Some GUADEC notes [LWN.net]

By Jake Edge
August 18, 2010

Recently, I had the opportunity to attend GUADEC in The Hague, Netherlands and was quite impressed by the conference and the GNOME project itself. There were many more sessions than one could possibly attend, and too many attended to do a full write-up on. Rather than let the notes languish on the laptop hard drive, though, a brief look at some of the other sessions I sat in on seems warranted.

The conference venue, De Haagse Hogeschool—College (or University) of The Hague—was an excellent facility for GUADEC, with plenty of room for the sessions as well as a nice atrium in the center for the always important "hallway track". The city was quite nice as well, with easy walking to most things, and ever-present trams for places that were further away. While there was a fair amount of the expected rain during GUADEC, there were some very nice weather days as well. I took the opportunity to do a little wandering around the city center—where the conference hotel was located—my only regret is that I never made it to the Escher Museum; another trip there is clearly called for.

GNOME and the web

Luis Villa was not the only one who thought that GNOME should become more web-focused; there were several other presentations that looked at various aspects of how to make that happen. Xan Lopez of Igalia and Gustavo Noronha of Collabora nearly short-circuited their presentation by stating their agreement with Villa and John Palmieri—who has also pushed "GNOME web"—followed by the traditional "Questions?" slide. After the laughter died down, they pushed on to look at the history of desktops and the web, as well as how they saw GNOME fitting in.

Lopez and Noronha noted that the basics of the desktop were invented by Alan Kay in the 1970s and have been incrementally improved since then. "Apple made it [the desktop UI] popular, Microsoft made it really popular, we are trying to make it free." Web applications are rapidly catching up to the desktop in functionality, though, and the perception is that the desktop is "losing momentum".

Earlier web-centric development used HTML 4, CSS, and JavaScript, but those technologies were not very well liked. Now, it is all HTML 5, CSS 3, and JavaScript, and "everyone loves JavaScript". That is because of an evolution in the underlying languages, but also a change in focus for applications. The most relevant applications today are "webby" and adoption of the web as a platform is accelerating.

They looked at the evolution of web support in GNOME, starting with gtkhtml, which was "not feature complete", to Gecko and gtkmozembe, which was problematic because it focused on the browser, not those who wanted to embed an HTML renderer. The most recent effort, WebKitGTK has a number of advantages, they said. WebKit was designed "from the ground up" to be embedded. It is also easier to have a voice in WebKit development because there are multiple vendors using it, unlike Gecko which is focused on Mozilla's needs.

In addition, WebKit uses existing libraries that are already used by GNOME. For example, Gecko uses the Necko library for networking, but WebKit uses libsoup. WebKitGTK is "much better suited for us", they said. They also listed multiple GNOME applications that are using the toolkit for rendering, like Banshee and Rhythmbox embedding browser windows into their interfaces, multiple different browsers, the Liferea RSS reader for its display, and even things like Gwibber and Empathy are using it for "sexier" message display as well as more flexible layout and theming.

The "web does not exist in a vacuum" and GNOME has lots of components to bring to the table, they said. Things like Cairo for vector graphics or GStreamer for multimedia are used by WebKit, so the two projects have much in common. In the mobile space, they noted that Litl and Palm's WebOS both treat all of their applications as web applications, but use GNOME underneath. Lopez and Noronha clearly see WebKitGTK as the way forward for GNOME.

MeeGo hacker Rob Bradford of Intel gave a presentation on a concrete example of integrating web services into GNOME using LibSocialWeb and librest. The basic idea is to keep interested applications informed of updates to the user's social web applications, like Facebook, Flickr, Twitter, and others. Applications can use a D-Bus interface to LibSocialWeb to register their interest in various kinds of events and then to receive them asynchronously.

Backends are responsible for talking with each of the web services, and each has its own D-Bus service. Currently there are backends available for the most popular services and, depending on the API provided by the service, they can also update the service (i.e. sending Facebook status updates or a photo to Flickr) in addition to being a passive listener. The backends periodically connect to the service, parse the returned XML, and notice things that have been added or changed. There is a common core, which is shared by most of the backends to do the parsing and noticing.

For handling the communication tasks, librest is used. It targets RESTful web applications, and includes a simple XML parser—as a wrapper around the more powerful libxml2—to parse data returned from web applications. Traditional XML parsing is "overkill for the simple data returned from most web services", he said.

The goal is to get LibSocialWeb added as an external dependency for GNOME 3, so that GNOME applications can take advantage of it. There is still lots to do before that can happen, Bradford said, including reworking the client-side API as there is "just enough" now to be able to demonstrate the functionality.

In addition to interacting with the "standard" social web services, he also discussed other uses for LibSocialWeb. Using libchamplain to display maps that include location information retrieved from the web (or by doing an IP address to location lookup using GeoClue) is one. He also described a small application that he wrote in 20 minutes to search compfight.com for Creative-Commons-licensed images that could be used as a screen background, which could be integrated into the GNOME control center.

All told, LibSocialWeb and librest seem like a way forward for GNOME applications that want to be more "webby". They will presumably get a good workout in MeeGo, which should shake loose many of the bugs and limitations.

Zeitgeist

With Seif Lofty acting as a "master of ceremonies" of sorts, several members of the Zeitgeist team gave short presentations about aspects of the desktop event collector and advances made since it was introduced at last year's desktop summit. The Zeitgeist engine is a means to capture events, like file access, application use, or communication action, as the user does them, and then allow applications to query the events. The idea is that various user interfaces, like the GNOME activity journal, Nautilus, or Docky, can then present that information in different ways to help users keep track of what they were doing, when, where, and so on.

Thorsten Prante described the deployment of Zeitgeist in different applications and provided use cases of how the data gathered might be used. The activity journal gives a timeline-based look at what the user was doing on different days or at different points within a day. It can then answer questions like "when did I do X?", and "what else did I do then?". But it goes further than that as correlations can be made with location or other applications or documents used at the same time.

This gives users a "time-referential access" to their activities, which will help them "go back to where [they] left off", he said. Correlating that information with chat and email history "can show the big picture of what you've been doing". Adding application-specific information like browser history can help give a better context for which related tasks the user was performing—leading to better workflow.

Former Google Summer of Code participant—now core maintainer—Siegfried Gevatter talked about Zeitgeist framework. Over the last year, a new, better performing database structure has been adopted, along with a more powerful D-Bus API. Applications can push events into Zeitgeist using Python, C, Vala, or directly using the D-Bus interface.

The framework is "intended to be enhanced with plugins", he said. Those plugins are written in Python, reside in the Zeitgeist process, and "manipulate events in and out". They can provide their own D-Bus API and handle tasks like blacklisting, geolocation, adding file content and full text search events, etc. At the end of his mini-presentation, Gevatter demonstrated an application that placed various activities on a map (from OpenStreetMap naturally) so that a user could see where, geographically, they were when they performed those tasks—all in "200 lines of Python".

After that, Youness Alaoui presented the newest part of Zeitgeist: the Teamgeist framework. Teamgeist was motivated by a "lack of real-time collaboration tools", he said. Sharing desktop events between team members is the idea behind the framework, so that others can see what you were doing and pick up where you left off. Teamgeist started with a prototype last year and, since then, Collabora sponsored work on a "full-fledged" implementation.

The criteria for sharing events is under the control of each user, but there are multiple use cases that Alaoui presented, including sharing of online research progress, files edited, documents created, and so on. Teamgeist uses Telepathy "tubes" to exchange events currently, but other transports could be added, sharing events through email for example. The vision for Teamgeist is that teams could be fully aware of what the other members are doing, sharing files and documents through version control repositories or via some kind of cloud storage.

GNOME census

The most eye (and headline) catching result from Dave Neary's GNOME census report was the less-than-stellar ranking of Canonical among corporate contributors, but that was certainly not the thrust of his presentation. He set out to examine the makeup of GNOME committers because he "thought it would be an interesting thing to know". But he also pointed out that partners and potential partners, the press, big institutional clients, vertical application developers, and headhunters all have expressed interest in that kind of data at times.

Neary measured changesets, rather than lines of code (LoC), because LoC is "not a good measure", though he admitted that changesets was not a perfect measure either. He looked at the commits from the GNOME 2.30 release in March 2010 and before, omitting some external dependencies, deprecated modules, and GNOME mobile.

He used various tools to gather his statistics, gitdm and CVSAnaly primarily along with a number of shell scripts. He put the data into MySQL for easy access and querying and used Gnumeric for his charts. One of the biggest difficulties was to try to disambiguate multiple email addresses that corresponded to the same developer and to properly attribute developer's contributions to their employer—or to "none" as appropriate.

The slides [slideshare] from the talk show some interesting trends. The "Rhythm" graph shows the number of commits over time, which clearly shows the post-GUADEC flurry of work as well as the steep dropoff in commits at each release point. There is, unsurprisingly, a long tail in the number of commits based on each committers rank: there are some 3500 committers, with the top 200 accounting for the overwhelming majority of commits—number 1000 in the ranking has only 2 or 3 commits, he said.

There is an interesting mix between two kinds of prolific developers, he said, as they either have "thousands of commits in a few modules or hundreds of commits in many modules". That reflects a split between specialists and generalists among GNOME hackers.

He also looked at the company contributions to GNOME, noting that Red Hat had 16% of the overall commits and "11 of the top 20 contributors" were either former or current Red Hat employees. Red Hat tends to spread its contributions throughout GNOME, while Novell (10%) seems to focus on particular applications. Collabora, third on the list of companies at 5%, is tightly focused on GStreamer and Telepathy.

While he did point out that Canonical came in quite low (1%), that was partly because it was doing a lot of work that it had not yet submitted upstream. "It would be a better strategy to work directly with GNOME", he said. He also noted that there may be a worry because of Nokia's shift to Qt as it had pushed a number of startups to make significant GNOME contributions. If much of that work was funded by Nokia, "what happens going forward?"

His other concern was for the territory that various companies have staked out. Should GNOME be worried for GStreamer and Telepathy if Collabora was to go out of business, he asked. He was clear that he wasn't worried about Collabora's future but about the more general question of GNOME modules that are dominated by a single company—one that could change strategies with little or no warning.

Malware

Thorsten Sick, an anti-virus developer at AVIRA, gave a nice overview of the desktop malware landscape, with an eye toward helping GNOME avoid some of the mistakes other desktops have made. He would like to prevent "the Windows malware situation" from developing on the Linux desktop. In his spare time, Sick also contributes to the GNOME Seahorse project, which is an encryption key (e.g. SSH or PGP) manager for the desktop.

Malware has moved from "cool hacker experiments", through "script kiddie stuff", to where it is now, which is a thriving malware economy. Today's attacks are largely focused on extracting money from their victims somehow. But that shift makes for one way to combat these attackers: reducing their return on investment (ROI) will make them turn to easier targets.

The malware scene has gotten more sophisticated over time as well; today's attacks will try to hide from scanners and will adjust to anti-virus detection within hours. Malware is sold with support contracts and guarantees of evading detection. Making it more difficult to attack systems, thus raising the price of the malware, is one way to reduce the attackers' ROI. Others include increasing the chance of getting caught, ratcheting up the legal penalties for malware distribution, or reducing the prices for the valuables that can be gained. He noted that a glut of stolen credit card numbers available at one point drastically reduced prices, which probably, temporarily anyway, reduced attacks that targeted credit card numbers.

To the attackers, "Linux is not interesting at all right now because Ubuntu bug #1 is not solved", he said. But that may change as Linux users typically "feel safe" and tend not to use any anti-virus programs on their systems. This makes for a fertile ground for attackers.

He pointed out that many in the Linux community focus on root exploits, but "malware does not need to be root". Today's attacks are focused at user data that is completely accessible without root access. On the other hand, Linux distributions have some advantages over other systems, including easy updating of the system for security problems and various security technologies (SELinux, AppArmor, etc.) that are turned on by some distributions.

His main point was education, and he wants Linux and GNOME to "be prepared" for the attackers turning their eyes to that platform. "Everyone can do a small piece of the puzzle to improve Linux desktop security", he said.

Concluding thoughts

I agree with Brad Kuhn's assessment that if you rate conferences by "inspiration value", this year's GUADEC ranks very highly indeed. Like Kuhn, I also found myself wondering where I might be able to contribute to GNOME, which is a bit amusing given that I generally run KDE—though I am not terribly religious about it. It was a very high-energy conference that clearly indicated a strong and engaged project.

The conference also had two nice parties, one at a club in the city center that was sponsored by Canonical and a beach barbecue that Collabora put on. There were lots of interesting folks to talk to—and play Go with—to complement the wide array of interesting presentations. The only downside for me was a self-inflicted Rawhide upgrade that left me only able to suspend my laptop once per boot—next time testing suspend several times before braving a trans-Atlantic trip seems indicated.

The cow-themed wooden shoe slippers (at right), which were given to me as a speaker's gift, were quite the hit with my wife after I swapped them to a smaller size. I almost regret that switch as I must admit that Lennart Poettering looked rather sharp in the orange version of the slippers during one of his presentations.

In the closing session, Berlin was announced as the location for the next GUADEC, which will be a combined conference with KDE's Akademy making for the second desktop summit. I certainly have high hopes of attending.

[I would like to thank the GNOME foundation for its assistance with travel costs for GUADEC. LWN depends on sponsors for our overseas (and sometimes domestic) travel, and we truly appreciate that help.]

(Log in to post comments)

Some GUADEC notes

Posted Aug 19, 2010 22:21 UTC (Thu) by elanthis (guest, #6227) [Link]

The problem with viruses on Windows has a lot to do with the software ecosystem on Windows, which is entirely different than on Linux. On Windows, you get software by browsing the Web and clicking a Download link on some site.

On Linux, you either magically know the cryptic package name of the software you want or browse the packages in a huge bloated repository, and then hope that the software you want is actually packaged for your distro and that it is actually up to date (and if it's not, you generally have to wait 6+ months for the next version of the distro to roll out, and then you upgrade EVERYTHING to get one package updated).

The Windows way is far, far, far more user and developer friendly. Users don't find software by browsing a freaking package repo. They find software from friends sending them links or with Google, or links off of other sites. The Linux method requires finding that software, then transitioning to another app to find it AGAIN to get it installed. Gross. The Windows way is better for developers because it gives them the ability to create ready-to-go installers instead of having to wait for half a dozen popular distributions (and hundreds more of unpopular ones) to actually package up the software, which may take months to years after the software first comes out.

The Windows way is also more dangerous, because there is no central authority in charge of the software and installers. Thus, anti-virus software is needed to protect users from themselves. Windows itself is not inherently super insecure. I know more than a few people who've never used anti-virus software and never gotten a virus on their comptuers, because they are idiots and they don't download random crap from random sites that nobody with a clue would ever trust. Most people are uneducated and clueless, though.

I whole-heartedly believe that Linux needs to at least support the Windows software distribution model to really meet Ubuntu bug #1. There is more software out there than even Debian's 15,000 package repository scratches the surface of. There are applications that need frequent updates to even be useful (e.g., tax software) that can't wait for 6-month release cycles There are users who need bug fixes when the app is released, not when some unrelated packager gets around to updating the distro's updates repository. There are applications that -- plain and simple -- are proprietary and will never be in ubuntu's or Fedora's repos, but real users really want and would rather not have a computer than live without (e.g., games, which the Linux folks CONSTANTLY underestimate the extreme importance of to regular everyday home users).

When (or more likely if; I doubt it'll happen soon, if ever) Linux distros start shipping at least an installer packager to supplement their core repos with a distro-neutral package format (that can also automatically install an update URL for PackageKit to check) that is friendly to componentized software (e.g., not just a single big huge RPM you download and install, but a package that can let the installer look at a URL to grab dependencies not in the core repo) and software on multiple-disc media (many games are coming out requiring 2 or more DVDs for all the content), Linux will find itself in need of anti-virus software.

If the distros would stop cock-blocking software like AutoPackage and other failed attempts at installation software, they could actually realize that there's a huge strength in buildign in a standardized third party software installation tool. Windows is a mess because there are a billion different installers, and anti-virus software basically has to scan every .exe ever run. With a unified, single installer that all third-party software has to go through (what Microsoft is slowly trying to get with .msi, but for legacy reasons it has a loooong way to go) you can remove a lot of the bloat of anti-virus software by only really needing to run it at install time. It wouldn't be fool-proof, but nothing is, and it would be Enough(tm) for most cases.

Unfortunately, the distros are too focused on imposing as many artificial barriers of incompatibility between each other as they possibly can, while forcing users to use a central repository as much as possible to maintain control. They claim its for protection and stability, but at best it's laziness and at worst it's just user hostility.

Some GUADEC notes

Posted Aug 20, 2010 0:36 UTC (Fri) by Trelane (guest, #56877) [Link]

"Linux needs to at least support the Windows software distribution model"

It does. InstallShield should sound familiar to you, and it has a Linux version. There are a number of other pieces of software, with a myriad of installers, just like in Windows.

Some GUADEC notes

Posted Aug 20, 2010 7:45 UTC (Fri) by nhippi (subscriber, #34640) [Link]

> that it is actually up to date (and if it's not, you generally have to wait 6+ months for the next version of the distro to roll out, and then you upgrade EVERYTHING to get one package updated).

That is true and certainly very bad. But it doesn't need the "windows way" to get fixed. Providing newer versions of selected apps with repository model without full upgrade of distro is possible, as done in debian-volatile. However, it requires that the application developer is careful enough not constantly move to using new features of underlying OS libraries.

> The Windows way is far, far, far more user and developer friendly. Users don't find software by browsing a freaking package repo.

Not true. Don't think windows, think Apple. iPhone App store specifically. Not on desktops yet (apart from steam), but the "browse package repo" model is very much there, easier to use, and I have no doubt it will come to Desktops eventually.

Why is it more easier to use? when googling, you get links to lots of stuff that a) isn't application b) isn't application for your system. In a app store every search result is a application for your system. App store also puts a limit on malware and crapware if there is some QA control, user feedback loop and recall feature included. The repository model provides fixes and updates of installed applications automatically. In windows model most apps get never upgraded after installed, while other applications create their own updaters.

The only use experience difference (lets ignore that app store bans GPL and ubuntu propiertary software for the sake of discussing just UX) between app store and say ubuntu software central is that developers contribute directly to app store while in ubuntu it is typically done by ubuntu developers. Now of course the upstream can contribute directly to ubuntu, and some do. However, they really don't make it clear and certainly make it a hassle to do so.

> The Windows way is better for developers because it gives them the ability to create ready-to-go installers instead of having to wait for half a dozen popular distributions (and hundreds more of unpopular ones) to actually package up the software

Now this is the real problem. However, windows model won't fix it. Instead of making packages for dozens of distros, they would need to make their installer support dozens of distros. Not a big win.

The only solution is to make most distros die. Kill one linux distribution by implementing its added value in a mainstream distro and we are one step towards global domination. Unlikely to happen, distro developers are too emotionally attached to their own distributions to let go.

However, the time is on our side. More and more software needs not be installed at all. How many of your non-tech friends install local email client instead of reading gmail in a browser? Instead of installing inkscape why not point your browser to http://muro.deviantart.com/ ? Tax software, why on earth would something that needs essentially forms and buttons be a installable binary that needs regular updates? With WebGL a good deal of games can be implemented within browser. And other emerging html5 features continue to push more applications to the browser.

Linux vs Windows software availability

Posted Aug 20, 2010 23:55 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

The only solution is to make most distros die. Kill one linux distribution by implementing its added value in a mainstream distro and we are one step towards global domination.

Isn't the ultimate implementation of this idea to merge all versions of Linux into Windows?

Long ago, Bill Gates defended some Microsoft monopolistic actions by saying computers would be a lot easier to use if everyone had the same kind. Though there are obvious drawbacks to that, we're talking today about how right he was about that.

One reaction I had to the original comment is that it arbitrarily collects all Linux together and compares it to Windows, as one platform. Wouldn't it be more logical comparison to ask what it would take to make Fedora as easy to add stuff to as Windows? And then the answer is pretty simple: as many users as Windows has.

Linux vs Windows application installability

Posted Aug 21, 2010 0:07 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

However, the time is on our side. More and more software needs not be installed at all. How many of your non-tech friends install local email client instead of reading gmail in a browser?

That's a funny way of defining "on our side." It's like saying, "time is on this multiple sclerosis sufferer's side, because he also has cancer and will be dead before the MS gets really bad."

You're pointing out that technology is swinging back toward centrally maintained computers with simple terminals, and there are no complexities of installing new applications on a simple terminal. You take gmail as Google gives it to you, period.

Online tax software

Posted Aug 26, 2010 14:15 UTC (Thu) by markhb (guest, #1003) [Link]

"Tax software, why on earth would something that needs essentially forms and buttons be a installable binary that needs regular updates?"

Because many users prefer to keep their tax records to themselves rather than trusting them to Joe's Tax Prep Site (even if Joe's Site is actually quicken.com).

Some GUADEC notes

Posted Aug 30, 2010 15:25 UTC (Mon) by michaeljt (subscriber, #39183) [Link]

> If the distros would stop cock-blocking software like AutoPackage and other failed attempts at installation software, they could actually realize that there's a huge strength in buildign in a standardized third party software installation tool.

Another way of doing this would be to have a meta-package format that can be used to generate .debs, .rpms and whatever. Then upstream authors could include such a meta-package build script with their software, and use it themselves to provide packages for any distributions they cared about (with users building binary packages for anything the developers couldn't handle and sending them back to the developers). And distribution people could send back packaging fixes to the build script (or to the maintainers of the meta-packaging system when appropriate) to ensure that the resulting packages fitted in with their distributions rules and requirements.