Recently, I had the opportunity to attend GUADEC in The Hague, Netherlands
and was quite impressed by the conference and the GNOME project itself.
There were many more sessions than one could possibly attend, and too many
attended to do a full write-up on. Rather than let the notes languish on
the laptop hard drive, though, a brief look at some of the other sessions I
sat in on seems warranted.
The conference venue, De Haagse Hogeschool—College (or University) of
The Hague—was an excellent facility for GUADEC, with plenty of room
for the sessions as well as a nice atrium in the center for the always
important "hallway track". The city was quite nice as well, with easy
walking to most things, and ever-present trams for places that were further
away. While there was a fair amount of the expected rain during GUADEC,
there were some very nice weather days as well. I took the opportunity to
do a little wandering around the city center—where the conference
located—my only regret is that I never made it to the Escher Museum;
another trip there is clearly called for.
GNOME and the web
Luis Villa was not the only
one who thought that GNOME should become more web-focused; there were
several other presentations that looked at various aspects of how to make
that happen. Xan Lopez of Igalia and Gustavo Noronha of Collabora nearly
short-circuited their presentation by stating their agreement with Villa
Palmieri—who has also pushed "GNOME web"—followed by the
traditional "Questions?" slide. After the laughter died down, they pushed on
to look at the history of desktops and the web, as well as how they saw
GNOME fitting in.
Lopez and Noronha noted that the basics of the desktop were invented by
Alan Kay in the 1970s and have been incrementally improved since then.
"Apple made it [the desktop UI] popular, Microsoft made it really
popular, we are trying to make it free." Web applications are
rapidly catching up to the desktop in functionality, though, and the
perception is that the desktop is "losing momentum".
technologies were not very well liked. Now, it is all HTML 5, CSS 3, and
That is because of
an evolution in the underlying languages, but also a change in focus for
applications. The most relevant applications today are "webby"
and adoption of the web as a platform is accelerating.
They looked at the evolution of web support in GNOME, starting with
gtkhtml, which was "not feature complete", to Gecko and
gtkmozembe, which was problematic because it focused on the browser, not those
who wanted to embed an HTML renderer. The most recent effort,
WebKitGTK has a number of advantages, they said. WebKit was
designed "from the ground up" to be embedded. It is also easier
to have a voice in WebKit development because there are multiple vendors
using it, unlike Gecko which is focused on Mozilla's needs.
In addition, WebKit uses existing libraries that are already used by
GNOME. For example, Gecko uses the Necko library for networking, but
libsoup. WebKitGTK is "much better suited for us", they said.
They also listed multiple GNOME applications that are using the toolkit for
rendering, like Banshee and Rhythmbox embedding browser windows into their
interfaces, multiple different browsers, the Liferea RSS reader for its
display, and even things like Gwibber and Empathy are using it for
"sexier" message display as well as more flexible layout and
"web does not exist in a vacuum" and GNOME has lots of
components to bring to the table, they said. Things like Cairo for vector
graphics or GStreamer for multimedia are used by WebKit, so the two
projects have much in common. In the mobile space, they noted that Litl
and Palm's WebOS both treat all of their applications as web applications,
but use GNOME underneath. Lopez and Noronha clearly see WebKitGTK as the
way forward for GNOME.
MeeGo hacker Rob Bradford of Intel gave a presentation on a concrete
example of integrating
web services into GNOME using LibSocialWeb and librest. The basic idea is
to keep interested applications informed of updates to the user's social
web applications, like Facebook, Flickr, Twitter, and others. Applications
can use a D-Bus interface to LibSocialWeb to register their interest in
various kinds of events and then to receive them asynchronously.
Backends are responsible for talking with each of the web services, and
each has its own D-Bus service. Currently there are backends available for
the most popular services and, depending on the API provided by the
service, they can also update the service (i.e. sending Facebook status
updates or a
photo to Flickr) in addition to being a passive listener. The backends
periodically connect to the service, parse the returned XML, and notice
things that have been added or changed. There is a common core, which is
shared by most of the backends to do the parsing and noticing.
For handling the communication tasks, librest is used. It targets RESTful web applications,
and includes a simple XML parser—as a wrapper around the more powerful
libxml2—to parse data returned from web applications. Traditional
XML parsing is "overkill for the simple data returned from most web
services", he said.
The goal is to get LibSocialWeb added as an external dependency for GNOME
3, so that GNOME applications can take advantage of it. There is still
lots to do before that can happen, Bradford said, including reworking the
client-side API as there
is "just enough" now to be able to demonstrate the
In addition to interacting with the "standard" social web services, he also
discussed other uses for LibSocialWeb. Using libchamplain to display maps
that include location information retrieved from the web (or by doing an IP
address to location lookup using GeoClue) is one. He also described a
small application that he wrote in 20 minutes to search compfight.com for Creative-Commons-licensed images that could be
used as a screen background, which could be integrated into the GNOME
All told, LibSocialWeb and librest seem like a way forward for GNOME
applications that want to be more "webby". They will presumably get a good
workout in MeeGo, which should shake loose many of the bugs and
With Seif Lofty acting as a "master of ceremonies" of sorts, several
members of the Zeitgeist team gave short presentations about
aspects of the desktop event collector and advances made since it was
introduced at last
year's desktop summit. The Zeitgeist engine is a means to capture events,
like file access, application use, or communication action, as the user
does them, and then allow applications to query the events. The
idea is that various user interfaces, like the GNOME activity journal, Nautilus, or Docky, can
then present that information in different ways to help users keep track of
what they were doing, when, where, and so on.
Thorsten Prante described the deployment of Zeitgeist in different
applications and provided use cases of how the data gathered might be
used. The activity journal gives a timeline-based look at what the user
was doing on different days or at different points within a day. It can
then answer questions like "when did I do X?", and "what else did I do
then?". But it goes further than that as correlations can be made with
location or other applications or documents used at the same time.
This gives users a "time-referential access" to their
activities, which will help them "go back to where [they] left
off", he said. Correlating that information with chat and email
history "can show the big picture of what you've been doing".
Adding application-specific information like browser history can help give
a better context for which related tasks the user was
performing—leading to better workflow.
Former Google Summer of Code participant—now core
maintainer—Siegfried Gevatter talked about Zeitgeist framework. Over
the last year, a new, better performing database structure has been
adopted, along with a more powerful D-Bus API. Applications can push
events into Zeitgeist using Python, C, Vala, or directly using the D-Bus
The framework is "intended to be enhanced with plugins", he
said. Those plugins are written in Python, reside in the Zeitgeist
process, and "manipulate events in and out". They can provide
their own D-Bus API and handle tasks like blacklisting, geolocation, adding
file content and full text search events, etc. At the end of his
mini-presentation, Gevatter demonstrated an application that placed various
activities on a map (from OpenStreetMap naturally) so that a user could see
where, geographically, they were when they performed those tasks—all
in "200 lines of Python".
After that, Youness Alaoui presented the newest part of Zeitgeist: the
Teamgeist framework. Teamgeist was motivated by a "lack of real-time
collaboration tools", he said. Sharing desktop events between team
members is the idea behind the framework, so that others can see what you
were doing and pick up where
you left off. Teamgeist started with a prototype last year and, since
sponsored work on a "full-fledged" implementation.
The criteria for sharing events is under the control of each user, but
there are multiple use cases that Alaoui presented, including sharing of
online research progress, files edited, documents created, and so on.
Teamgeist uses Telepathy "tubes" to exchange events currently, but other
transports could be added, sharing events through email for example. The
vision for Teamgeist is that teams could be fully aware of what the other
members are doing, sharing files and documents through version control
repositories or via some kind of cloud storage.
The most eye (and headline) catching result from Dave Neary's GNOME census
report was the less-than-stellar ranking of Canonical among corporate
but that was certainly not the thrust of his presentation. He set out to
examine the makeup of GNOME committers because he "thought it would
be an interesting thing to know". But he also pointed out that
partners and potential partners, the press, big institutional clients,
vertical application developers, and headhunters all have expressed
interest in that kind of data at times.
Neary measured changesets, rather than lines of code (LoC), because LoC is
"not a good measure", though he admitted that changesets was
not a perfect measure either. He looked at the commits from the GNOME 2.30
release in March 2010 and before, omitting some external dependencies,
deprecated modules, and GNOME mobile.
He used various tools to gather his statistics, gitdm and CVSAnaly
primarily along with a number of shell scripts. He put the data into MySQL
for easy access and querying and used Gnumeric for his charts. One of the
biggest difficulties was to try to disambiguate multiple email addresses
that corresponded to the same developer and to properly attribute
developer's contributions to their employer—or to "none" as
the talk show some interesting trends. The "Rhythm" graph shows the number
of commits over time, which clearly shows the post-GUADEC flurry of work as
well as the steep dropoff in commits at each release point. There is,
unsurprisingly, a long tail in the number of commits based on each
committers rank: there are some 3500 committers, with the top 200
accounting for the overwhelming majority of commits—number 1000 in
the ranking has only 2 or 3 commits, he said.
There is an interesting mix between two kinds of prolific developers, he
said, as they either have "thousands of commits in a few modules or
hundreds of commits in many modules". That reflects a split between
specialists and generalists among GNOME hackers.
He also looked at the company contributions to GNOME, noting that Red Hat
had 16% of the overall commits and "11 of the top 20
either former or current Red Hat employees. Red Hat tends to spread its
contributions throughout GNOME, while Novell (10%) seems to focus on particular
applications. Collabora, third on the list of companies at 5%, is tightly
focused on GStreamer and Telepathy.
While he did point out that Canonical came in quite low (1%), that was
partly because it was doing a lot of work that it had not yet submitted
upstream. "It would be a better strategy to work directly with
GNOME", he said. He also noted that there may be a worry because of
Nokia's shift to Qt as it had pushed a number of startups to make
significant GNOME contributions. If much of that work was funded by Nokia,
"what happens going forward?"
His other concern was for the territory that various companies have staked
out. Should GNOME be worried for GStreamer and Telepathy if Collabora was
to go out of business, he asked. He was clear that he wasn't worried about
Collabora's future but about the more general question of GNOME modules
that are dominated by a single company—one that could change
strategies with little or no warning.
Thorsten Sick, an anti-virus developer at AVIRA, gave a nice overview of
the desktop malware landscape, with an eye toward helping GNOME avoid some
of the mistakes other desktops have made. He would like to prevent
"the Windows malware situation" from developing on the Linux
desktop. In his spare time, Sick also contributes to the GNOME Seahorse project,
which is an encryption key (e.g. SSH or PGP) manager for the desktop.
Malware has moved from "cool hacker experiments", through
"script kiddie stuff", to where it is now, which is a thriving
malware economy. Today's attacks are largely focused on extracting money
from their victims somehow. But that shift makes for one way to combat
these attackers: reducing their return on investment (ROI) will make them
turn to easier targets.
The malware scene has gotten more sophisticated over time as well;
today's attacks will try to hide from scanners and will adjust to
detection within hours.
Malware is sold with support contracts and guarantees of evading
detection. Making it more difficult to attack systems, thus raising the
price of the malware, is one way to reduce the attackers' ROI. Others
the chance of getting caught, ratcheting up the legal penalties for malware
distribution, or reducing the prices for the valuables that can be gained.
He noted that a glut of stolen credit card numbers available at one point
drastically reduced prices, which probably, temporarily anyway, reduced
attacks that targeted credit card numbers.
To the attackers, "Linux is not interesting at all right now because
#1 is not solved", he said. But that may change as Linux users
typically "feel safe" and tend not to use any anti-virus
programs on their systems. This makes for a fertile ground for attackers.
He pointed out that many in the Linux community focus on root exploits, but
"malware does not need to be root". Today's attacks are
focused at user data that is completely accessible without root access. On
the other hand, Linux distributions have some advantages over other
systems, including easy updating of the system for security problems and
various security technologies (SELinux, AppArmor, etc.) that are turned on
by some distributions.
His main point was education, and he wants Linux and GNOME to "be
prepared" for the attackers turning their eyes to that
platform. "Everyone can do a small piece of the puzzle to improve
Linux desktop security", he said.
I agree with
that if you rate conferences by "inspiration value", this
year's GUADEC ranks very highly indeed. Like Kuhn, I also found myself
where I might be able to contribute to GNOME, which is a bit amusing given
that I generally run KDE—though I am not terribly religious about
it. It was a very high-energy conference that clearly indicated a strong
and engaged project.
The conference also had two nice parties, one at a club in the city center
that was sponsored by Canonical and a beach barbecue that Collabora put
on. There were lots of interesting folks to talk to—and play Go
with—to complement the wide array of interesting presentations. The
only downside for me was a self-inflicted Rawhide upgrade that left me only
able to suspend my laptop once per boot—next time testing suspend several
times before braving a trans-Atlantic trip seems indicated.
wooden shoe slippers (at right), which were given to me as a speaker's
quite the hit with my wife after I swapped them to a smaller size. I
almost regret that switch as
I must admit that Lennart Poettering looked rather sharp in the orange
version of the slippers during one of his presentations.
In the closing session, Berlin was announced as the location for the next
GUADEC, which will be a combined conference with KDE's Akademy making for the
second desktop summit. I certainly have high hopes of attending.
[I would like to thank the GNOME foundation for its assistance with travel
costs for GUADEC. LWN depends on sponsors for our overseas (and sometimes
domestic) travel, and we truly appreciate that help.]
to post comments)