Recently, I had the opportunity to attend GUADEC in The Hague, Netherlands
and was quite impressed by the conference and the GNOME project itself.
There were many more sessions than one could possibly attend, and too many
attended to do a full write-up on. Rather than let the notes languish on
the laptop hard drive, though, a brief look at some of the other sessions I
sat in on seems warranted.
The conference venue, De Haagse Hogeschool—College (or University) of
The Hague—was an excellent facility for GUADEC, with plenty of room
for the sessions as well as a nice atrium in the center for the always
important "hallway track". The city was quite nice as well, with easy
walking to most things, and ever-present trams for places that were further
away. While there was a fair amount of the expected rain during GUADEC,
there were some very nice weather days as well. I took the opportunity to
do a little wandering around the city center—where the conference
located—my only regret is that I never made it to the Escher Museum;
another trip there is clearly called for.
GNOME and the web
Luis Villa was not the only
one who thought that GNOME should become more web-focused; there were
several other presentations that looked at various aspects of how to make
that happen. Xan Lopez of Igalia and Gustavo Noronha of Collabora nearly
short-circuited their presentation by stating their agreement with Villa
Palmieri—who has also pushed "GNOME web"—followed by the
traditional "Questions?" slide. After the laughter died down, they pushed on
to look at the history of desktops and the web, as well as how they saw
GNOME fitting in.
Lopez and Noronha noted that the basics of the desktop were invented by
Alan Kay in the 1970s and have been incrementally improved since then.
"Apple made it [the desktop UI] popular, Microsoft made it really
popular, we are trying to make it free." Web applications are
rapidly catching up to the desktop in functionality, though, and the
perception is that the desktop is "losing momentum".
technologies were not very well liked. Now, it is all HTML 5, CSS 3, and
That is because of
an evolution in the underlying languages, but also a change in focus for
applications. The most relevant applications today are "webby"
and adoption of the web as a platform is accelerating.
They looked at the evolution of web support in GNOME, starting with
gtkhtml, which was "not feature complete", to Gecko and
gtkmozembe, which was problematic because it focused on the browser, not those
who wanted to embed an HTML renderer. The most recent effort,
WebKitGTK has a number of advantages, they said. WebKit was
designed "from the ground up" to be embedded. It is also easier
to have a voice in WebKit development because there are multiple vendors
using it, unlike Gecko which is focused on Mozilla's needs.
In addition, WebKit uses existing libraries that are already used by
GNOME. For example, Gecko uses the Necko library for networking, but
libsoup. WebKitGTK is "much better suited for us", they said.
They also listed multiple GNOME applications that are using the toolkit for
rendering, like Banshee and Rhythmbox embedding browser windows into their
interfaces, multiple different browsers, the Liferea RSS reader for its
display, and even things like Gwibber and Empathy are using it for
"sexier" message display as well as more flexible layout and
"web does not exist in a vacuum" and GNOME has lots of
components to bring to the table, they said. Things like Cairo for vector
graphics or GStreamer for multimedia are used by WebKit, so the two
projects have much in common. In the mobile space, they noted that Litl
and Palm's WebOS both treat all of their applications as web applications,
but use GNOME underneath. Lopez and Noronha clearly see WebKitGTK as the
way forward for GNOME.
MeeGo hacker Rob Bradford of Intel gave a presentation on a concrete
example of integrating
web services into GNOME using LibSocialWeb and librest. The basic idea is
to keep interested applications informed of updates to the user's social
web applications, like Facebook, Flickr, Twitter, and others. Applications
can use a D-Bus interface to LibSocialWeb to register their interest in
various kinds of events and then to receive them asynchronously.
Backends are responsible for talking with each of the web services, and
each has its own D-Bus service. Currently there are backends available for
the most popular services and, depending on the API provided by the
service, they can also update the service (i.e. sending Facebook status
updates or a
photo to Flickr) in addition to being a passive listener. The backends
periodically connect to the service, parse the returned XML, and notice
things that have been added or changed. There is a common core, which is
shared by most of the backends to do the parsing and noticing.
For handling the communication tasks, librest is used. It targets RESTful web applications,
and includes a simple XML parser—as a wrapper around the more powerful
libxml2—to parse data returned from web applications. Traditional
XML parsing is "overkill for the simple data returned from most web
services", he said.
The goal is to get LibSocialWeb added as an external dependency for GNOME
3, so that GNOME applications can take advantage of it. There is still
lots to do before that can happen, Bradford said, including reworking the
client-side API as there
is "just enough" now to be able to demonstrate the
In addition to interacting with the "standard" social web services, he also
discussed other uses for LibSocialWeb. Using libchamplain to display maps
that include location information retrieved from the web (or by doing an IP
address to location lookup using GeoClue) is one. He also described a
small application that he wrote in 20 minutes to search compfight.com for Creative-Commons-licensed images that could be
used as a screen background, which could be integrated into the GNOME
All told, LibSocialWeb and librest seem like a way forward for GNOME
applications that want to be more "webby". They will presumably get a good
workout in MeeGo, which should shake loose many of the bugs and
With Seif Lofty acting as a "master of ceremonies" of sorts, several
members of the Zeitgeist team gave short presentations about
aspects of the desktop event collector and advances made since it was
introduced at last
year's desktop summit. The Zeitgeist engine is a means to capture events,
like file access, application use, or communication action, as the user
does them, and then allow applications to query the events. The
idea is that various user interfaces, like the GNOME activity journal, Nautilus, or Docky, can
then present that information in different ways to help users keep track of
what they were doing, when, where, and so on.
Thorsten Prante described the deployment of Zeitgeist in different
applications and provided use cases of how the data gathered might be
used. The activity journal gives a timeline-based look at what the user
was doing on different days or at different points within a day. It can
then answer questions like "when did I do X?", and "what else did I do
then?". But it goes further than that as correlations can be made with
location or other applications or documents used at the same time.
This gives users a "time-referential access" to their
activities, which will help them "go back to where [they] left
off", he said. Correlating that information with chat and email
history "can show the big picture of what you've been doing".
Adding application-specific information like browser history can help give
a better context for which related tasks the user was
performing—leading to better workflow.
Former Google Summer of Code participant—now core
maintainer—Siegfried Gevatter talked about Zeitgeist framework. Over
the last year, a new, better performing database structure has been
adopted, along with a more powerful D-Bus API. Applications can push
events into Zeitgeist using Python, C, Vala, or directly using the D-Bus
The framework is "intended to be enhanced with plugins", he
said. Those plugins are written in Python, reside in the Zeitgeist
process, and "manipulate events in and out". They can provide
their own D-Bus API and handle tasks like blacklisting, geolocation, adding
file content and full text search events, etc. At the end of his
mini-presentation, Gevatter demonstrated an application that placed various
activities on a map (from OpenStreetMap naturally) so that a user could see
where, geographically, they were when they performed those tasks—all
in "200 lines of Python".
After that, Youness Alaoui presented the newest part of Zeitgeist: the
Teamgeist framework. Teamgeist was motivated by a "lack of real-time
collaboration tools", he said. Sharing desktop events between team
members is the idea behind the framework, so that others can see what you
were doing and pick up where
you left off. Teamgeist started with a prototype last year and, since
sponsored work on a "full-fledged" implementation.
The criteria for sharing events is under the control of each user, but
there are multiple use cases that Alaoui presented, including sharing of
online research progress, files edited, documents created, and so on.
Teamgeist uses Telepathy "tubes" to exchange events currently, but other
transports could be added, sharing events through email for example. The
vision for Teamgeist is that teams could be fully aware of what the other
members are doing, sharing files and documents through version control
repositories or via some kind of cloud storage.
The most eye (and headline) catching result from Dave Neary's GNOME census
report was the less-than-stellar ranking of Canonical among corporate
but that was certainly not the thrust of his presentation. He set out to
examine the makeup of GNOME committers because he "thought it would
be an interesting thing to know". But he also pointed out that
partners and potential partners, the press, big institutional clients,
vertical application developers, and headhunters all have expressed
interest in that kind of data at times.
Neary measured changesets, rather than lines of code (LoC), because LoC is
"not a good measure", though he admitted that changesets was
not a perfect measure either. He looked at the commits from the GNOME 2.30
release in March 2010 and before, omitting some external dependencies,
deprecated modules, and GNOME mobile.
He used various tools to gather his statistics, gitdm and CVSAnaly
primarily along with a number of shell scripts. He put the data into MySQL
for easy access and querying and used Gnumeric for his charts. One of the
biggest difficulties was to try to disambiguate multiple email addresses
that corresponded to the same developer and to properly attribute
developer's contributions to their employer—or to "none" as
the talk show some interesting trends. The "Rhythm" graph shows the number
of commits over time, which clearly shows the post-GUADEC flurry of work as
well as the steep dropoff in commits at each release point. There is,
unsurprisingly, a long tail in the number of commits based on each
committers rank: there are some 3500 committers, with the top 200
accounting for the overwhelming majority of commits—number 1000 in
the ranking has only 2 or 3 commits, he said.
There is an interesting mix between two kinds of prolific developers, he
said, as they either have "thousands of commits in a few modules or
hundreds of commits in many modules". That reflects a split between
specialists and generalists among GNOME hackers.
He also looked at the company contributions to GNOME, noting that Red Hat
had 16% of the overall commits and "11 of the top 20
either former or current Red Hat employees. Red Hat tends to spread its
contributions throughout GNOME, while Novell (10%) seems to focus on particular
applications. Collabora, third on the list of companies at 5%, is tightly
focused on GStreamer and Telepathy.
While he did point out that Canonical came in quite low (1%), that was
partly because it was doing a lot of work that it had not yet submitted
upstream. "It would be a better strategy to work directly with
GNOME", he said. He also noted that there may be a worry because of
Nokia's shift to Qt as it had pushed a number of startups to make
significant GNOME contributions. If much of that work was funded by Nokia,
"what happens going forward?"
His other concern was for the territory that various companies have staked
out. Should GNOME be worried for GStreamer and Telepathy if Collabora was
to go out of business, he asked. He was clear that he wasn't worried about
Collabora's future but about the more general question of GNOME modules
that are dominated by a single company—one that could change
strategies with little or no warning.
Thorsten Sick, an anti-virus developer at AVIRA, gave a nice overview of
the desktop malware landscape, with an eye toward helping GNOME avoid some
of the mistakes other desktops have made. He would like to prevent
"the Windows malware situation" from developing on the Linux
desktop. In his spare time, Sick also contributes to the GNOME Seahorse project,
which is an encryption key (e.g. SSH or PGP) manager for the desktop.
Malware has moved from "cool hacker experiments", through
"script kiddie stuff", to where it is now, which is a thriving
malware economy. Today's attacks are largely focused on extracting money
from their victims somehow. But that shift makes for one way to combat
these attackers: reducing their return on investment (ROI) will make them
turn to easier targets.
The malware scene has gotten more sophisticated over time as well;
today's attacks will try to hide from scanners and will adjust to
detection within hours.
Malware is sold with support contracts and guarantees of evading
detection. Making it more difficult to attack systems, thus raising the
price of the malware, is one way to reduce the attackers' ROI. Others
the chance of getting caught, ratcheting up the legal penalties for malware
distribution, or reducing the prices for the valuables that can be gained.
He noted that a glut of stolen credit card numbers available at one point
drastically reduced prices, which probably, temporarily anyway, reduced
attacks that targeted credit card numbers.
To the attackers, "Linux is not interesting at all right now because
#1 is not solved", he said. But that may change as Linux users
typically "feel safe" and tend not to use any anti-virus
programs on their systems. This makes for a fertile ground for attackers.
He pointed out that many in the Linux community focus on root exploits, but
"malware does not need to be root". Today's attacks are
focused at user data that is completely accessible without root access. On
the other hand, Linux distributions have some advantages over other
systems, including easy updating of the system for security problems and
various security technologies (SELinux, AppArmor, etc.) that are turned on
by some distributions.
His main point was education, and he wants Linux and GNOME to "be
prepared" for the attackers turning their eyes to that
platform. "Everyone can do a small piece of the puzzle to improve
Linux desktop security", he said.
I agree with
that if you rate conferences by "inspiration value", this
year's GUADEC ranks very highly indeed. Like Kuhn, I also found myself
where I might be able to contribute to GNOME, which is a bit amusing given
that I generally run KDE—though I am not terribly religious about
it. It was a very high-energy conference that clearly indicated a strong
and engaged project.
The conference also had two nice parties, one at a club in the city center
that was sponsored by Canonical and a beach barbecue that Collabora put
on. There were lots of interesting folks to talk to—and play Go
with—to complement the wide array of interesting presentations. The
only downside for me was a self-inflicted Rawhide upgrade that left me only
able to suspend my laptop once per boot—next time testing suspend several
times before braving a trans-Atlantic trip seems indicated.
wooden shoe slippers (at right), which were given to me as a speaker's
quite the hit with my wife after I swapped them to a smaller size. I
almost regret that switch as
I must admit that Lennart Poettering looked rather sharp in the orange
version of the slippers during one of his presentations.
In the closing session, Berlin was announced as the location for the next
GUADEC, which will be a combined conference with KDE's Akademy making for the
second desktop summit. I certainly have high hopes of attending.
[I would like to thank the GNOME foundation for its assistance with travel
costs for GUADEC. LWN depends on sponsors for our overseas (and sometimes
domestic) travel, and we truly appreciate that help.]
Comments (16 posted)
The second LinuxCon event was held in Boston on August 10-12, preceded by a
number of minisummits. This conference featured a wide variety of speakers
and an enthusiastic audience which filled most sessions to the point of
overflowing. LinuxCon has clearly become the dominant North American Linux
conference. What follows are notes taken by your editor from a number of
the more interesting presentations.
The view from Oracle
Oracle vice president Wim Coekaerts started off the conference with a
keynote talk on how much Oracle likes Linux. The Oracle database was first
ported to Linux in 1998, just barely winning a race with Informix to be the
first commercial database on Linux. The big push started in 2002; now some
20% of Oracle's installed base runs on Linux (as opposed to 27% on
Solaris). Surprisingly enough, Wim's talk did not cover Oracle's lawsuit
which was just about to land on Google and its Android Linux distribution.
Oracle, it seems, has a list of things it would like to see improved with
Linux. Wim pointed out diagnosis tools (tracing and such) as a weak point;
he asked the community to recognize that non-hacker users need to be able
to support Linux in production situations and could benefit from better
tools. Testing was also high on the list; Wim said that nobody is testing
mainline kernels - a claim that was disputed during the kernel panel later
the same day. Oracle runs some
kernel tests of its own, but would like to see more testing done
elsewhere. It would also be nice, he said, if more tests could be added to
the kernel repository itself, and if distributors could stay closer to the
mainline so that testing results would be more relevant to the kernels they
Oracle also wants to see more testing of the full stack; there is a test kit available to help
in this regard.
Wim talked up Oracle's contributions, including work with NFS over IPv6,
the contribution of the reliable datagram protocol implementation,
support for the T10DIF data integrity standard (making Linux the
first platform with that feature), improvements to Xen, and, of course,
btrfs. It was a convincing discussion of how much Oracle likes Linux, but
Oracle's subsequent actions have ensured that any associated warm fuzzy
feelings did not last long.
"Harmony" seems to be a popular choice for controversial projects; your
editor first encountered the name associated with an ill-fated attempt to
replace the (then) non-free Qt toolkit. The latest Project Harmony touches
on another difficult issue: contributor agreements for free software
projects. This project is headed up by Canonical counsel Amanda Brock, who
ran a BOF session about it at LinuxCon.
The core idea behind this Harmony project is that contributor agreements
are a pain. They are seen as a waste of time, they are often unclear and
complicated, and it's not always clear who should be signing them. Those
who do sign these agreements do not always understand what they are
agreeing to. Project
Harmony is trying to make life easier for everybody involved by creating a
set of standardized agreements that everybody understands. These
agreements, we were told, are to be drafted by the Software Freedom Law
Center, so we can hope that the end result will not be too contrary to the
needs of developers.
There will never be a single, one-size-fits-all agreement, of course, so
the standardized version will have a number of options which can be chosen.
The especially controversial issue of copyright assignment will be one of
those options. Others will include the license to be applied to
contributions, indemnification, etc. The idea is to try to cover the
wishes of most projects in a standard way.
It seems that quite a few of the people involved with this project are
opposed to the idea of contributor agreements (or at least certain types
of agreements) in general. They are involved because they realize that
these agreements are not going away and they want to keep an eye on the
process. One reason that the list of participants has not been made public
is that a number of these people do not want to be publicly-associated with
the concept of contributor agreements.
Given that, it's not entirely surprising that Project Harmony seems to be
treading cautiously and trying not to step on anybody's toes. The end
result will not advocate any particular choices, and will avoid calling
into doubt the agreement any agreements that specific projects may be using
Efforts are being made to make the project more transparent; it seems like
it's mostly a matter of placating nervous participants. Stay tuned.
Open medical devices
Karen Sandler has been a lawyer at the Software Freedom Law Center for some
years now. She is also, unfortunately, afflicted with a heart condition
which carries the risk of sudden death; one need not be a lawyer to want to
try to mitigate a risk like that. To that end, she now has an implanted
device which works to ensure that her heart continues to function in a way
which keeps the rest of her body happy and healthy. She is, she says,
"Karen the cyborg."
Being a free-software-minded cyborg, Karen started to wonder about the
software which was about to be implanted into her body. So she went to the
various manufacturers of the type of device she needed, asking about the
software and whether she could see the source. These manufacturers were somewhat
surprised by the request, but wasted no time in turning it down. Karen
would really like to take a look at the software which is attached to her
heart, but she eventually had to give in and accept the implantation of a
In the process, though, she wrote a
paper on software in medical devices for the SFLC. There is, she says,
a real issue here: some 350,000 pacemakers are implanted in the US every
year, and nobody knows anything about the software on them. Or, it seems,
almost nobody knows: some others have already figured out ways to hack
these devices. It seems that a number of them use no encryption or
security in their communications with the world and can conceivably be made
to do unfortunate things.
In general, when the US Food and Drug Administration is considering medical
devices for approval, it does not look at the software at all. The agency
just does not have the time to do that level of research. But the wider
community could look at that code, if it were to be made available.
There should be little harm to the manufacturer in releasing its code - if
the code is good; patients do not choose pacemakers based on which has the
flashiest proprietary code. Like most medical system reforms, this one
looks like an uphill battle, but many of our lives may well depend on its
Web services and freedom
Stormy Peters is the executive director of the GNOME Foundation, which is
concerned with the creation of a free desktop system. Increasingly,
though, she has been looking at issues beyond the desktop, and issues
surrounding web-based services in particular. Unless we're careful, she
says, our use of such services risks giving away much of the freedom that
we have worked so hard to build for ourselves.
A lot of people have made a lot of sacrifices over the years, she says, to
create our free desktops. Many of them did that work because they believe
in freedom. Others, though, worked in this area because they were tired of
the blue screen of death and wanted something a little more reliable. The
providers of web services have successfully taken away the pain of the
BSOD, and, as a result, a lot of us have gotten lazy. We have, Stormy
says, forgotten about freedom. As a result, they are becoming trapped by
systems which compromise their private information, entrap their data, and
may block them out at any time.
That said, people in the community are working on some good initiatives.
She mentioned Firefox
sync as one example: there are two passwords involved and all data is
encrypted so that Mozilla cannot look at (or disclose) it. Also mentioned
were identi.ca and the Tomboy online effort.
There are things we should bear in mind when evaluating an online service.
One is data: how do you delete it, and what happens to it? Then there's
the issue of backups: users should always have a data backup under their
control in case
they get shut out of the service. We should, Stormy says, create services
which make the creation of backups easy. Lock-in is another issue: how
easy is it to move to a competing service? And, finally, is licensing;
Stormy is a fan of the Affero GPL, which requires that the source for the
service be available.
As free software developers, we should make sure that our software
integrates well with online services, and we should be working toward the
creation of truly free services. We also need to solve the problem of
hosting for these services; she mentioned the Gobby collaborative editor, which,
she says, is a great tool with no hosting available. We need better APIs
for service integration; Grilo
and libgdata were mentioned in
this context. And, of course, we need web-aware desktop applications.
All told, it's a tall order, but it's one we have to face up to if we care
about our freedom.
Comments (9 posted)
Many electrons have been expended in the discussion of Oracle's
recently-filed lawsuit against Google alleging patent and copyright
infringements in the Android platform. Your editor is somewhat reluctant
to contribute to the flood; at this point, the amount of real information
which is available is minimal while the amount of speculation is high.
This will be an important case, though; the world will be watching to see
how it turns out. So here are a few thoughts to add to the pile.
The patents all cover various aspects of the implementation of
Java-based systems. Some of them seem rather trivial; others are quite
broad. One of them, for example, would appear to cover the concept of a
just-in-time compiler. Those wanting details can see the
complaint itself, which lists the patents in question, and this page
on the End Software Patents wiki for a look at each patent and the
beginning of an attempt to collect prior art. The short summary, though,
is that we're just dealing with another set of obnoxious software patents;
these are not the silliest ones your editor has ever seen. The patents
used for Apple's attack on
Android cover much more fundamental concepts.
The patents may or may not stand up to a determined prior-art defense, but
chances are that it will not come to that. Prior art is a hard way to go
when defending against patents, which enter the courtroom under the halo of
presumed validity. What we may see, instead, is an attempt to push the
inadequate Bilski decision to
get the whole mess invalidated as a set of unpatentable abstract ideas.
That would be a risky course which would take years to play out, but there
is the potential, at least, of dealing a severe blow to software patents in
general. One can always dream.
Meanwhile, there are many outstanding questions about whether Oracle (or,
more precisely, Sun before Oracle) has licensed these patents to the world,
either implicitly through the GPLv2 code release, or explicitly via patent
grants. Only a court will be able to provide a definitive answer to that
sort of question, but it is not obvious that such a license exists. The
explicit patent grants are generally tied to exact implementations of the
language and library specifications, with neither subsets nor supersets allowed.
Android's Dalvik is not such an implementation. There may be an implicit
patent grant with Sun's GPL-licensed code, but Android does not use that
code. Dalvik is not governed by Sun's license, so it may be hard to claim
protection under the patent grant which is (implicitly) found in that
But, then, your editor is not a lawyer and his opinions on any subject are
known to have a tenuous grip on reality; just ask your editor's children.
The complaint also alleges copyright infringement, but no specifics are
available at this time. There is some speculation
that Oracle sees an "unauthorized" implementation of the Java specification
as an infringement on that specification's copyright. For now, though, we
must wait to see what Oracle is really claiming.
This is not an attack on free software in general, despite the fact
that Google would like to see the community view it that way. It is an
attack on a specific platform (much of which is free software) by a
rapacious company which has just bought an expensive asset and wants to
squeeze some revenue from it. It seems quite likely that this suit would
have happened in the same way if Dalvik were proprietary. Even if Oracle
gets everything it wants, the damage to the wider free software community
will be limited. We were strong before the advent of Android, and would
remain strong if it were to be removed from the scene.
That said, we are certainly stronger with a free Android than without, and
we surely do not want to see a thriving free software platform taken down
(or taxed) by a patent troll.
What is going on here is that the mobile market is seen as a gold mine, and
everybody is trying to grab a piece of it in one way or another. Some
companies are most interested in gaining their slice through the creation
of mobile platforms that people actually want to buy and use; others are
more inclined toward getting theirs through the courts. And some companies
are doing both. As a result, anybody trying to work in this market is
currently embroiled in lawsuits; see this
diagram in the New York Times for a summary of where things stood back
in March. It will be most interesting to see if this whole mess can be
resolved. In the past, such situations have led to the creation of patent
pools - not a free-software-friendly solution.
Despite this suit, and despite the withdrawal of OpenSolaris, Oracle seems
to be determined to continue to work with the community on other fronts.
The company claims to contribute to a long list of projects, and it
employs a number of well-respected developers. One assumes that those
projects will not start rejecting contributions from those developers. But
neither will those projects deal with Oracle in the future without
wondering, if just for a moment, what the company's motives and goals
really are. It may not be an attack on free software in general, but this
lawsuit has shown that Oracle is willing to use software patents to attack a
specific free software project that it disagrees with.
This move will kill a lot of the trust between Oracle and the
development community; now one cannot help but wonder what might happen if,
say, an OpenSolaris or MySQL fork starts to overshadow the original.
Non-free platforms should be avoided. Sun released much of the Java
code under the GPL - eventually - but it never made Java truly free. The
company went out of its way to retain control over the language and of any
implementations of it; control over the specifications, copyright
licensing policies forcing control over the code, and software patents
held in reserve do not add up to a platform one can trust. Sun seemingly
feared forks above all else, and so went out of its way to eliminate the
freedom to fork whenever possible. The result was a non-free and hazardous
platform; Oracle now seems to be saying that it cannot even be implemented
independently without infringing both patents and copyrights. This kind of
suit would not have happened had Google decided to
make its own version of, say, Python.
There is no absolute security in this world. But there is relative
security, and, by now, it should be clear that the relative security of a
platform owned and controlled by a single corporation is quite low.
Corporations, by their nature, are not trustworthy beasts; even the most
well-intentioned company is only one bad quarter (or one takeover) away
from becoming an aggressive troll. Sun was unlikely to sue over a
not-really-Java virtual machine, but Sun has been replaced by a company
with a rather different mindset. That company now has control over a
platform that many people have based their businesses on, and, as we can
see, it will react strongly when it sees a potential threat to that
How all this will turn out is anybody's guess. Perhaps Google will pay the
troll to have some peace to continue to pursue the goal of total Android
world domination. Perhaps some parts of Android will become more closed.
Or perhaps Google will fight to the end while simultaneously executing an
emergency backup plan which involves shifting the whole platform to the
Ruby language. One thing that can be said is that, as long as software
patents remain a threat, we will continue to see cases like this.
Comments (127 posted)
Page editor: Jonathan Corbet
Next page: Security>>