Debugging the kernel using Ftrace - part 1
  • Distributions: FreeBSD 8: an evolutionary release of the unknown giant; new releases of AV Linux 3.0, Calculate Linux 10.0, Fedora 12 LXDE Spin and SimplyMEPIS 8.5 beta1; Interview with Klaus Knopper; ClearOS review.
  • Development: The Twisted networking framework version 9.0.0, Mobile Firefox, Systemtap meets Python, new versions of rsplib, SQLite, moin, GNOME, LyX, Cyphesis, Wine, Thunderbird, Patchage, Pyro, Git.
  • Announcements: Google Public DNS, Artifex sues Palm, Anatomy of a GPL Violation, LAM Best of 2009, Intel 48 core processor, Sugar on a Stick v2, Graphics Survey Results, DjangoSki cfp, PostgreSQL/FOSDEM cfp, Django Sprint, L2Ork debut track.
Next page: Security>>

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds