Open Source News from FOSDEM 2009 - Day 1

by Sander Marechal

A week ago, the 9th Free & Open Source Developers' Europe Meeting (FOSDEM) took place at the Université Libre Bruxelles (ULB) in Brussels. Your editors Sander Marechal and Hans Kwint attended this meeting to find out for you what's hot, new in the area of the Linux environment and might be coming to you in the near future.

Here is the blow-by-blow of the first day with talks about Mozilla's future, the role of Debian, two OSI talks, Reverse engineering and much, much more.

FOSDEM, the Free and Open Source Software Developers' European Meeting

Table of Contents


By Sander Marechal [back to top]

Shortly after 10 AM FOSDEM was opened with a short recap of the beer event on the night before and the infamous FOSDEM dance. Several new records were set this year during this event. Over 750 people showed up and the bill was close to 10,000 Euro, even though Google had sponsored some free beer. They had designed a new way to make sure everyone could get beer and it supposedly worked much better than last year.

Long life, success and other problems - Simon Philips (Sun)

By Sander Marechal [back to top]

Simon Philips of Sun appeared on the stage before the scheduled opening keynote. He told that Sun has been struggling with some old code. The ONC-RPC code is over 29 years old and thereby precedes the GPL and BSD licenses. The code is back to the days when less attention was payed to licenses. As it turned out, the always diligent Debian people had discovered back in 2002 that the license was not DFSG free. Sun worked hard over the last six years to resolve this issue, but it is surprisingly hard to contact all the contributers from 1982 and before in order to get their approval for a change of license.

The process stagnated a bit over the years until Debian threatened to take out the ONC-RPC code, which in effect meant taking out glibc4 all together. But Simon was happy to announce that Sun had finally been able to contact all the authors and get approval for a license change. Since Thursday February 5th the ONC-RPC has been relicensed and is now officially free.

Free. Open. Future? - Mark Surman (Mozilla)

By Sander Marechal [back to top]

Mark Surman's opening keynote was an interesting insight into the workings of Mozilla. The official mission statement of Mozilla states “To guard the open nature of the internet”, but what does this mean for Mozilla's future? How far can it go and what comes after that?

The first question was easily answered. FOSS can go very far. Back in 2003 the web was in danger. Microsoft's Internet Explorer was close to a 99,98% market share. Many websites were designed for Internet Explorer only and many sites were flash only. In 2008 the situation has much improved. IE has hit an all-time low of 68% market share and Firefox alone is sharing at over 22%. Even better, there are now many other browsers out there that are being used by people and most of these are Free Software. In addition most of the websites now support all browsers and the use of flash for complete websites has decreased, although your editor thinks that Googlebot is probably more responsible for that than the success of alternative browsers.

The main point is that users are taking back control over their web experience. Not just by using alternative browsers but also by using all kinds of browser extensions to tune the web to their needs.

So what is next? Mark predicts that in 2009 FOSS goes big on mobile and that there is an epic battle ahead. The mobile web is in a far worse shape than the normal web was back in 2003 and a lot needs to be done to open it up. The hardware needs to be opened up so people can put Free software stacks on them. The web needs to be opened because much like in 2003 the mobile apps and sites are targeted at specific devices and not at open standards. The cloud needs to be opened up because mobile apps tend to be cloud apps. And to top it off the pricing structure needs to the changed and users need to be given more permissions (think contracts and simlocks) so that they can do whatever they want without price discrimination.

That's a tall order that Mozilla is giving itself, but it needs to prevail on all those points. Loose one and the mobile web will not be open.

The role of Debian in Free Software - Bdale Garbee (HP)

By Sander Marechal [back to top]

Bdale Garbee is a former Debian Project Leader and currently works for HP as Linux CTO. His talk was an interesting overview of the history of the Debian project and how it has grown over the years, especially how it has grown around a common set of values. Other things such as the Debian Manifesto and the DFSG are derived from those values. Most importantly he said that Debian is not a Linux distribution but an association of people committed to building a distro. The distro itself is just the product that comes out of it.

There are several reasons why Debian matters to the Free Software community as a whole. Debian is very focussed on freedom and it has an enormous amount of packages in it's main repository. Many projects use these packages and not just derivatives of the Debian distribution. It is also a very stable and functional development community. It is true that some people see Debian as a project with many internal conflicts and flamewars but in reality this is not true. The noise is generated by a small but vocal group of people within the project. The vast but silent majority just keeps on working.

Bdale said that Debian has contemplated using a Code of Conduct similar to what Ubuntu is using, but it is very hard to integrate something like that into the current structure of Debian. He did recommend that anyone who wants to start their own Free Software project use such a Code of Conduct. The Debian Manifesto and Free Software Guidelines affect the project from a technical point of view. A Code of Conduct does the same on a social level. A good Free Software project needs both.

OSI: Recent activities and future - Michael Tiemann

By Hans Kwint [back to top]

As I arrived late at the OSI-talk, I was only able to attend the last few minutes of the meeting. However, the alarming note given there was quite interesting: The youth of tomorrow - roughly referring to those younger than 18 - knows less and less about free software. Sure, when asked about free software they name Linux, but they are not able to explain how Linux is different from other software, apart from technical and cosmetic details.

Therefore, one of the main tasks of OSI will be educating children about open source and free software. For example, in India nowadays teachers are being taught about FOSS, but in the US the knowledge about FOSS is terrifyingly absent. The latter is also supported by the recent example of Karen who forbade here children to use Linux saying "it's illegal".

OSI is more known for its approval of open source licenses. One of the other things the OSI is working on, is categorizing available licenses. The way the Creative Commons licenses are categorized in a grid may serve as an example here. Another important task is teaching corporations why license proliferation is bad, and this is another task that OSI will take on.

XRandR 1.3 - Matthias Hopf

By Sander Marechal [back to top]

Matthias started his talk with an overview of the things that XRandR 1.2 currently lacks. For example, querying the state of a display currently involves probing it which causes the screen to go temporarily black. XRandR 1.2 also lacks the ability to do desktop panning (movie the view when your mouse cursor hits the edge of the screen) and has trouble with display types. Currently it has to parse the names of the display (like LVDS) and figure out the display type from that.

XRandR 1.3 will solve all of the above problems and add a few other nice features. It adds mandatory property sets to all displays so much more information about displays can provided by the driver in a uniform fashion. Panning is fully supported although there is still a problem with dual-head setups. This problem is not technical but a matter of behaviour. What should the display do when you hit the edge of the screen? Move one the view of one display? Both? What happens when the displays are of a different size? And what happens when the displays are transformed?

Transformations are the other new feature that XRandR 1.3 adds. They make it easy to rotate, flip and scale the display image. It also adds the ability to do keystone correction, that means deforming the image by moving the corners. You can use this for example to correct the display of a beamer that projects at an angle. I asked Matthias how that works in combination with compositing which is also able to do these kinds of transformations. Matthias answered that it works transparently as it should, but when compositing is available it is better to use that instead of the XRandR transformations to prevent slowdowns due to the extra framebuffer copies that need to be stored.

Lightning talk: Linux defenders a.k.a. Open Invention Network - Keith Bergelt

By Hans Kwint [back to top]

One of the threats to FOSS are software patents, and especially patent trolls. These are a hindrance to putting open source into use. Therefore, some patent heavyweights founded the Open Invention Network at the end of 2005. As one can assume, they are not against software patents, tells Keith Bergelt, and in fact they try to stay away from the religious fight about software patents as much as possible. They manage a pool of patents meant to defend Linux if necessary. However, they can do more for FOSS. They will also provide one on one assistance to free software developers or users if they are being threatened by those exerting their patent rights against them. For example, they can talk to patent trolls to ensure them that they should stay away from FOSS and choose another victim. Those being threatened by entities are encouraged to report the attack to LinuxDefenders 911.

Lately, they have been trying to work with the community to search for prior art for existing patents which might threaten FOSS. If prior art is found, they can take this to the USPTO and they will try to invalidate that particular patent. They also hope community members will write defensive publications of their innovations. These defensive publications might serve as prior art later on. Those defensive publications will be put into a database, and if necessary LinuxDefenders will make sure the USPTO receives the right documents.

At this moment, Linux Defenders focuses mainly on patents around mobile platforms, because that's currently an hot issue.

Lightning talk: Private mail with SmallMail - Peter Roozemaal

By Hans Kwint [back to top]

Because of the data retention directive passed by the EU in 2006, a group of privacy concerned Dutch citizens formed the counterpart of Big Brother and named it Small Sister. The projects aim is to protect the privacy of ordinary citizens. Lately, they started a new private e-mail system which they called Smallmail, intended to keep your e-mail secure. Nowadays there's already PGP, but Peter Roozemaal stresses that's not enough. Smallmail supports strong privacy: The headers are also encrypted One of the other goals is to hide even the sheer existence of communication, the reason why a server doesn't even keep track of when an e-mail is received. Smallmail is designed in such a way that anyone can run it as a server without too much hassle. One perceived problem is the distribution of the very long mail addresses including the crypto-keys. Smallsister hopes to tackle this problem by means of using vCards, and you should download the vCard of the one you are mailing to before starting the actual secure communication.

Public meeting of the Open Source Initiative

By Sander Marechal [back to top]

I walked in halfway through the public meeting because I first attended the XRandR presentation. It was clearly structured very different from any of the other talks I attended. It was a very open and lively discussion about the various focus areas that the OSI tries to cover. Many people were contributing and discussing ideas which was fun to watch.

Unfortunately the end of the meeting left me with a bitter taste. The last point of discussion was how the Free Software Foundation and Open Source Initiative can cooperate better. Instead of the open discussion like the previous topic this mainly ended up in finger pointing by the OSI speakers. In there opinion the OSI has made every effort to cooperate but the FSF refuses to do so. Not a good way to end an otherwise nice discussion.

Reverse engineering proprietary protocols - Rob Savoye

By Hans Kwint [back to top]

Lately, a group of reverse engineers has been working to make a free version of Adobe®'s Flash® available. This version is currently known as Gnash. In April '08, Gnash became part of a broader project called OpenMedia Now Foundation.

One of the most tedious parts of making Gnash includes reverse engineering Adobe®'s proprietary Real Time Messaging Protocol. Another option includes disassembling the Flash® binaries, but that's not legal so tells Rob Savoye. Recently Adobe® made the specification of RTMP available, but using that specification to make your own implementation is forbidden by the EULA. Also, it's quite useless because it specifies what was already reverse-engineered.

For the rest Rob's talk focuses mainly on technical aspects of reverse engineering. The tools used to reverse engineer network protocols like RTMP are the old-fashioned TCP-dump, Ngrep and Rob also started using WireShark for its nice GUI. To display data, the GNU core utility od (octal dump) is used, but also the debugger GDB can come in quite handy. Ngrep and tcpdump are also used here. For hex editing, the best tools are ghex2, Emacs, and to a lesser degree also Vim because the latter is not well suited, though that also depends on the modules used according to a member of the audience.

"Once having this tools, you should start looking at the hex-code until it makes sense, which can last several weeks" according to Rob. He sees it as the perfect task for a rainy day. "Another important ingredient is a relaxing and quiet environment". Something Rob definitely has, since he lives up the hills in Colorado.

The way reverse engineering is done once having the right tools, is first identifying and stripping ASCII-characters, and then trying to understand the header. Because Rob deals with network protocols most of the time, an header is almost always present. After the length of the header is found and you understand the header, you can try to change bytes and see what changes. However, a lot of code doesn't work and has to be thrown away. This process repeats itself endlessly, until you can make sense of hex-code.

Questions from the audience are if it is the same as reverse engineering hardware to make drivers - which Rob deems harder - and reverse engineering file formats, which Rob sees as being different. Inevitable people also want to know how to debug encrypted protocols, but Rob can't tell that because of the DMCA and his wish to return to the United States. Moreover, it's not something he's currently working on; though friends of his plan to do this.

Nouveau status update - Stéphane Marchesin

By Sander Marechal [back to top]

Next up in de dev room was the status update of Nouveau, the project that aims to create Free Software 2D and 3D drivers for Nvidia cards. It was an entertaining talk with various interesting anecdotes spliced in. For example, did you know that Nvidia cards are pretty much OpenGL at the hardware level? Most of the variable ranges and constants that OpenGL provides map to the hardware in a 1:1 fashion.

The news on the 2D front is positive: it mostly works today which is impressive since Nouveau is targeting 10 years worth of Nvidia hardware. That means even old cards (such as nv04 cards) will work on new desktops.

The 3D side is not that advanced yet. Pretty much all cards now have some form of Gallium-based driver but but in itself that doesn't say a whole lot. Much work is needed to get 3D working properly. The nv30 and nv40 chipsets are mostly there but nv04, nv20 and nv50 need much work. From there on the drivers will be moved into the Gallium mainline which in turn will be incorporated into the Mesa mainline.

Video decoding has also made progress, thanks to the Google Summer of Code project that resulted in hardware independent decoding at the Gallium level. This should be supported on most newer cards with nv30 chipsets or better although at the moment it just does H.264 decoding. Nvidia cards have come with fixed video decoding pipelines since nv17 but the differences between all the cards are very big so it may not be worth the development effort of implementing this just for cards older than nv30.

The plans of the Nouveau team are to use TTM and GEM for memory management and stabilizing the kernel API. Once that is done they hope for a 2009 release which would mean that the old nv driver does not have to be used anymore.

10 cool things about Exherbo - Bryan Østergaard

By Hans Kwint [back to top]

Exherbo is a new Linux source distribution made because Bryan Østergaard wanted to do things that couldn't be done in Gentoo. The name Exherbo refers to 'from source', because it's a source based distro and because the developers started almost out of nothing. It's quite different from other distributions because at this time it doesn't center on end-users, and also doesn't want to attract too many developers. Bryan tells "If there are like 100 developers or so, they will only end up wanting different things which cannot be done at the same time". Therefore, it's better having less developers who all want basically the same.

One of the most important features of Exherbo is better depository handling, and this is done using Paludis. Also, Exherbo has virtual repositories like 'unwritten' and 'unavailable'. Bryan shows us a list of about twenty repositories his system is currently able to use. Exherbo also has mechanisms to provide sane metadata for packages.

Another interesting possibility Exherbo offers is user authorization by the package manager. It almost treats users or groups as packages, an can show which packages would use a certain user. On of the advantages of this new package management is that it will be easier for unprivileged users to do the things they want to do without having to use su.

Exherbo has been rough in the near past. However, Bryan tells "I have been using it for the last few months as my main system and it didn't brake". As a Gentoo user, your editor would say this is definitely a distribution to keep track of.

Lightning talk: LXDE. Lighter, Faster, Less Resource Hungy - Mario Behling

By Sander Marechal [back to top]

Lightning talks are very short (10-15 minutes) presentations about a certain subject and the LXDE presentation was certainly lightning fast. They crammed an hour worth of LXDE overview into their 15 minute presentation, had time to introduce the community and leave some spare minutes for questions to boot.

The most striking thing about LXDE isn't the project itself but the community. Where many projects lament the lack of Asian members the LXDE community is truly international. They have a lot of members from Taiwan, China, Japan and many other Asian countries as well as a strong representation in western countries.

Lightning talk: Camelot. Building desktop apps at warp speed - Erik Janssens

By Sander Marechal [back to top]

Camelot is a framework based on Python-QT, Elixer and SQLAlchemy that was inspired by the Django framework. Only instead of web applications you use it to build desktop applications. Erik gave a nice overview of how simple it is to create desktop applications with Camelot. It really is fast.

The only downside I could see is the structure. By far the strongest point of frameworks like Django, Ruby on Rails and CakePHP is that they are MVC frameworks which makes changing and maintaining the code easier. Camelot however forgot to copy this bit from Django and instead mixes model, view and controller logic into the same classes. A missed opportunity in my opinion, but Camelot is still a nice framework if you need to get your GUI application up and running in no time.

Augeas - Raphaël Pinson

By Hans Kwint [back to top]

At the Fedora room, Raphaël Pinson gave a talk about Augeas. The fact that Raphaël is actually an Ubuntu developer shows Augeas is not only used on Fedora. Basically, what Augeas hopes to solve is one of the biggest Linux annoyances: How to manage all those different configuration files while at the same time you don't (want to!) know the language of those same configuration files.

A while ago I read Tuomov's "Thoughts on configuration files and databases" and I was quite happy to see Augeas is going in the direction suggested there.

What Augeas basically is, is a configuration Application Programming Interface that deals with text configuration files. Currently, a user who knows how to edit /etc/sudoers might not know how to manage vsftpd.conf, and by developing an uniform API to all those files Augeas hopes to solve this problem. It does this by using a biderectional language, and the several files with sourcecode to enable the bidirectional character of this API are called 'lenses'. This was all a bit abstract, but luckily this was explained by Raphaël.

"What we basically want, is map our text-configuration files to a tree which is easy to understand and edit for the end user, and be able to map that tree back to the text configuration files" he explained. All this should be done automatically, and if done correctly the end-user only has to edit the three, without having to worry about the syntax of the configuration-files themselves. Raphaël then went on by making this all more concrete by showing some examples of these lenses, and configuration file-filters which make heavy use of regular expressions. One of the interesting things he also told is there's theoretical work done on lenses which is parallel to the development of Augeas. The theory then might almost immediately be used in Augeas, and examples from Augeas on its turn are used in the theoretical work. Raphaël showed quickly which mathematical properties a lens should have, which seemed like statements taken from order theory or functional programming. Luckily, I was not the only one a bit lost: "It took me about a day to understand these two rules too" Raphaël confessed.

By this time it became clear to me, that one lens is related to one configuration file, let's say vsftpd.conf. What Augeas then does is use that lens to map the configuration file to a tree which can be edited, and use the same lense to map the tree back to the configuration file. This two opposite directions the lense works is what it makes bi-directional. This is what makes writing a lens quite hard. If for example your lens concatenates two strings but it's not sure how these strings should be divided when going the opposite way, your lense cannot be correct. Currently, one of the programs using the Augeas API is Puppet, about which I will talk again later. As a last note, Raphaël suggests people who are interested take the Quick Tour on the website.

Creative Commons Attribution-ShareAlike


Nobody has posted any comments yet.

Comments have been retired for this article.