LWN.net Weekly Edition for August 22, 2013

Scribus 1.4.3 adds color models and more

Version 1.4.3 of the open source desktop-publishing (DTP) application Scribus was released in July. An x.y.z release number from a project often denotes a trivial update, but in this case the new release incorporates several visible new features. Changes include updates to the barcode generation plugin, the preflight verifier, and typesetting features. There are also a number of additions to the application's color palette support, including a CMYK system which the project persuaded the owners of to release as free software.

The release was announced on the Scribus web site on July 31. Binary packages are available for Debian, Ubuntu, Fedora, CentOS, openSUSE, SLED, Windows and Mac OS X—and, for the very first time, for Haiku. The Haiku port was done by a volunteer from the Haiku development community. Scribus has long offered builds for "minority" operating systems, including some (like OS/2 and eComStation) which might make one wonder if acquiring the OS itself is more of a challenge than porting applications for it.

Typesetting

The 1.4.x series is the stable release series, but 1.4.3 follows the pattern set by 1.4.1 and 1.4.2 in introducing a handful of new features. Most notably, 1.4.1 introduced support for a new commercial color palette system (an improvement that 1.4.3 duplicates in even bigger fashion), and 1.4.2 switched over to the Hunspell library for spell-checking. Hunspell is cross-platform and is used by a wide array of other applications, which simplifies the Scribus project's job of maintaining up-to-date dictionaries for spelling and "morphological" features (e.g., hyphenation break points). That would be true for any application, but because Scribus is focused on generating precision-typeset documents, the quality of the spelling dictionary is arguably more visible—and it trickles down into other features.

For example, two changes to Scribus's typesetting features landed in this release, both minor, but part of the project's ongoing work to bring advanced layout features to end users. The first is the re-activation of the hyphenation plugin for all Linux builds. In previous releases, the hyphenator had stopped working for some Linux distributions; it has been fixed and as now available to all. But enabling quality hyphenation is a simple job now that Scribus has migrated over to Hunspell, which provides human-curated dictionaries for hyphenation breaks in addition to spelling. Furthermore, because Hunspell is also used by other applications, Scribus can automatically make use of Hunspell dictionaries installed by LibreOffice, the operating system, or any other provider.

The second change is the addition of Danish to the Short Words plugin. Short Words is an add-on that prevents Scribus from inserting a line break after certain words (as one might guess, these are usually short ones) when doing so would awkwardly break up a term or phrase. The canonical example is titles—for example, "Mr. Wizard" versus "Mr.
Wizard." But the issue arises with dates, product version numbers, brands, and plenty of other scenarios.

As is the case with the hyphenator, the Short Words plugin performs a routine task that a user can do by hand (in Short Words's case, by inserting a non-breaking space character). The goal is to handle the details automatically, since the manual method becomes burdensome once documents reach a certain size. Far more features in this vein are in the works for Scribus; developer Cezary Grabski releases his own custom builds that incorporate many proposed features for the main branch. Still to come, for example, is automatic control for widows and orphans, automatic adjustment of intra-word spacing, and "typographic" space adjustments for problematic characters.

Most of these typesetting features are well-implemented in TeX, but are not implemented in the major open source GUI applications. They constitute the sort of features that graphic design professionals expect because proprietary software already offer them, so the effort is a welcome one for designers using Scribus.

Color-o-rama

As is the case with advanced typesetting features, designers would historically claim a feature gap between Scribus and proprietary DTP tools in the arena of color palette support. On screen, of course, all colors are displayed as a combination of red, green, and blue output, but the print world is considerably more convoluted. Print shops catering to complex and high-volume jobs offer a range of inks on a variety of paper stocks, which is what supports the color-matching industry. Built-in support for a new color-matching palette means that a Scribus user can select the palette by name from a drop-down list and select colors that are known quantities.

Using a palette is akin to selecting a house paint color from the cards at the paint store, which is far easier than the alternatives: randomly picking out a spot on the color-selection wheel or fiddling with the hue-saturation-value sliders. A color picked by its on-screen RGB values may or may not line up to something convenient in the printed swatch samples, and there is certainly no guarantee it will look the same when printed. In that sense, color-matching palettes offer a "color by reference" option. The designer can designate the color of an object by its value in the color-matching system, and feel confident that the print shop will accurately reproduce it by looking up that reference.

Scribus has had solid support for both "spot colors" (i.e., choosing a specific color for something like an official logo) and CMYK for years now, but as a practical matter it still simplifies things for a user when the color palette for his or her favorite color matching system comes built-in. 1.4.3 adds several new palettes, including the official palettes used by the UK, Netherlands, German, and Canadian governments, as well as predefined palettes from Inkscape, LaTeX, Android, Apache OpenOffice, and Creative Commons.

The biggest news on the color palette front, however, is support for the Galaxy Gauge (GG) series. GG is a commercial manufacturer of design tools, including color-matching swatch books. Scribus's Christoph Schäfer convinced GG to allow Scribus to incorporate its color palette system into the new release, but GG also decided to go a step further and place them under an open license—specifically, the Open Publication License, which allows publication and modification. Schäfer said that GG had already shown an interest in the open source creative graphics community, and is working on a graphic design curriculum for school-aged children that is built around open source software.

To be sure, GG is a comparatively small player in the color matching world, but it would be a mistake to underestimate the value of adding GG support to Scribus just because it is not Pantone or Roland DG. Although the general public may only be familiar with the most popular color matching brands, design firms know them all (and, in fact, are inundated by advertising from them regularly). All of Scribus's color palettes are found inside of the application's resources/swatches directory, and Schäfer said in an email that the work of persuading color matching vendors to allow Scribus to support their products out-of-the-box is ongoing, with the potential for several significant additions still to come.

Addenda

Also of significance is the addition of QR Code support to Scribus's barcode generator. This is a frequently-requested feature. QR codes have become the de facto standard for consumer-use barcodes, embedded in magazines, posters, flyers, and other advertisements. Although it was possible to generate them using other tools, at best that is an unwanted hassle, and importing an external QR code into a Scribus document was no picnic either. One might have to convert it to a vector format, then change the colors, add transparency, or any number of other transformations. The better integrated it is with Scribus, the more it will get used.

Several other new features and fixes landed in 1.4.3, including a fix for a particularly troublesome bug that prevented rendering TeX frames on paper larger than A4 size. The online user manual also saw significant revision in this development cycle—which, it could be argued, is a bigger deal for Scribus than for the average open source application, considering how intimidating new users can find it to be.

The development focus for the next major release (1.5.0) includes more typesetting features; in addition to those mentioned above in Grabski's branch, support for Asian, Indic, and Middle Eastern languages is a high priority. So are support for footnotes and cross-references, a rewrite of the table system, and improved import of other document types. Schäfer noted that much of this work is already in place but a lot of it will require extensive testing, particularly for Microsoft Publisher and Adobe InDesign files. At times it seems like Scribus has more irons in the fire than any single application should, but that is part of the DTP game: every user has different expectations. Which makes it all the more remarkable that Scribus has implemented as much as it has so far.

Comments (2 posted)

SourceForge offering "side-loading" installers

SourceForge.net is the longest-running project hosting provider for open source software. It was launched in 1999, well before BerliOS, GitHub, Google Code, or most other surviving competitors. Over that time span, of course, its popularity has gone up and down as free software development methodologies changed and project leaders demanded different tools and features. The service is now evidently interested in offering revenue-generation opportunities to the projects it hosts, as it recently unveiled a program that enables hosted projects to bundle "side-loaded" applications into the binary application installer. Not everyone is happy with the new opportunity.

The service is called DevShare, and SourceForge's Roberto Galoppini announced it as a beta program in early July. The goal, he said, is "giving developers a better way to monetize their projects in a transparent, honest and sustainable way." The details provided in the announcement are scant, but the gist appears to be that projects that opt in to the program will get additional bundled software applications added to the binary installers that the projects release. These "side-loaded" applications will not be installed automatically when the user installs the main program, since the user must click an "accept" or "decline" button to proceed, but the installer does try to guide users toward accepting the side-loading installation. The providers of the side-loaded applications are apparently paying SourceForge for placement, and the open source projects that opt in to the program will receive a cut of the revenue.

The DevShare program was invitation-only at the beginning, and Galoppini's announcement invited other projects to contact the company if they were interested in participating in the beta round. The invitation-only and opt-in beta phases make it difficult to say how many projects are participating in DevShare—or which ones, specifically, although the announcement pointed to the FTP client FileZilla as an example. It is also difficult to get a clear picture of what the side-loaded applications currently deployed are. The announcement says the company "spent considerable time looking for partners we could trust and building a system that does not detract from our core user experience," but that does not appear to have assuaged the fears of many SourceForge users. The commenters on the Reddit thread about the move, for instance, were quick to label the side-loaded offerings "adware," "bloatware," "crapware," and other such monikers.

At least two of the side-load payload applications are known: FileZilla includes Hotspot Shield, which is touted as an ad-supported browser security bundle (offering vague promises of anonymity, HTTPS safety, and firewall tunneling); other downloads are reported to include a "toolbar" for Ask.com and related web services. The Ask.com toolbar is a familiar site in these situations; it is also side-loaded in the JRE installer from Oracle, as well as from numerous other software-download sites like Download.com.

To many free software advocates, the addition of "services" that make SourceForge resemble Download.com is grounds for ditching SourceForge as a project hosting provider altogether. Not everyone is so absolute, however. At InfoWorld, Simon Phipps argued that DevShare could be implemented in a manner that respects both the software projects involved and the users, if participation is opt-in for the projects, the projects can control which applications are side-loaded, installation for the user is opt-in, malware is not permitted, and the entire operation is run with transparency.

Phipps concludes that DevShare "seems to score well" on these points, but that is open to interpretation. For example, one aspect of Phipps's call for transparency is that SourceForge should provide an alternate installation option without the side-loading behavior. But many users have complained that the FileZilla downloads disguise the side-loading installer under a deceptive name that looks like a vanilla download. Even if the nature of the installer is clear once one launches the installer, the argument goes, surely it is a bait-and-switch tactic to deliver the installer when users think they are downloading something else.

Indeed, at the moment, clicking on the download link for FileZilla's FileZilla_3.7.3_win32-setup.exe (which is listed as a 4.8 MB binary package) instead triggers a download for SFInstaller_SFFZ_filezilla_8992693_.exe, which is a 1 MB executable originating from the domain apnpartners.com. For now, only Windows downloads appear to be affected, however it is not clear whether or not this is a decision on the part of the FileZilla project or SourceForge, or simply a technical limitation of the team behind the HotspotShield.

Close to two months have now elapsed since the DevShare beta program was announced, and SourceForge has not followed up with additional details. The company has put up a "Why am I seeing this offer?" page that explains the program, how to opt-out of the side-loading installation, and how to uninstall the Ask.com toolbar (although not how to uninstall HotspotShield, for some reason). Inquisitive users thus do have access to the appropriate information about the nature of the side-loading installation and how to decline it, but the page is only linked from within the installer itself.

For its part, the FileZilla project has been fairly blunt about its participation in the program. On a forum thread titled "Sourceforge pushing crap EXEs instead of filezilla installer," developer Tim "botg" Kosse replied simply:

Later on in the thread, he assured upset commenters that the project is taking a stand against the inclusion of malware and spyware in the bundle, and indicated that FileZilla had opted out of the Ask.com toolbar, in favor of "only software which has at least some merit. Please let me know should that not be the case so that this issue can be resolved."

It would appear, then, that participating projects do get some say in what applications are side-loaded with their installers in DevShare, which places it more in line with Phipps's metrics for scoring responsible side-loading programs. Nevertheless, based on the discussion thread, FileZilla's reputation among free software advocates has taken a hit due to the move. How big of a hit (and whether or not it will recover) remains to be seen. As DevShare expands from a closed beta into a wider offering for hosted projects, if indeed it does so, SourceForge.net will no doubt weather the same type of backlash.

Comments (19 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

• Security: Security software verifiability; New vulnerabilities in kernel, libtiff, puppet, putty, ...
• Kernel: Deferring mtime and ctime updates; Some numbers from the 3.11 development cycle; The return of nftables.
• Distributions: Ubuntu introduces phased updates; Elementary OS releases "Luna"; GNU Radio Live DVD, Fedora, ...
• Development: CyanogenMod Account; QEMU 1.6; Laidout Folder for the web; Callbacks as our generation's GOTO; ...
• Announcements: Groklaw shutting down, events.