LWN Weekly Edition
Leading itemsSecurity
Kernel development
Distributions
Development
Announcements
->Multipage format
This page
Previous weekFollowing week
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for May 24, 2012A look at Tizen 1.0 on the developer deviceOn the final day of the Tizen Developer Conference in San Francisco, Samsung distributed developer devices to registered attendees. Although they are not fully-functional consumer devices by any means, the devices did provide the first opportunity for most developers to see the new platform's mobile phone incarnation outside of an emulator. Developer hardwarePhysically, the device is shaped like a largish mobile phone, with a 4.5-inch diagonal (720 by 1280) touchscreen, three buttons, dual cameras, audio jack, and mini USB port. Inside, the platform is based on Samsung's Exynos 4210 system-on-chip, which is also found in Samsung's production phones. The processors are ARM: a dual-core Cortex A9 CPU, paired with a Mali 400 GPU. 1GB of RAM is available, plus 16GB of storage and a microSD card slot. Additional hardware includes WiFi, Bluetooth, GPS, and NFC, plus a SIM card slot. ![[Tizen developer device]](/images/2012/tizen-dev-main-sm.jpg)
As a development aid, the size of the device works to its advantage. Although it is large for a phone, the on-screen keyboard and other touch widgets are much easier to hit than those on a pocket-sized device. On the other hand, the microSD and SIM card slots can only be accessed by taking apart the outer shell, which means rapid-swapping of cards will be difficult. There may be developers who lament the lack of a hardware keyboard, too, although the device is intended to be accessed through the Tizen SDK over a USB connection. Thus far it is unclear if the SIM slot is supported in software; the SIM cards I tried are not recognized even for non-modem operations such as contacts import, and no one appears to have gotten it up and running. Bluetooth is provided by a Broadcom 4330, which also supplies the WiFi and is FM radio-capable, but out of the box Bluetooth and FM are not enabled. Similarly, the NFC chip is a PN544 from NXP, which is the most widespread NFC chip supplier, but it is not yet used by the software stack. A standard complement of accelerometer, digital compass, and three-axis gyroscope sensor is also included. SoftwareThe installed software is the Tizen 1.0 "Larkspur" release, which officially debuted on April 30. The code represents a merger of Intel's MeeGo work with the Samsung Linux Platform (SLP), which was derived from LiMo. Although use of the Enlightenment Foundation Libraries (EFL) in the graphics stack is the most widely-publicized piece of SLP, there are others — including SLP's 3G telephony stack. At the conference, the Tizen project made it clear that oFono (an Intel project pre-dating MeeGo) was due to be ported over as Tizen's telephony stack; this may explain the SIM compatibility issue, as the device is alleged to be the same hardware used in Samsung's Android-powered Galaxy S2, and the modem driver may not have been ported to SLP. Other parts of the Tizen 1.0 stack are interesting, too. The display server is X, although here again at the conference it was explicitly said that a port to Wayland is in the works. The effort consists of completing the port of EFL to Wayland, and of optimizing the speed of the platform's web runtime. Input is handled by the SLP Input Service Framework and by the XGesturesExtension originally authored by Canonical. The latter has since evolved into the uTouch framework, which makes the platform an unusual blend of technologies of different ages. ![[Tizen contacts app]](/images/2012/tizen-dev-app-sm.jpg)
The underpinnings are certainly worth exploring, but most developers will probably be more interested in exploring the HTML5-based application API. The device includes a small set of reference applications — browser, phone, messages, clock, contacts, calendar, image gallery and audio player — plus a comprehensive system settings utility. The demo applications bear many similarities to their MeeGo counterparts; perhaps the phone application more than others, and the media applications a bit less so, but all will feel familiar. Stylistically, most use flat colors, with sharp edges and corners, subtle highlighting via box outlines, and what desktop Linux vendors have come to call symbolic, monochrome icons. Most provide top tabs for navigating between the application's pages and place function buttons at the bottom of the screen. Where vertical scrolling is required, the scroll bar widget is a thin, translucent overlay that appears only while scrolling, and fades out. It does appear that the outermost edge of the screen is sensitive to scroll events, which can be tricky on mobile devices. On the other hand, none of the demo applications seems to show off multi-touch gesture recognition. Several of the applications show off a nice assortment of data entry widgets. For example, the alarm clock setting screen features a drop-down selector that scrolls through the hour or minute options horizontally. But it sports a separate radio-button selector for choosing the notification type, which unrolls a bit like an unfolding map. On the whole, all of the transitions are smooth, and navigation between pages and elements is simple. ![[Tizen calculator app]](/images/2012/tizen-dev-calc-sm.jpg)
That said, a few of the demo applications use a completely different widget style. The calculator uses rounded buttons with a slight 3D embossed effect, gradients, and a faux-leather background. The stopwatch and timer screens in the clock emulate an LCD screen and a different faux-leather look, respectively, and feature their own UI widget styles. Were this a commercial product, the differences in look and feel would be cause for concern; in a demo suite, though, they simply show competing options for GUI styling. Samsung's J.D. Choi showed off several advanced applications in his conference keynote, utilizing the platform's OpenGL support, but there is no official word when they — or a system update enabling missing pieces like Bluetooth, NFC, and SIM support — might land. DevelopmentOf course, demo applications cannot be the end of the story. Tizen seeded the devices to developers at the conference in order to jumpstart independent application development. But it will be quite some time before anyone should expect to see output. The Mer project has started to dig into the lower levels of the system, including the u-boot bootloader, and is working on booting an OS from the microSD card. Thomas Perl has succeeded in building and running Python and PyGame on the device, and more and more developers are popping in to ask practical questions on the mailing list and on IRC. The preferred method for writing applications is the Tizen SDK, which for the moment is only available for Windows and 32-bit Ubuntu systems, but enterprising hackers have found ways around that limitation already. We will provide a more in-depth look at the SDK and assorted development tools in another story soon. In the meantime, it is good to finally see Tizen running on a physical hardware device. Yes, the experience is much the same as that provided by the SDK emulator and reviewed around the web, but a modern development device makes all the difference in the world. There may be no third-party applications to install just yet, but that was also the situation shortly after the release of the Nokia N950 last year, and today there are hundreds. Which just goes to show that if you want software, the simplest thing you can do is give the open source community tools and a platform on which to build. [ The author would like to thank the Tizen project and the Linux Foundation for support to attend the conference. ]
The new "community" MandrivaMandriva SA, the company behind the Mandriva distribution, has announced it will return control of the distribution back "to the community." But exactly how that will play out in practice remains unclear, since the company was unable to convince the Mageia distribution to participate in the new effort — but, conversely, is cooperating with Mageia for future products. Communities and entitiesMandriva made the community hand-over announcement on May 17, saying that it had decided to "transfer the responsibility of the Mandriva Linux distribution to an independent entity." The announcement outlines only a rough plan, with the formation of a governing body that will include representatives from Mandriva SA, but will not be under the company's direct control. The company will also continue to contribute its engineering resources to Mandriva development. The announcement then states that the details of the organization's governance model, processes, and other infrastructure will be fleshed out over the next few months, a process to be handled by a still-in-formation workgroup of community members. There have been several forks of the Mandriva distribution, but by far the largest is Mageia. Yet the Mageia board announced on May 21 that it had decided not to join the new Mandriva workgroup — at least, not as a group. The announcement enumerates five reasons for the decision. First, the Mageia board feels that the Mageia.org organization already meets the needs that Mandriva SA gave for forming a new entity, and felt that the company should have joined it instead. Second, Mageia has "invested a lot of time and energy" to define Mageia as it is. Third, there is a lack of information about the future direction of the proposed Mandrake community entity. Fourth, the Mageia project does not have enough resources to take on a new project in addition to its existing work. Finally, because Mageia is already free software, code sharing between the projects can already happen without establishing any formal arrangement. Some of the listed reasons are perplexing. Clearly the first two indicate that the project thought Mandriva SA should simply adopt Mageia as its community distribution as-is. That would offer technical challenges, since the two projects have diverged in key areas since the original split (package managers, for example), as well as trademark issues. The last two are easily justifiable — patches do already flow back and forth between the distributions, and one rarely hears of a distribution project with too much time and developer resources on its hands. But the middle reason is a puzzle. It sounds as if the Mageia board rejected an offer to take a seat (or seats) on the Mandriva community governance entity, when the stated offer was a place in the workgroup that will define the entity's standards and practices. If the Mageia board was concerned about the future direction of the new project or entity, surely participating in the workgroup would be the best way to influence that direction for the better. Comments on the Mandrake SA announcement indicate that at least one other Mandriva fork, ROSA, is joining the workgroup. Products, products, productsThe other wrinkle in the Mandriva makeover story is Mandriva SA's May 20 product announcement. In the post, the company outlines new product plans and how they relate to the evolving situation with the base distribution. The desktop product will be based on the new community-managed version of Mandrake, as will its OEM and education offerings. Pulse2, the company's corporate system deployment and management product, will continue to be developed and contributions will be made back to the Mandriva community. The company's server offering, however, will be based on Mageia. Mageia confirmed the arrangement in the blog post linked to above, saying that it arose out of talks with Mandriva SA. It is not clear whether the decision involves any sort of development effort on Mageia's (or individual Mageia developers') part, but the project did take pains to emphasize that it had no bearing on the future development of Mageia itself. Several commenters on the Mandriva announcement asked why the company would choose to build its server product on a different code base than its desktop product, particularly in light of the divergence between Mandriva and Mageia and Mageia's 18-month life cycle (which is brief for a server distribution). So far, there has not been an elaboration on the business server arrangement from either party. But that could simply be lack of time; Mageia released the final version of Mageia 2 on May 22. We previewed the release in April. Mandriva, meanwhile, has started to flesh out the beginnings of its community development plan on its wiki, and ROSA has rolled out its latest release. Hopefully, with the new release out the door at Mageia, and the Mandriva workgroup taking shape, we will soon hear more details.
A uTouch architecture introductionAs the Linux desktop increases in popularity, the user interface experience has become increasingly important. For example, most laptops today have multitouch capabilities that have yet to be fully exposed and exploited in the free software ecosystem. Soon we will be carrying around multitouch tablets with a traditional Linux desktop or similar foundation. In order to provide a high-quality and rich experience we must fully exploit multitouch gestures. The uTouch stack developed by Canonical aims to provide a foundation for gestures on the Linux desktop.
uTouch capabilitiesThe new X.org multitouch features allow for multitouch support in applications. We now have a software stack, uTouch, built on top of this multitouch support that can provide for practically any gesture scenario imaginable. A "gesture" is normally thought of as a two-dimensional movement made by the user on some sort of input device—a two-finger pinch, for example, or a three-finger downward drag. Teaching a computer to recognize these movements requires a lower-level description, though; in uTouch, this description consists of values like the number of touches, movement thresholds, and timeout values. An application may register a "gesture subscription" describing a specific gesture and be notified when that gesture is recognized by the uTouch subsystem. Those notifications take the form of a sequence of events describing the gesture motion over time. Key to understanding how uTouch works is knowledge of all the typical gesture use cases. First, we have the concept of gesture primitives: drag, pinch (including both "pinch" and "spread"), rotate, and tap. These primitives make up the foundation of all intuitive gestures. They can be strung together as needed for more complex gestures, such as a double tap. Stroke gestures, such as drawing an ‘M’ to open the mail client, may be recognized as a specific long gesture sequence, or as a sequence of drag gestures. Note, however, that uTouch does not have stroke gesture detection facilities built-in. Second, there are two fundamental object interaction types: single motion, single interpretation gestures and direct object manipulation. The former involves gestures like a two-touch swipe to go backward and forward through browser history, while the latter involves gestures like a three touch drag to move an application window around the desktop. The single motion, single interpretation gestures require thresholds and/or timeouts. For example, the colloquially implied difference between a swipe and a drag is that a swipe must be a quick motion in a given direction, whereas a drag may be any motion that manifests in a displacement in space. To put it in uTouch gesture subscription terms, a swipe is a drag primitive gesture with a displacement threshold that must be crossed within a specific amount of time. For example, when implementing browser history gestures a two-touch swipe may be implemented with a threshold of 100 pixels over half of a second. In contrast, direct object manipulation usually implies a zero threshold. For example, as soon as three touches begin on a window, the window should be movable. Most simple gesture interactions may be handled through gesture subscriptions consisting of the required gesture primitives and the object interaction types. However, there are times when an application needs to have further control over gesture recognition. For example, a bezel drag gesture occurs when the user begins a drag from the bezel of the screen and moves inward. This gesture must be distinguished from the user initiating a touch at the edge of the screen. The problem lies in the fact that both the bezel drag and the direct touch near the edge of the screen look indistinguishable at the beginning of the gesture. The distinguishing aspect is that the bezel drag is perpendicular to the bezel and has a non-zero initial velocity as seen by the touchscreen, whereas the direct touch near the edge of the screen will likely not have an initial velocity and/or may not be moving perpendicular to the bezel. To cater for a client that cares about one of these gestures but not the other, uTouch requires the client to accept or reject every gesture. When a gesture is rejected, the touches may be replayed to the X server, which allows for the mixing of gestures and raw multitouch in the same application. Another facet of uTouch, as hinted above, is that, by default, it operates through "touch grab" semantics. When used on top of X.org, uTouch gestures are recognized from touches received through touch grabs. One benefit of this approach is the ability to mix gestures and raw multitouch in the same application. However, it also allows for priority handling of gestures. For example, system gestures may be handled by a client listening to touches through a grab on the root window. When gestures are not recognized or are rejected by the uTouch client, the touches are replayed to the next touch grab or selecting client. Thus, global gestures, application gestures, and raw multitouch events are all possible when using uTouch. The last major feature of uTouch is the ability to recognize multiple simultaneous gestures in the same area. For example, imagine a game where the user pinches bugs on the screen to squash them. The screen is one large gesture input area, but the user may use both hands to pinch bugs. In order to facilitate this interaction mode, whenever new touches begin within the gesture area they are combinatorially matched with other touches that begin within a "glue" time period. In our game example there is a two-touch pinch gesture subscription. If four touches begin in the game area within the glue time period, six combinations of potential gestures will be matched. As touch events are delivered, the state of each matched gesture will be updated and then checked against the threshold and timeout for the gesture subscription. If a gesture meets the threshold and timeout criteria, it will be delivered to the client. The client can then attempt to match up the touches of the gesture against its context to determine whether to accept or reject each gesture. In the example below, there will be four pinch gestures sent to the client:
There will be potential pinch gestures for: AB, CD, AD, and BC (AC and BD, by virtue of moving in the same direction, are not considered to be potential pinches). The application must determine which gestures make sense. One method would be to hit test the initial centroid of each gesture against the bugs on the screen. All gestures that hit a bug are accepted. Note that uTouch automatically rejects overlapping gestures, so as soon as AB and CD are accepted, AD and BC will be implicitly rejected. There is a twist to this complex logic, however. Gesture events are received serially. The client may need to know if more gestures are possible for a set of touches. For example, if both one-touch and two-touch drag gestures are subscribed, a two touch drag will cause two one-touch drag gestures and a two-touch drag gesture. If the uTouch client receives a one-touch drag first, it may not realize that a two-touch drag is coming for the touch as well. To handle this issue, a gesture property is provided to denote the finish of gesture construction for all of its touches. When a gesture has finished construction, the client knows that it has received all possible gestures containing the same touches. Thus, in the one- and two-touch drag example the one touch gesture will not emit the gesture construction property until at least the two-touch gesture begin event has been sent to the client. The uTouch stack was designed to be flexible and provide for all possible gesture use cases. However, it is recognized that not all clients will care about multiple simultaneous gestures. There are plans to create a gesture subscription option that precludes the ability to have multiple simultaneous gestures. This will effectively push some policy into the recognizer, such as a preference for gestures with more touches. This will be particularly useful when subscribing to gestures on an indirect device, like a touchpad, where multiple simultaneous gestures are likely not wanted. Lastly, uTouch is a complete gesture stack that surpasses the functionality of all available consumer platforms. uTouch works well with both touchscreens and touchpads, and supports both gestures and raw touch events in the same window or region of an application. In contrast, Windows only supports touchscreens and either gestures or raw touch events, but not both, in a given window. OS X supports touchpads but not touchscreens. Mobile platforms are limited to touchscreen support and single-application gestures at a time due to their modal task design. In contrast to each of these platforms, uTouch has been designed from the ground up to support all device types and all known use cases, including multiple applications and windows at the same time.
The technical architecture of uTouchuTouch consists primarily of three components: uTouch-Frame, uTouch-Grail, and uTouch-Geis. Each of these will be described briefly below. uTouch-Frame groups touches into units that are easier for uTouch-Grail to operate on. Gestures are recognized per-device and per-window, so touches are grouped into units representing pairs of devices and windows. This is also where all backends for each window system are implemented. uTouch-Frame events are platform independent.
Some window systems, like X11, also have the concept of touch sequence acceptance and rejection. This functionality is provided through uTouch-Frame as well. Touch sequence acceptance and rejection is a core aspect of the uTouch stack when used for system-level gestures. Imagine a finger painting application listening for raw touch events (not gestures) is open on a desktop environment where three-touch swipes are used to switch between applications. When the user performs such a swipe, uTouch accepts the touch sequences on behalf of the window manager and switches applications. This prevents the painting application from handling (or even seeing) the touches. In contrast, when the user performs a three-touch tap, uTouch rejects the touch sequences because they do not match a known gesture. The painting application then receives the rejected touch sequences. uTouch-Grail is the gesture recognizer of the uTouch project. It takes the per-device, per-window touch frames from uTouch-Frame and analyzes them for potential gestures.
Grail events are generated by frame events. Rather than duplicate the uTouch-Frame data, grail events contain gesture data and a reference to the frame event that generated it. This allows for uTouch clients to see the full touch data comprising a gesture. Grail gesture events are comprised of a set of touches, a uniform set of gesture properties, and a list of recognized gesture primitives. Again, the supported primitives are: drag, pinch, rotate, and tap. The gesture properties are:
Drag, pinch, and rotate properties are encapsulated by the affine transformations. For more detail on how to use 2D affine transformations, please see this excellent Wikipedia article on transformation matrices. During operation, a pool of recently-begun touches is maintained. In the current implementation this pool includes any touches that have begun within the past 60 milliseconds of "glue" time. When a new touch begins, it is combined in all possible combinations with touches in this pool in order to create potential gestures matching any active subscriptions. A new gesture instance is created for each combination of touches. Each instance has an event queue, and new instances have one begin event describing the original state of the touches. The events are queued until any gesture primitive is recognized. When frame events are processed, any changes to touches in a gesture instance generate a new grail event. The new touch state is analyzed, and subscription thresholds and timeouts are analyzed to determine if any of the subscription gesture primitives have been recognized. For example, the default rotate threshold is 1/50th of a revolution, and the default rotate timeout is one half second. If the threshold is met before the timeout expires, the rotate gesture primitive is recognized. When a gesture primitive has been recognized, the grail event queue is flushed to the client. The client must process the gesture events and make a decision on whether to accept or reject each gesture. uTouch-Geis is the C API layer for the uTouch implementation. uTouch originally began as a private X.org server extension. It has since been updated, bringing it out of the X.org server and into the client side of the X11 system. This required a complete rewrite of uTouch-Frame and uTouch-Grail. However, we have managed to maintain API and ABI compatibility through uTouch-Geis, albeit with a few behavioral changes. uTouch-Geis has two API versions, version 1, a simpler interface, and version 2, an advanced interface. Although both are currently supported, the first version is deprecated in favor of the more flexible second version. uTouch-Geis also makes gesture event control simpler by wrapping much of the X.org interaction behind an event loop abstraction. The uTouch stack requires careful management of touch grabs and timers. Any client may use uTouch-Frame and uTouch-Grail directly, but uTouch-Geis vastly simplifies incorporating gestures into an application. See the uTouch-Geis API documentation for more information.
Toolkit and application developmentuTouch-Geis is nice, but its C API is still a bit cumbersome in certain scenarios. The uTouch team has created a QML plugin called uTouch-QML in order to make gesture integration in QML applications easier. This plugin provides native QML elements for subscribing and handling gestures. It currently uses a legacy gesture handling system in the uTouch stack that does not provide for gesture accept/reject semantics or simultaneous gestures, but we plan to update it to include those features over the next six months.We also have begun work on a gesture recognition system for the Chromium web browser. There are many potential gesture interactions that we hope to leverage in the browser. An initial implementation was proposed, but a rearchitecture of the gesture plumbing in Chromium required us to refactor it. We hope to merge an implementation into Chromium in the next few months.
ConclusionOver the past two years the uTouch team has been working hard to bring multitouch gestures to the Linux desktop. We now have a complete stack that rivals, and in many ways surpasses, what is possible on other platforms. We look forward to further integration of uTouch gestures in desktop environments and applications, and we encourage everyone to take a look at what our stack has to offer.
Next week's edition will be one day lateDue to the US Memorial Day holiday on May 28, and a day off for the LWN crew, next week's edition will be published on Friday June 1. Whether you are celebrating on Monday or not, we hope you have a nice 28th of May, and we'll resume normal service on the 29th.
Security Exploring options for the openSUSE security policyPartly in response to Linus Torvalds's (in)famous Google+ rant about desktop security—openSUSE in particular—Andreas Jaeger and others have started gathering use cases for the administration of Linux systems. The target is to try to find a balance between security and convenience for openSUSE users. Part of the difficulty is that Linux distributions are installed on a variety of systems with very different security needs, which makes it difficult to choose any particular default security scheme. A single-user desktop or laptop has very different security needs from those of a shared desktop or server. Torvalds's complaint was specifically about the root password being needed to add a printer to his daughter's laptop, but he was also unhappy with needing privileges to change the time zone and wireless network. For a system where the only user is also the administrator—at least a semi-privileged administrator—it makes sense to allow those kinds of changes without the root password. But on other systems, like shared machines or servers, it almost certainly doesn't make sense for random users to have those powers. That's where the balancing act comes in. If a distribution is meant to be installed for several different scenarios, there is no One True Way to set the privileges of users. Even for single-user systems there are differences. Torvalds undoubtedly administers his own laptop differently than he wants his daughter's handled. For the former, he may want to allow package installation using his own password, the root password, or possibly no password at all (though one would guess that's not likely). But, for his daughter's system he wants to hold the root password himself, while allowing a limited number of privileged operations to be done by her. While Torvalds is a high-profile user, his complaints are likely similar to those of others. In order to help determine what the right security configuration is for openSUSE, Jaeger, Marcus Meissner, and Ludwig Nussel put together a list of use cases that describe tasks that users want to do along with a short security evaluation of each. Things like setting the system time, accessing the network, changing firewall settings, adding printers, package installation, and so on, are listed. Jaeger also posted a "call for action" to the opensuse-factory mailing list, asking for feedback and new use case suggestions. Much of the resulting conversation centered around the "roles and profiles" that were also described on the web page. There is a tension between convenience for single-user machines and those with more complicated situations, thus higher security needs. But, even among those who would like to see less privilege required for some operations on single-user machines, there are differences of opinion on which operations—and what privilege to require. For example, Marguerite Su wants to be able to install software without the root password on a laptop, but others including Bryen M Yunashko are not so sure that's what they want. There are also different classes of package installation to consider. Installing an update to a package from a "known good" repository is very different from installing a new package, downgrading a package to an earlier version, or adding a repository. The credentials required for each might be different depending on the scenario. That part of the thread highlights part of the difficulty in finding the right default settings. The distribution will need to have some way to specify which of the profiles (e.g. single-user, administered single-user, multi-user, server, etc.) should govern, say at installation time, but will also need some way for the overall profile to change, while also allowing individual users to tweak the settings based on their needs. It is a more complex problem than it might seem at first. Suggestions in the thread range from Carlos E. R.'s installation-time dialogs to determine the right profile to Su's idea of PolKit packages for different profiles and use cases to Hans Witvliet's more granular approach with multiple types of administrative roles that could be assigned to a user. Any or all of those could make up some part of a solution, but in a response to Witvliet, Jaeger focused on the question of defaults:
You could add all those roles but I fear it makes administration more
difficult. How can we setup in an easy way the most use cases? We still might
need for the last 10% esoteric options a config file to change the defaults
but what is the normal way?
Finding workable defaults that will cover the majority of cases is clearly needed. Finding a set that will avoid rants like Torvalds's, while still giving a reasonable level of security to openSUSE users, is paramount. But there also needs to be a way for those with different needs to adjust the policies appropriately. Pulling all of that together in a way that is easy to understand, use, and tweak, will be an even harder problem. But it's a problem that needs solving and not just for openSUSE; there are opportunities for cross-distribution collaboration here as well.
Brief items Security quotes of the week
No matter what anyone tells you, you never need to apologize or feel guilty
for using "setenforce 0"
-- David
Miller
As any computer user already knows, passwords are a usability disaster: you
are basically told to "pick something you can’t remember, then don’t write
it down", which is worse than impossible if you must also use a different
password for every account. Moreover, security-wise, passwords can be
shoulder-surfed, keylogged, eavesdropped, brute-forced and phished. Notable
industry insiders have long predicted their demise. Over the past couple of
decades, dozens of alternative schemes have been proposed. Yet here we are
in 2012, still using more and more password-protected accounts every
year. Why? Can’t we do any better? Don’t the suggested replacements offer
any improvements?
-- Frank
Stajano researches password replacement schemes
After applying a patch to the LUFA USB keyboard demo, I had my handy USB-AVR-as-Keyboard stick ready to crash Xorg:
-- Kees Cook
[...] - .UnicodeString = L"LUFA Keyboard Demo" + .UnicodeString = L"Keyboard (%n%n%n%n)"In fact, it was so [successful] that after I got the code right and programmed it, Xorg immediately crashed on my development machine. :)
Just block the whole site, Mike.
-- Lauren
Weinstein (with apologies to Paul Simon)
Go censor the file, Kyle. Now spy on the mail, Dale. And you're on your way
Do a bandwidth cap, Jack.
Security vulnerability in sudo's netmask function patched (The H)The H reports on a vulnerability in sudo when it is configured for IP-based restrictions on users (typically only for centrally managed sudoers files). "When the developers added IPv6 support, they inadvertently made the matching routine used for IPv4 networks call the IPv6 matching routines when no IPv4 match was found. Because the IPv6 fields would be uninitialised, it was possible for the system to think it had found a match where there wasn't one. Finding a match would, in turn, mean permission would be granted for whatever command the rule was controlling, even when the system was on a different network."
The problem with nerd politics (The Guardian)Over at the Guardian, Cory Doctorow writes about two problems that govern the relationship between politics and technically oriented folks ("nerds" in Doctorow-speak): "nerd determinism" and "nerd fatalism". "But, while it's true that geeks can get around this sort of thing – and other bad network policies, such as network-level censorship, or vendor locks on our tablets, phones, consoles, and computers – this isn't enough to protect us, let alone the world. It doesn't matter how good your email provider is, or how secure your messages are, if 95% of the people you correspond with use a free webmail service with a lawful interception backdoor, and if none of those people can figure out how to use crypto, then nearly all your email will be within reach of spooks and control-freaks and cops on fishing expeditions."
A Tale of Two Pwnies (Part 1)For those interested in complex exploits: the Chromium Blog describes how a sequence of six independent bugs was exploited to execute code within the Chromium browser. "Even though Chrome’s renderers execute inside a stricter sandbox than the GPU process, there is a special class of renderers that have IPC interfaces with elevated permissions. These renderers are not supposed to be navigable by web content, and are used for things like extensions and settings pages. However, Pinkie found another bug (117417) that allowed an unprivileged renderer to trigger a navigation to one of these privileged renderers, and used it to launch the extension manager. So, all he had to do was jump on the extension manager’s IPC channel before it had a chance to connect."
New vulnerabilities android-tools: udev rules set insecure permissions
backuppc: cross-site scripting
chromium: multiple vulnerabilities
feedparser: denial of service
ikiwiki: cross-site scripting
libxml2: code execution
openoffice.org: code execution
perl-Config-IniFiles: insecure temporary files
pidgin-otr: code execution
rubygem-mail: arbitrary command execution
sympa: authorization bypass
sudo: privilege escalation
update-manager: multiple vulnerabilities
wireshark: denial of service
Page editor: Jake Edge Kernel development Brief items Kernel release statusThe 3.4 kernel is out, released on May 20. Significant features in this release include the Yama security module, support for the x32 ABI, asymmetric multiprocessing support, the dm-verity device mapper target, and more. For details, see the always-excellent KernelNewbies 3.4 page.The 3.5 merge window is open as of this writing; see the separate article below for a summary of interesting changes merged so far. Stable updates: 3.0.32 and 3.3.7 were released on May 21, 3.2.18 on May 21, and 2.6.34.12 on May 22.
Quotes of the week
Enough data has come in to satisfy me that with all the
improvements in Linux over the last year, and with BQL, codel and
fq_codel, that we've won a major battle in the war against
bufferbloat.
— Dave Täht
else if(!strcmp(str, "pony")) {
tsc_clocksource_reliable = 1;
sched_clock_stable = 1;
tsc_perfect_smp_synchronization = 1;
}
else if (!strcmp(str, "real")
panic("Can't handle real TSCs!\n");
Prediction: instead of Oracle coming out and admitting they were
morons about their idiotic suit against Android, they'll come out
posturing and talk about how they'll be vindicated, and pay lawyers
to take it to the next level of idiocy.
— Linus
Torvalds
Sometimes I really wish I wasn't always right. It's a curse, I tell you.
Kernel development news The 3.5 merge window opensShortly after the release of the 3.4 kernel, Linus started the entire process all over again for the 3.5 development cycle; over 2,500 changesets were pulled into the mainline on the first day, and 4,600 have been merged as of this writing. It looks like it will be an interesting cycle with a lot of new stuff coming in and the removal of a bunch of old cruft. As of this writing, user-visible changes pulled for 3.5 include:
Changes visible to kernel developers include:
If the usual schedule holds, this merge window can be expected to close around June 4. Watch this space next week for coverage of the next sets of patches to be pulled into the mainline for the 3.5 development cycle.
Preparing for nonvolatile RAMOnce upon a time, your editor had a job that involved working with a Data General Nova system. The Nova had an interesting characteristic: since it contained true core memory, the contents of that memory would persist across a reboot—or a power-down. So the end-of-day shutdown procedure was a simple matter of turning the machine off; when it was turned on the next morning, it would simply continue where it was before. There were no complaints about system boot time with that machine. The replacement of core memory with silicon-based RAM brought a lot of nice advantages, but the nonvolatile nature was lost on the way. But it appears that nonvolatile memory may be about to make a comeback, bringing some interesting development problems with it.Matthew Wilcox raised the issue, noting that nonvolatile memory (NVM) is coming, that it promises bandwidth and latency numbers similar to those offered by dynamic RAM, and that, being cheaper than DRAM, it is likely to be offered in larger sizes than DRAM is. He later disclaimed any resemblance between this description and any future products to be offered by his employer; it is, he says, simply where the industry is going. Given that, it would be a good idea for the kernel community to be ready for this technology when it arrives. One part of being ready is figuring out how to deal with nonvolatile memory within the kernel. The suggested approach was to use a filesystem:
We think the appropriate way to present directly addressable NVM to
in-kernel users is through a filesystem. Different technologies
may want to use different filesystems, or maybe some forms of
directly addressable NVM will want to use the same filesystem as
each other.
A filesystem approach would allow the association of names with regions of NVM space; an API was then proposed to allow the kernel to perform tasks like mapping regions of NVM into the kernel's address space. One question that came up quickly was: won't the use of the filesystem model slow things down? There is a lot of overhead in the block layer, which was not designed to deal with "storage" that operates at full memory bandwidth. Matthew was never thinking of bringing in the full block layer, though; instead, he said: "I'm hoping that filesystem developers will indicate enthusiasm for moving to new APIs." Such enthusiasm was in short supply in this discussion; that is probably more indicative of a lack of thought about the problem than any sort of active opposition (which was also in short supply). James Bottomley, though, questioned the filesystem idea, suggesting that NVM should be treated like memory. He said that the way to access NVM might be through the kernel's normal memory APIs, with nonvolatility just being another attribute of interest. One could imagine calling kmalloc() with a new GFP_NONVOLATILE flag, for example. The only problem with this approach is that it is not enough to request an arbitrary nonvolatile region; callers will usually want a specific NVM region that, presumably, contains data from a previous use. So the memory API would have to be extended with some sort of namespace giving reliable access to persistent data. To many, that namespace looks like a filesystem; James suggested using 32-bit keys like the SYSV shared memory mechanism does, but admirers of SYSV IPC tend to be scarce indeed on linux-kernel. So, while there are a lot of details to be worked out, some sort of name-based kernel API seems certain to come about. Then there will be a mechanism, either through the memory-related or filesystem-related system calls, to make NVM available to user space. But that leads to another, perhaps harder question: what, then, do we do with all that fast, nonvolatile memory? Some of it, certainly, could be used for caching; technologies like bcache could make good use of it. The page cache could go there; Matthew suggested that the inode cache might be another possibility. Both could speed booting considerably, though it would be necessary to somehow validate the cache contents against filesystems that could have changed while the system was down. Boaz Harrosh suggested that filesystems could store their journals in that space, speeding journal access and reducing journal I/O load on the underlying storage devices. He also mentioned checkpointing the system to NVM, allowing for quick recovery should the system go down unexpectedly. Vyacheslav Dubeyko had some wilder ideas about how NVM could eliminate system bootstrap entirely and make the concept of filesystems obsolete; instead, everything would just live in a persistent object environment. Clearly, many of these ideas are going to take some time to come to fruition. Nonvolatile memory changes things in fundamental ways; Linux may have to scramble to keep up, but, then, that is a high-quality problem to have. It will be most interesting to watch how this plays out over the coming years.
Removing four bytes from the kernel ABIFour bytes may not seem like a lot of space—typically it isn't—but when that space is wasted millions of times, it starts to add up. In addition, if the extra space has become part of the kernel ABI (intentionally or not), it will be difficult to remove it. That particular problem came up again in a recent linux-kernel discussion regarding the trace event header. Just over a year ago, we looked at the unused lock_depth field in event headers. Frederic Weisbecker had added the field temporarily to assist in removal of the big kernel lock (BKL), and once the BKL was gone Steven Rostedt removed those, now useless, four bytes from the header. Unfortunately, in the interim, PowerTOP had started accessing events in the perf ring buffer, so removing lock_depth broke PowerTOP. That field wasn't actually used by PowerTOP, but the tool expected the header to have a particular size, which changed after Rostedt removed the wasted space. That led to a reversion of the removal, which means that every event recorded by ftrace or perf has added overhead. The event format is fully self-describing, however, so there is no need for utilities like PowerTOP to grub around in the binary data making assumptions about what the format is. It was, however, easier to read the data directly rather than parse the format description, which is why PowerTOP did so. Rostedt has created a library to parse trace events using the format data that the kernel provides to avoid that situation in the future. That library was picked up by the recently released PowerTOP 2.0, so Rostedt posted an RFC asking when the lock_depth field—renamed to padding as part of the revert—could be removed. Linus Torvalds was not particularly concerned about the wasted space, but did want to understand which distributions were picking up the new PowerTOP. It turns out that the version in Fedora 14 (which Torvalds said he still uses sometimes) is old enough that it doesn't use perf events at all, so it is unaffected. More recent Fedoras (16, 17) are using PowerTOP 1.98 which won't work with kernels built without the padding. The assumption in the thread is that distributions will be picking up PowerTOP 2.0 for releases coming later in the year, but that still leaves users who build their own kernels on existing distributions in a bit of a bind if the padding is removed. Existing distributions also have various lifespans, and some will not be picking up the latest PowerTOP at all. Rostedt asked how long the kernel needed to support older distributions. PowerTOP, it seems, is in a different category from other applications because it is a developer-oriented tool. So Torvalds was willing to see the kernel change even if some distributions get left behind:
But breaking something like a F14-15 timeframe distro or
something staid like a SLES (or "Debian Stale" or whatever they call
that thing that only takes crazy-old binaries)? It's fine. We don't
want to *rush* into it, but no, if those distros are basically not
updating, we can't care about them forever for something like
powertop.
Things that break *normal* applications are different. There the rule really must be "never". Arjan van de Ven concurred, pointing to 3.6 as a potential time frame to remove the padding, noting that those who haven't updated their distribution to get the newer PowerTOP are unlikely to be updating their kernel either. Rostedt said he will queue the patch up for 3.6 or 3.7. While the four bytes seems unimportant to both Torvalds and Ingo Molnar, Rostedt pointed out that it is a frequent problem for tracing users. Beyond that, though, he disagrees with Molnar's contention that the wasted space is merely a "cosmetic detail":
4 bytes is not cosmetic for a 32 byte event. That's 1/8th overhead. If
we could get rid of 4 bytes from struct page, would we do that? It's
only just 4 bytes for [every] 4096 bytes. Just a 1/1024 overhead. Of course
perf events are much bigger than 32 bytes. It's one of the biggest
complaints I hear about perf, the size of its events. We should be
trying hard to fix that.
For memory-constrained situations, for example on embedded devices or for users trying to squeeze every process they can onto their systems, reducing the overhead of events can make a difference. By capturing more events in the same amount of memory, there is a better chance of finding the problem that tracing was enabled for. When the issue came up a year ago, David Sharp of Google noted that the size of events was a big problem for the search giant. Others undoubtedly face similar challenges. While the format of the perf ring buffer data may soon be a solved problem—though it's possible, if unlikely, that other tools are manually pulling data from the ring buffer—tracepoints as a whole are still an unresolved ABI issue. Right now, much of the work is in adding new tracepoints, but some day one or more of those may need to come out or be modified. If tools are dependent on specific tracepoints providing the exact same information in just the right place in the code, changing those will be a real problem. And it will be one that is difficult for a library to paper over.
Patches and updates Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet Distributions Moving onOnce upon a time, installing Linux on a new computer was a tiresome process requiring a couple dozen floppy diskettes. In 2012, finding a floppy-installable distribution is not an easy task, but few users mind; finding a new system with a diskette drive is even harder. The Linux community was able to leave diskettes behind without a great deal of discontent. Now, though, there are a couple of similar transitions looming that may be a little harder to get past. A number of distributors are struggling with the question of when older hardware can be left behind and what can be done for the users of older systems who are inconvenienced by the change?In the Debian camp, Steve McIntyre recently raised the alarm: there appears to be no way that the upcoming "wheezy" distribution will fit onto a single CD, at least if one wants a GNOME or KDE desktop environment. Debian, it seems, may have to consider alternatives to those CDs; these could include requiring multiple CDs (bringing back memories of the old floppy days), requiring the use of DVD or USB media, or only supporting a combined CD/network installation. All of these options would have the effect of making Debian less accessible to users with older hardware, a change that is not seen as being desirable in the Debian camp. As it happens, Debian may have another option: use XZ compression in its binary packages. The additional space gained by this move is impressive—down to about 2/3 of the size achieved with gzip. The biggest downside would appear to be the need to rebuild much of the Debian repository, which is not a small task. But, for the wheezy release, XZ may help the project to avoid some more difficult choices. But any such gains will clearly be temporary; the size of the software shipped by all distributions is clearly on the increase. This is not just a problem for Debian; Steve Langasek noted that Ubuntu 12.10 will be the first Ubuntu release that will not fit on a CD. In the Fedora camp too, "some folks" are pushing for the abandonment of the CD image for the Fedora 18 or 19 release. Some developers are arguing for a stronger push back against software bloat, but, in general, the consensus seems to be that putting a working distribution with a contemporary desktop environment onto a single CD is an increasingly impractical thing to try to do. One might well argue that, in an age when bottle openers come with 16GB of storage, worrying about an old medium with capacity measured in megabytes makes little sense. Finding a system that only supports CD as a boot medium is, at this point, possibly even harder than finding one with a floppy drive. There seems to be little point in limiting the size of the installation image to 700MB when computers with such limitations have not been sold in some time. At least, no point unless one's wish is to constrain the overall size of the system in general. The problem, of course, comes in two forms: old systems and limited network bandwidth. In the parts of the world where distribution hackers tend to be found, CD-only machines are hard to come by. In many other areas where people would like to use Linux, such machines are still in use. One can argue that contemporary Linux distributions may not run well on such limited hardware anyway, but it would still be better to avoid making life harder for the owners of those machines. Network bandwidth also matters: for many people, downloading a full DVD-size image can still be a long and painful exercise; an image limited to CD size has a higher chance of being fully downloaded before the link goes down or other users become too grumpy. Forcing a multi-gigabyte download on such users is not a good way to win friends. The best answer in this case may be to provide a minimal bootstrap CD image that can then perform an installation from either the network or a USB drive. That allows the installation image to grow for the large numbers of users who can benefit from more software on the installation media while not excluding those who have more limitations. It seems like an approach that can provide the best solution for nearly everybody involved. The Debian community has been pondering a related question: is the time coming for the distribution to move away from 32-bit builds for the x86 architecture? Ben Hutchings recently posted a proposal to that effect, noting that most new systems have 64-bit processors, and that the number of 64-bit ("amd64") installations has nearly equaled the number of 32-bit installations. Ben would like to see the 64-bit kernel installed by default in the wheezy release and, after perhaps two or three more release cycles, no more 32-bit x86 kernels built at all. These are Debian-length release cycles we are talking about, so the end of 32-bit kernels is far from imminent, but it's still near enough to get attention. (This proposal would not end the building of 32-bit user space, which can run just fine on a 64-bit kernel). Certainly there are a lot of good reasons to go with a 64-bit kernel on contemporary hardware. Even if user space runs in 32-bit mode (or the upcoming x32 mode), an option that works nicely at this point, a 64-bit kernel will run more efficiently for a number of reasons. Given that there are fewer and fewer reasons to use a 32-bit kernel, perhaps Debian should stop putting resources into building such kernels. Here, though, the situation is not quite so clear cut. As some developers pointed out, 32-bit-only x86 systems are still shipping. Ubuntu considered moving to a 64-bit kernel for the 12.04 release, but backed off after somebody noticed that 25% of the submissions to the Ubuntu Friendly hardware database came from 32-bit machines. 32-bit processors are still well established in the x86 world, so it seems unlikely that distributors will be able to stop supporting them anytime soon. The fast-moving nature of technology ensures that distributors will continue to face these questions indefinitely. In general, Linux distributors have erred on the side of keeping support for old hardware; few distributors want to alienate potential users. But supporting older systems is not free; those systems can place constraints on what can be packaged, slow down performance on newer systems, take up developer time, and present testing challenges when nobody has the relevant hardware around anymore. So there comes a point where older systems have to be cut loose. Some newer-style distributions (CyanogenMod, say) are showing signs of having less patience with older hardware—arguably an unsurprising decision for a project supporting well over 50 separate targets. Expect more discussions like the above as distributors try to make the most of their limited development and build resources.
Brief items Distribution quotes of the week
After 3 days of constant phone calls my brother-in-law told me about the
forums and I started directing my questions there. When 7.10 (Gutsy Gibbon)
was released I performed my first installation but I couldn’t get the sound
to work. Searching the forums taught me all sorts of cool linuxy stuff like
recompiling alsa and blacklisting modules even applying a patch to the
kernel. In the end, it turned out that you have to plug the speakers into
the green hole to hear anything.
-- Ubuntu
forum's "nothingspecial"
One day, I'm going to create something called Stone Age Linux. It'll be
awesome. Nobody will want to use it because it will be so uncool and so
slow paced it'll make every enterprise distro look cutting edge.
-- Jon
Masters
Looks like the bloodbath begins. I too am in favor of killing cvs.
-- Anthony G. Basile (Gentoo evaluates git)
Mageia 2 is outMageia 2 has been released. "Mageia 2 is available as Live CDs, install DVDs and a netinstall CD, and is available in various languages for easy download, from FTP, HTTP, or torrents." The release notes are here. LWN previewed this release last April.
Fedora 17 release pushed back to May 29Fedora Project Leader Robyn Bergeron announced that the release of Fedora 17 has been delayed by one week, to May 29. "GA [General Availability] for F17 is now scheduled for 2012-05-29. Adjustments to the schedule and wiki will be completed later today. We will be meeting again next Thursday, 2012-05-24, for another Go/No-Go meeting." The decision was reached in order to close four outstanding blockers. A second F17 release candidate (RC2) will be spun in the interim.
Updated Debian 6.0: 6.0.5 releasedThe fifth update of Debian 6.0 "squeeze" is available. This update to Debian's stable distribution contains fixes for security bugs and other serious issues. Click below for a summary of the updates contained in this release.
Distribution News Debian GNU/Linux Bits from the Release Team: Freeze approaching!The release team plans to freeze "Wheezy" in the second half of June. Another sign that the release is getting closer is the announcement of the first alpha version of the installer.
Fedora Fedora Board, FESCo, and FAmSCo elections: Town hall meeting scheduleA town hall meeting schedule has been set for the members of the Fedora Project to hear from the candidates in the upcoming elections.
Mandriva Linux Mandriva Linux to "return to the community"The Mandriva Blog contains a short posting stating Mandriva SA's intent to hand control of the distribution over to the community. "This means that the future of the distribution will not be arbitrary decided by the Mandriva company anymore, but we intend to let the distribution evolve in and under the caring responsibility of the community. Mandriva SA will of course be a part of this entity and will support it with direct contributions." How the governance of this community will work is to be worked out.
Mageia comes full circleMageia responds to the news that Mandriva Linux will be a community project. "Mageia.Org’s board was contacted privately by Mr. Croset before this announcement, to discuss the opportunity to have Mageia representatives joining their working group (unfortunately the discussion had to be private, as it was requested by Mandriva to keep the information private until their announcement). Ultimately, the Mageia.Org board declined the offer and for clarity we are publishing the reasons for this decision here:"
Newsletters and articles of interest Distribution newsletters
The Russians Are Coming: A First Look At Rosa 2012 Marathon (O'Reilly)The O'Reilly Community site has a review of the Rosa 2012 Marathon distribution. "The ROSA Labs developers have done an excellent job in creating a polished, functional distribution which is stable, reliable, and performs well. The desktop design is intuitive and user friendly and yet it is not dumbed down. The ability to customize the KDE desktop to suit individual needs or to select an entirely different desktop environment is in no way compromised for the sake of simplicity. New tools and applications like KLook and ROSA Media Player provide functionality which is unique to this distribution. ROSA 2012 Marathon isn't just an update of Mandriva 2011. Rather, it's a fork which takes the distribution in new directions."
Page editor: Rebecca Sobol Development Differing intentions towards Web IntentsDevelopers from Google's Chrome team have merged support for Web Intents into the WebKit browser engine. That has the potential to give a big boost to the proposed web application inter-process communication (IPC) framework, which up till now has been largely theoretical — partly because, without browser support, there was little incentive for web developers to implement it. But the chicken-and-egg problem is not the only unsolved issue for Web Intents; the technology remains in nascent, draft form, with many people outside of the Chrome camp expressing concern over its completeness and its scope. Furthermore, Mozilla, which had been collaborating on the project in 2011, now seems to be headed in its own direction with its competing IPC framework. Web Intents takes its name and broad strokes from Android's Intents IPC mechanism. The project is currently curated at the World Wide Web Consortium (W3C), with public discussion taking place on the public-web-intents mailing list. Google Chrome and Chromium gained built-in support for Web Intents with the Chrome 18 release on March 29, although it still had to be activated with a runtime flag. Chrome 19, which arrived on May 15, enables this support by default. As a blog post on the subject explains, however, for the moment the only way for web developers to deploy a Web-Intents-speaking application is to publish it through the Chrome Web Store. That is because there is not yet an agreed-upon method for a web application to "register" that it understands Web Intents. The Chrome team would like to add an <intent> tag to HTML, but in the meantime the only solution is for the application to make its registration known through the Chrome Web Store's app manifest file. Web Intents in a nutshellThe core concept of Web Intents is to permit lightweight IPC messaging between web applications during a browsing session, in order to cut down on interruptions to the user. Many people seem to find the nomenclature confusing, but in the project's parlance, an "intent" is an action that a user wants to perform — in other words, a function. The most frequently used example is a photo gallery site opening up an image in a separate photo editing site when the user clicks "Edit." In this scenario, the gallery application would call the EDIT intent on the image data:
var intent = new Intent(Intent.EDIT, ‘image/png’, getImageDataURI());
window.navigator.startActivity(intent, loadEditedImage);
without needing to know beforehand which other applications had
declared themselves capable of handling EDIT for the image/png
MIME type. Those various editing applications would have advertised their
image-editing functions with:
<intent
action=”http://webintents.org/edit”
type=”image/*”
/>
It is the browser's responsibility to notice the <intent> declarations, keep track of them, and provide some sort of UI for the user to select which application gets called when the "Edit" button is clicked. On the click, the browser clones the image object in memory, loads the editing web application of choice, and hands over the object for editing. The specification lists seven default intents: discover, share, edit, view, pick, subscribe, and save. Each intent is intentionally broad; the action can have different meanings depending on the data type. For example, the share intent is discussed both for link-sharing (where it might replace the NASCAR-array of social media buttons) and for photo sharing (which in practice has fewer options than link sharing, plus a very different workflow). The Web Intents blog discusses many more, however, including calling a remote-printing service and calling a site-wide search using the browser's default search engine. Open questionsOn the discussion list and blog, the developers make it clear that despite the defaults intents list, they do not intend to strictly define a fixed set of acceptable intents. That position has led to quite a few questions about what exactly should be handled by an intent and what should not. One of the recurring questions is why an intent — which can pass any data structure from one browser frame to another — is better than other, existing methods for cross-site communication, such as postMessage, which do not require defining new HTML elements and DOM properties. Mozilla's Ben Adida wrote that combining postMessage and a small set of URI schemes (such as share://) would solve the same problems in a simpler fashion. The generally cited answer is that Web Intents implement simple, generic operations between mutually-unknown web applications, while postMessage is used in full-blown APIs between sites that are designed beforehand to work together. But there is not a bright line distinction between the two use cases. In a lengthy thread from February, developer Greg Billock said "the problem web intents is trying to solve is more structured: 'how can web applications participate in fulfilling a single user-oriented task.'" But later in the same message, he says that Web Intents can be used to create generic message channels, and that "we're explicitly in favor of allowing generic connection establishment to exist alongside those more structured intents. " John J Barton countered:
To be realistic, web-intents arranges for "uni-directional string-
augmented MIME type communications". If we [are] lucky the communications
will fulfill a task. The primary and important advantage of the web-intent
approach is that the tasks allowed by the communications are simple to
characterize and MIME types describe digital properties interesting to
many users.
If the user-oriented task involves interactivity or non-MIME data, then their task won't be fulfilled. Barton also argued that the Web Intents specification is too vague to be implemented, and in particular leaves unaddressed the method by which a user would accumulate a set of options to handle any specific intent. In the image-editing example, for instance, when the user clicks "Edit" there must already be one or more third-party image editing web applications registered to handle the EDIT intent, or else browser cannot complete the command. "So you are counting on users to go around building up a list of useful services before they need them?" Billock replied that there were three possibilities. First, that search engines will index sites that offer intents and build up registries of compatible applications to suggest. Second, that web application stores like the Chrome Web Store will highlight the intents of their listed applications. Or third, that the intent-"consuming" sites (such as the image gallery site in our example) will simply include links to compliant services that they recommend. Mozilla's Web ActivitiesLast year, there were reports that Web Intents and Mozilla's similar Web Activities project would join forces. But that relationship was never formalized — in fact it may not ever have progressed beyond conversations between individual developers — and as of today, Mozilla seems to have dropped out of the Web Intents discussion. There is not a public position statement from Mozilla, but work on Web Activities is again progressing independently, spearheaded by the Mozilla WebAPI team that also tackles installable web apps and Boot-to-Gecko (B2G). Mounir Lamouri posted a draft Web Activities specification in March, and updated it on May 23. The Web Activities proposal is narrower in scope than Web Intents. It discusses just three actions (share, edit, and pick), but it, too, asserts that any non-empty string should be considered a valid action. Nevertheless, in his proposal, Lamouri argues that Web Intents goes too far by trying to cover two-way, ongoing messaging between applications (citing the example Web Intents use case for remote-controlled video playback). That degree of interoperability should be handled by the site-specific APIs, he said, not be managed by the general-purpose Activities/Intents mechanism. In Lamouri's proposal, an application declares its ability to handle a Web Activity with an activities {} property in its manifest file (rather than with a new HTML tag), a choice that the other Mozilla developers seem to agree on. The current Web Activities code — which is experimental and pre-dates the draft proposal — uses postMessage but it, too, is in an early stage of development. Lamouri said in an email that Mozilla's plan is to present Web Activities to the W3C Web Applications Working Group when it is finalized. Ultimately the bigger story on Web Activities is not the specifics of the proposal, but the fact that Mozilla does not seem interested in collaborating with Google on Web Intents. It is noteworthy that Web Activities now falls under the purview of the WebAPI team, and the discussion around it revolves around B2G. B2G clearly needs an IPC mechanism compatible with its HTML5 application framework — and regardless of how trivial the example gallery-to-image-editor use cases seems on a desktop browser, it is also required by B2G's built-in camera and image editor. Strangely silent on the Web Intents proposal is Apple, whose own Safari browser is also based on WebKit. Perhaps the company is just sitting out until the unanswered questions about the scope and implementation details get solid answers, but perhaps it sees Web Intents as a mechanism that interests Google only for use in its Apple-competing products like ChromeOS. Whatever the companies' underlying motivations are, users still have yet to put any of the competing options to the test on real world applications. With Web Intents in Chrome 19 and WebKit, at least they may soon get the opportunity.
Brief items Quotes of the week
I'd like to make a couple of
(minor?) suggestions:
— Darin McBride (on the Perl
secret operators man page)
1. Label the "secret" operators that are encouraged (Venus, Bang bang, Eskimo greeting, and maybe Babycart, I think) to distinguish them from the "obscure to the uninitiated".... 2. I know what =()= is normally called. But as soon as you put "don't google this", you know what's going to happen. At a bare (no pun intended) minimum, it should be labelled as Not Safe For Work.
Conflict sells news stories. "OpenOffice and LibreOffice volunteers
work together on Community Support Forums" will never make a new
story. But 'Rob Weir Farts During Playing of LibreOffice National
Anthem" will be headline news and will be retweeted 100 times.
— Rob Weir
libgit2 v0.17.0libgit2 is a library for programmatic access to git repositories; the v0.17.0 release is out and, apparently, 1.0 is near. "Highlights on this release include diff, branches, notes and submodules support. The new diff API is shiny and powerful. Check it out."
LLVM 3.1 releasedVersion 3.1 of the LLVM compiler suite is out. "This release represents approximately 6 months of development over LLVM 3.0, delivers a vast range of improvements and new features. Some of the most visible features include greatly expanded C++'11 support in Clang (including lambdas, initializer lists, constexpr, user-defined literals, and atomics); AddressSanitizer, a fast memory error detection tool which uses instrumentation to find bugs; "instruction bundles" support in the late code generator, allowing much better support for VLIW targets; an ARM integrated assembler which speeds up ARM compile time and enables new features for the ARM target; major enhancements to the MIPS backend (including support for MIPS64); a new port for the Qualcomm Hexagon VLIW processor, Python bindings, and much much more." See the release notes for details.
Nmap 6 releasedVersion 6 of the nmap network scanner is out. "It includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more." See the release notes for details.
ownCloud 4 releasedVersion 4 of the ownCloud "personal cloud" system is out. "ownCloud 4 – built through active community support – adds innovative features like file versioning, – which actively saves files, allowing users to “rollback” to previous versions – and a new API — giving developers an easy, stable and supported way to develop applications on top of ownCloud capabilities." It also adds support for direct opening of ODF documents and mounting of external filesystems like Dropbox or an FTP server. See the release announcement for more information.
Perl 5.16.0 releasedThe Perl 5.16.0 release is out. "Perl 5.16.0 represents approximately 12 months of development since Perl 5.14.0 and contains approximately 590,000 lines of changes across 2,500 files from 139 authors." See this article for an overview of what's new in this release.
Announcing printerdTim Waugh has announced (on May 10) the existence of the printerd project, meant to be a new print spooling subsystem for Linux. "It is a polkit-enabled D-Bus system service, written using the GLib object system. Although modeled on concepts from IPP (Internet Printing Protocol), printerd is not in itself an IPP server. Its only interface is D-Bus, although the aim is to be able to implement an IPP server on top of the D-Bus API as a separate process. Having a D-Bus interface means that applications wanting to print automatically get to use printerd asynchronously."
Newsletters and articles Development newsletters from the last week
A scientific basis for Open Source SoftwareMartin Davis of the JTS Topology Suite project points readers to an article in Nature arguing that open source software should be a standard requirement for peer-reviewed science. "The paper raises the argument for open source software to a higher plane, that of being a necessary component of scientific proof. It points out that the increasing use of computational science as a basis for scientific discovery implies that open source must become a standard requirement for documentation. Apparently some journals such as Science already require source code to be supplied along with submissions of articles."
Page editor: Jonathan Corbet Announcements Brief items Google wins patent case against OracleGroklaw has the news: the jury in Oracle v. Google has found that Google did not infringe any of Oracle's patents.
The Ada Initiative granted tax-exempt status in the U.S.The Ada Initiative has been granted tax-exempt status in the United States. "An urgent request: If you have donated to the Ada Initiative and your employer matches donations to U.S. non-profits, please submit your request for a matching donation by June 1, 2012 as that is the deadline for many matching donations. We estimate that we qualify for at least $5,000 USD and perhaps as much as $10,000 USD or more in matching donations, which for us is enough money to fund an entire program the size of Ada’s Advice. See the entry on matching donations in our FAQ in the blog post above."
The Make Play Live Partner Network (KDE.news)KDE.news has an announcement on the formation of a professional Partner Network for devices such as the Vivaldi tablet. "The Make Play Live Partner Program is designed to build and support a collaborative business and economic network. Members work together to provide comprehensive professional service and product offerings around Plasma Active and devices such as Vivaldi. Professional support options make it easier to convince potential parties, such as users, clients, customers and partners, bringing KDE software to a larger group of users."
Articles of interest Simon Phipps is the new OSI President (The H)The H covers an announcement by the Open Source Initiative that Simon Phipps is the new president of the organization. "Phipps has already been spearheading an OSI reform process, working with the rest of the board to open up the organisation. That process has led to the creation of Open Source Initiative affiliation, bringing the Apache Software Foundation, FreeBSD, Eclipse, Mozilla, Debian, and Creative Commons, along with other organisations, on board as affiliates. "There will be further developments in that scheme soon, and we'll have much more to announce in other areas as the year progresses" said Phipps by email."
Calls for Presentations openSUSE Conference 2012 CfPThe openSUSE conference has been scheduled for October 20-23, 2012 in Prague, Czech Republic. The announcement contains additional information. This year's conference—themed "Bootstrapping awesome!— will be held alongside the Gentoo Mini-Summit, Czech LinuxDays, and the SUSE Labs conference. Links to each conference can be found on this page.
Upcoming Events Events: May 24, 2012 to July 23, 2012The following event listing is taken from the LWN.net Calendar.
If your event does not appear here, please tell us about it.
Page editor: Rebecca Sobol
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Bugs
example]](/images/2012/utouch-bugs.png)
![[uTouch-Frame block diagram]](/images/2012/utouch-frame.png)
![[uTouch-grail block diagram]](/images/2012/utouch-grail.png)