OPENSOCIAL I KDE 4 I ORCA I ACCERCISER I VIDEO EDITORS
INTERVIEW WITH
DAVID LIU
of gOS
MUST-HAVE
DESKTOP
SOFTWARE
+
MAKE YOUR
DESKTOP
MORE
RESPONSIVE
ORCA
FOR THE
VISUALLY
IMPAIRED
REVIEWED
»ASUS
EeePC
PROMISING
VIDEO
EDITORS
REMOTE
DESKTOP
SHARING
HOW-TO
» Lotus
Symphony
» Google
Android
1.724452.9366 www.sdgsystems.com/ready
rggedhandheld]
rir^Varnr— v
ir, Linux 2.6,
intelligence to relate information to images. Complete solutions,
including software, are available for your data imaging workflows.
Like our handhelds, it’s fully rugged, waterproof and dustproof.
* rMteulL « . ^ MjJf. ■ .-A.~ 4,
imIyiiTTi
SEE US AT ANY OF THESE SHOWS!
Manage Any Data Center.
Physical or Virtual.
IT Roadmap Conference
Denver, CO
March 4
DoDIIS
San Diego, CA
March 17-19
AFCOM Data Center World
Las Vegas, NV
April 1 - 2
FOSE
Washington D.C.
April 1 - 3
IT Roadmap Conference
Chicago, IL
April 2
MTC New York
New York, NY
April 15-16
Interop Las Vegas
Las Vegas, NV
April 29 - May 1
DCGS
Denver, CO
April 29 - May 1
Microsoft Tech Ed
Orlando, FL
June 10 -13
IT Roadmap Conference
Boston, MA
June 18
Cisco Live
Orlando, FL
June 22-26
Gartner IOM Summit
Orlando, FL
June 23 - 25
IT Roadmap Conference
Atlanta, GA
July 16
Linux World San Francisco
San Francisco, CA
Aug. 5 - 7
Avocent builds hardware and software to access, manage and control any IT asset in
your data center, online or offline, keeping it, and your business, “always on”.
Visit us on our Remote Control Tour. For locations near you, go to
www.avocent.com/remotecontrol.
Avocent and the Avocent logo are registered trademarks of
Avooent Corporation. © 2008 Avocent Corporation.
CONTENTS
MARCH 2008
Issue 167
FEATURES
52 DESKTOP MUST-HAVES
Here's the guide to what you must have to
slide easily into the Linux desktop experience.
Dan Sawyer
64 KDE 4 PREVIEW
A peek at the revolutionary new version
of KDE.
Jes Hall
70 ORCA—TAKE THE KILLER
WHALE FOR A RIDE
The Orca screen reader helps people with
visual impairments access the desktop. It
also can serve as a useful tool for developers
to check their applications for accessibility.
Willie Walker
76 MAKE YOUR APPLICATION
ACCESSIBLE WITH ACCERCISER
Find and solve access issues; your users
will thank you.
Eitan Isaacson
ON THE COVER
• Must-Have Desktop Software, p. 52
• Interview with David Liu of gOS, p. 515
• Orca for the Visually Impaired, p. 70
• Make Your Desktop More Responsive, p. 88
• Promising Video Editors, p. 82
• Remote Desktop Sharing How-To, p. 22
• ASUS Eee PC, p. 42
• Lotus Symphony, p. 46
• Google Android, p. 48
58
BEHIND THE LOW-END LINUX BOX THAT SOLD OUT AT WAL-MART
Doc Searls interviews Dave Liu of gOS. Doc Searls
2 | march 2008 www.linuxjournal.com
RouterBOARD 600
i
1 ;■
J-
The High Performance Wireless Platform
It has four miniPCI slots, three gigabit ethernet
ports, and it is the fastest wireless board that
MikroTik has ever made.
*^ ^iPliiinuiMHiiijiiMiff I? 1 i-stHan
,psn9iy{pni
The heart of this device is a new state of the art
PowerPC networking processor. It makes the
RB600 faster than any other MikroTik wireless
router, introducing a whole new class
to the RouterBOARD brand.
*)
1 I
tLM.\ ,U
wf - T 1 _
[jj^ - - - ^
»SB¥
Two Compactflash slots for webproxy cache
and configuration backups of the User Manager
database or The Dude server.
RB600 includes RouterOS - the operating system
which makes this the most sophisticated
wireless router, firewall, bandwidth manager, or
hotspot.
Ip.
5 .J V W, Vi *
£
And all this power at a very affordable price:
$245
_ —j . V'ju'il f !
a— .ii jjg* JQ
sW: htij mm% .■-*> - * • 2j
Ut?
i.l
CPU
MPC8343E 266/400MHz network processor
Memory
64MB DDR SDRAM onboard memory
Boot loader
RouterBOOT, 1Mbit Flash chip
Data storage
64MB onboard NAND memory chip
Ethernet
Three 10/100/1000 Mbit/s Gigabit Ethernet with Auto-MDI/X
miniPCI
Four MiniPCI Type IIIA/IIIB slots
Expansion
Daughterboard support, including RB500 daughterboards
Compact Flash
Two independent CF slots (incl.TruelDE Microdrive)
Serial port
One DB9 RS232C asynchronous serial port
Speaker
Mini PC-Speaker
Power options
IEEE802.3af PoE: 38..56V DC including over datalines.
Power jack: 10..56V DC
Fan control
Two 5V DC fan power output headers with rotation sensor and auto¬
matic fan switching (maximum output current - 300mA total)
Dimensions
14 cm x 20 cm (5.51 in x 7.87 in), 227 g (8 oz)
Power consumption
~9W without extension cards, maximum - 35+ W
Operating System
MikroTik RouterOS v3, Level4 license
contents rrr
COLUMNS
18 REUVEN M. LERNER'S
AT THE FORGE
OpenSocial and Google Gadgets
22 MARCEL GAGNE'S
COOKING WITH LINUX
My Desktop Lies over the Ocean
28 DAVE TAYLOR'S
WORK THE SHELL
Understanding Shell
Script Shorthand
30 MICK BAUER'S
PARANOID PENGUIN
Security Features in Ubuntu
36 KYLE RANKIN'S
HACK AND /
Automate Your Desktop
-with wmarl-
96 DOCSEARLS'
EOF
Driving Markets from Our
- Own K e rn el s -
IN EVERY ISSU E
LETTERS
114 UPFRONT
NEW PRODUCTS I
81 ADVERTISERS INDEX
REVIEWS
/
46 IBM'S UNFINISHED SYMPHONY
Bruce Byfield
48 DOMOARIGATO MR
ANDROIDATO-AN
INTRODUCTION TO THE NEW
GOOGLE MOBILE LINUX
FRAMEWORK, ANDROID
Adam M. Dutko
INDEPTH _
82 MULTITRACK VIDEO EDITOR
ROUNDUP
Video editing in Linux continues
to improve.
Dan Sawyer
88 MAXIMIZE DESKTOP SPEED
Linux is known for its speed,
even on older hardware, but
you will appreciate it even
more after making these
performance-enhancing tweaks.
Federico Kereki
Next Month
SYSTEM
ADMINISTRATION
Next month, we feature arti¬
cles on setting up a PXE server
and adding menus to boot
kickstart images and rescue
disks from the network,
cfengine for managing con¬
figuration files across large
numbers of machines, and
eliminating tape backups with
FreeNAS and Bacula.
That's not all. We also look at
how Linux is going green, take
the new VMware Server 2 for
a spin, and do a little hacking
of ASUS's EEE PC.
ANDROID
48
USPS LINUX JOURNAL (ISSN 1075-3583) (USPS 12854) is published monthly by Belltown Media, Inc., 2211 Norfolk, Ste 514, Houston,
TX 77098 USA. Periodicals postage paid at Houston, Texas and at additional mailing offices. Cover price is $5.99 US. Subscription rate
is $29.50/year in the United States, $39.50 in Canada and Mexico, $69.50 elsewhere. POSTMASTER: Please send address changes to
Linux Journal, PO Box 980985, Houston, TX 77098. Subscriptions start with the next issue. Canada Post: Publications Mail Agreement
#41549519. Canada Returns to be sent to Bleuchip International, PO. Box 25542, London, ON N6C 6B2
4 | march 2008 www.linuxjournal.com
1U Multi-purpose Servers
Advanced 1U Servers: starting at $3,299
Poly 250QA16 - 2x Quad CoreOpteron 8347
16GB DDR2, 4x250GB HD, Dual Gigabit LAN
Entry Level 1U starts at $499
PbSywalt has been specializing in building
customized computer solutions for over
20 years.
Our system specialists will work
with you to get you ifra best solul ton
for any project.
Fblywelt has a tech team fully dedicated Eo
supporting our Linux users. We also offer a
wide selection of Linux distrOS.
All Opleron serpens will support both
Dual-Core and Quad-Core.
1U to 8U
up to 32 way, 128G RAM
2U 16Way Server:
Poly 8425SS - 4x Opteron 8347, 64GB DDR2
8x500GB (RAID 5 Storage) 3xGigabit LAN
Storage
up to 24TB
12TB Storage driven by Opterons starting at $7,299
Other Options: 24TB Storage
SAN/NAS, SUMA Storage also available
AMO Dual-Coro & Quad-Core technology vno
One platform to meet file need$ of muW-tasklf
multi-threaded environments; provides platfo
Blades
10 Dual or Quad Processors
PolyBlade 2500A:
lOx (Dual Opteron 2210, 4GB RAM, 80G HD)
Blades servers need not be fully populated.
Polywell OEM Services. Your Virtual Manufacturer
■ 20 Years of Customer Satisfaction
* 5-Year Warranty, Industry's Longest
888.765.9686 ■ First CEass Custom gt Service
San Mateo Avc. South San Francisco. CA 94080 650.583.7222 Fax: 650.583.1974
tf ilsvr-nced Device, lx. Image tn*k & a Fwtl Expedition, tiafienertk ol Ford Motors Corporation. Alt other brands, nances are gt their resperti 1 ^ companies.
GO SOLID.
INCREASE RELIABILITY.
solid state systems
fully x86 compatible
fanless, quiet operation
Direct-Plug •
IDE Flash Modules
1 Intel, VIA & AMD CPUs
95% Efficiency-Rated
PicoPSU Power Supplies •
DISCOVER MINI-ITX.
LOGIC
SUPPLY
www.logicsupply.com
LINUX
JOURNAL
JOURNAL
Executive Editor
Jill Franklin
jill@linuxjournal.com
Senior Editor
Doc Searls
doc@linuxjournal.com
Art Director
Garrick Antikajian
garrick@linuxjournal.com
Products Editor
James Gray
newproducts@linuxjournal.com
Editor Emeritus
Don Marti
dmarti@linuxjournal.com
Technical Editor
Michael Baxter
mab@cruzio.com
Senior Columnist
Reuven Lerner
reuven@lerner.co.il
Chef Fran^ais
Marcel Gagne
mggagne@salmar.com
Security Editor
Mick Bauer
mick@visi.com
Contributing Editors
David A. Bandel • Ibrahim Haddad • Robert Love • Zack Brown • Dave Phillips • Marco Fioretti
Ludovic Marcotte • Paul Barry • Paul McKenney • Dave Taylor • Dirk Elmendorf
Proofreader Geri Gale
Publisher
General Manager
Director of Sales
Regional Sales Manager
Regional Sales Manager
Circulation Director
System Administrator
Webmaster
Accountant
Carlie Fairchild
publisher@linuxjournal.com
Rebecca Cassity
rebecca@linuxjournal.com
Laura Whiteman
laura@linuxjournal.com
Joseph Krack
joseph@linuxjournal.com
Bruce Stevens
bruce@linuxjournal.com
Mark Irgang
mark@linuxjournal.com
Mitch Frazier
sysadm@linuxjournal.com
Katherine Druckman
webmaster@linuxjournal.com
Candy Beauchamp
acct@linuxjournal.com
Linux Journal is published by, and is a registered trade name of, Belltown Media, Inc.
PO Box 980985, Houston, TX 77098 USA
Reader Advisory Panel
Brad Abram Baillio • Nick Baronian • Hari Boukis • Caleb S. Cullen • Steve Case
Kalyana Krishna Chadalavada • Keir Davis • Adam M. Dutko • Michael Eager • Nick Faltys • Ken Firestone
Dennis Franklin Frey • Victor Gregorio • Kristian Erik • Hermansen • Philip Jacob • Jay Kruizenga
David A. Lane • Steve Marquez • Dave McAllister • Craig Oda • Rob Orsini • Jeffrey D. Parent
Wayne D. Powel • Shawn Powers • Mike Roberts • Draciron Smith • Chris D. Stark • Patrick Swartz
Editorial Advisory Board
Daniel Frye, Director, IBM Linux Technology Center
Jon "maddog" Hall, President, Linux International
Lawrence Lessig, Professor of Law, Stanford University
Ransom Love, Director of Strategic Relationships, Family and Church History Department,
Church of Jesus Christ of Latter-day Saints
Sam Ockman
Bruce Perens
Bdale Garbee, Linux CTO, HP
Danese Cooper, Open Source Diva, Intel Corporation
Advertising
E-MAIL: ads@linuxjournal.com
URL: www.linuxjournal.com/advertising
PHONE: +1 713-344-1956 ext. 2
Subscriptions
E-MAIL: subs@linuxjournal.com
URL: www.linuxjournal.com/subscribe
PHONE: +1 713-589-3503
FAX: +1 713-589-2677
TOLL-FREE: 1-888-66-LINUX
MAIL: PO Box 980985, Houston, TX 77098 USA
Please allow 4-6 weeks for processing address changes and orders
PRINTED IN USA
LINUX is a registered trademark of Linus Torvalds.
EmperorLinux
...where Linux & laptops converge
Portab
Since 1999, EmperorLinux has provided pre-installed Linux
laptops to universities, corporations, government labs, and
individual Linux enthusiasts. Our laptops range from full-
featured ultra-portables to desktop replacements. All
systems come with one year of Linux technical support by
phone and e-mail, and full manufacturers' warranties apply.
Toucan T61/T61ws
ThinkPad T61/T61ws by Lenovo
• Up to 15.4" WUXGAw/ X@1920xl200
• NVidia Quadra FX 570M graphics
• 1.8-2.6 GHz Core 2 Duo
• 512 MB-4 GB RAM
• 80-200 GB hard drive
• CDRW/DVD or DVD±RW
• 5.2-6.0 pounds
• 10/100/1000 Mbps ethernet
• 802.11a/b/g (54Mbps) WiFi
•Starts at $1530
Powerf
EmperorLinux specializes in the installation of Linux on a
wide range of the finest laptops made by IBM, Lenovo, Dell,
Sony, and Panasonic. We customize your choice of Linux
distribution to your laptop and provide support for:
ethernet, wireless, X-server, ACPI power management, USB,
EVDO, PCMCIA, FireWire, CD/DVD/CDRW, sound, and more.
Rhino D830/M6300
Dell Latitude D830/Precision M6300
Up to 17" WUXGAw/ X@1920xl200
• NVidia Quadra FX 1600M graphics
• 1.8-2.8 GHz Core 2 Duo/Extreme
• 512 MB-4 GB RAM
• 60-200 GB hard drive
• DVD±RW or Blu-ray
• 6.3-8.6 pounds
• 802.11a/b/g (54Mbps) WiFi
• ExpressCard/EVDO
•Starts at $1350
Unique
Ruggedized Panasonic laptops are designed for harsh
environments: drops, vibrations, sand, rain, and other
extremes. ThinkPad tablet PCs are like other laptops, with
an LCD digitizer for pen-based input both as a mouse and
with pressure sensitivity for writing and drawing on-screen.
Raven X61 Tablet
ThinkPad X61 Tablet by Lenovo
• 12.1" SXGA+ w/ X@1400xl05
• 1.6 GHz Core 2 Duo
• 1-4 GB RAM
• 80-200 GB hard drive
• 3.8 pounds
• Pen/stylus input to screen
• Dynamic screen rotation
• Handwriting recognition
• X61s laptops available
• Starts at $2150
www.EmperorLinux.com
Model prices, specifications, and availability may vary. All trademarks are the property of their respective owners.
letters
A
SECURITY
>} Lea m the Path
to a More
Secure System
» Discover
Dangerous
pilaws in Your
DNS Infrastructure
+ Creating JPsecand 5SL/TLS
Tunnels In Linux
Whet’s N«w with Eric Raymond?
Calculator
Thanks for Dave Taylor's Work the
Shell column in the December 2007
issue of LJ. I learned some new things
from it. Truth be told, most of the
articles in LJ are irrelevant to me, but
I slow down and pay attention when
I come to Dave's column.
Dave didn't mention it, but surely he
knows about calc (isthe.com/chongo/
tech/comp/calc)? This is a very pow¬
erful command-line calculator that I
use often.
$150 rebate instead of the $360 rebate
that you get with Windows!
Something stinks at Dell when a Linux
or FreeDOS box costs $210 more than
an XP box.
Stanley Miller
Thanks for the Games
Thank you for three game articles in the
December 2007 issue of Linux Journal. I
am glad to see progress in Linux gaming.
Games are the only reason I still have a
Windows partition on my computer. The
best first-person games are still only on
Windows ( BioShock , Oblivion and so on).
Fortunately, my favored strategy game
does have a Linux version: Dominions 3
(www.shrapnelgames.com/lllwinter/
Dom3/1.htm).
Richard
More Business Content, Please
I was recently browsing through the
archived articles of Linux Journal on
www.linuxjournal.com, and I noticed
that the past year or two has marked a
decline in the number of articles target¬
ed at business Linux users. Recent arti¬
cles have focused more on home and
educational users and developers than
on the business administrator.
In the interest of full disclosure, Landon
Curt Noll happens to be a personal
friend who wrote calc long before I
became acquainted with him. Keep
doing what you're doing in LJ.
Bob
Dell Linux Systems
I'm part of the reason Dell is showing
weak sales on Linux systems. I just pur¬
chased a slightly upgraded Dell Inspiron
530 for $579.75 with Windows XP, and
I'm reformatting and putting Linux on it
the day it arrives.
I considered getting the identical
FreeDOS or Ubuntu version, but they
were several hundred dollars more
expensive, because they offer only a
I understand that it's a struggle to find a
balance between which audiences you tar¬
get, but as the manager of an Information
Technology department for a medium-size
business, I would appreciate more focus on
the business administration side of things.
I'm looking for articles that give me good,
detailed suggestions on how and where
Linux can be useful to my organization.
It's great to read an article about thin
clients, LTSP and how the two can be used
together in a lab environment for students
in a school, but I don't have large lab envi¬
ronments with various people coming and
going all day using the same machines. I
have cubicles where the same people sit
down at the same desks every day and use
business applications, like Microsoft Office
and Visual Studio. How about some
articles that tell me how I can implement
OpenOffice.org without making my users
angry and without making it impossible to
interact with all of our customers and
suppliers who use Microsoft Office? How
about articles that present methods to
migrate Microsoft Access Databases (I
use the term "database" coupled with
"Microsoft Access" very loosely) to
open-source RDBMS systems with Web
interfaces? Articles focusing on ERP
systems for businesses? Of course, I'm not
suggesting that you turn your attention
entirely or even primarily toward business
users (unless, of course, you'd like to fork
another edition of LJ), just that you bring
some of the focus back to that area.
Also, I realize that Doc Searls has his Linux
for Suits column, but the times I've read
that, it seems to read more like the
editorial page of a newspaper and less
like a practical guide for implementing
Linux in a business environment.
Finally, because of some of the editorial
comments I've read in LJ about the
Novell/Microsoft agreement, I have to put
in my two bits about the deal. I under¬
stand the strong anti-Microsoft reaction
of Linux purists everywhere, I realize that
it certainly isn't an ideal situation, and I
understand the wary attitudes with which
people approach the deal and say, "What
kind of stunt is Microsoft going to pull this
time?" That's all completely understand¬
able. However, as I said before, I manage
an IT department, and Novell is helping me
save loads of money on Microsoft licensing
and is providing some very promising
prospects for alternatives to Microsoft
software in the very near future, along
with some prospects for more interopera¬
ble systems between Microsoft's software
and non-Microsoft software. Of course,
I, too, am a bit cautious about what
Microsoft sees in the deal, but I'm also a
very satisfied Novell customer and see a lot
of potential for their products to, at the
very least, become a gateway out of the
Microsoft world and into open source.
Nick Couchman
We appreciate your comments Nick ,
and we'll try to include more business-
oriented articles soon.
8 | march 2008 www.linuxjournal.com
3 3 f J V3 J J S ► i»d±!3
MORE PRODUCTS, BETTER SERVICE, GUARANTEED.
1.877.727.7887 | www.ServersDirect.com
GO STRAIGHT TO THE SOURCE!
'( H '
J
P YOUR BUSINESS
NING SMOOTHLY
Protect your small business with the built-in security enhancements of the Dual-Core Intel® Xeon® Processor in your ServersDirect®
✓ 1U Rackmount Server with 260W
Power Supply
^ Intel® 3210 + ICH9R Chipset
Intel® Xeon® 3200 and Xeon® 3000 Series
* Support up to 8GB unbuffered
^ ECC/non-ECC DDR2 800/677 SDRAM
s lx 3.5" Internal Drive Bay
✓ Dual RJ45 LAN ports
✓ 1U Rackmount Server with 280W
High-Efficiency Power Supply
✓ Intel® 5000V Chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 16GB DDR2 667 &
533 FB-DIMM
✓ 2 x 3.5" Hot-swap SATA Drive Bays
✓ Dual-port Gigabit Ethernet Controller
1U Rackmount Server with 900/980W
High-Efficiency Power Supply
✓ Intel® 5000P Chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 32GB DDR2 667 &
533 FB-DIMM
✓ 2x2x Hot-swap SATA Drive Bays
✓ Dual-port Gigabit Ethernet Controller
* 2U Rackmount Server with 400W
Power Supply
✓ Intel® 3210 + ICH9R Chipset
✓ Intel® Xeon® 3200 and Xeon® 3000 Series
✓ Support up to 8GB unbuffered ECC/non-ECC
DDR2 800/677 SDRAM
s 6 x 3.5" Hot-swap SATA Drive Bays
✓ Dual-port Gigabit Ethernet Controller
✓ 2U Rackmount Server with 400W
Power Supply
✓ Intel® 5000V chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 16GB DDR2 667
& 533 FB-DIMM
✓ 6 x 3.5" Hot-swap SATA Drive Bays
✓ Dual-port Gigabit Ethernet Controller
✓ 2U Rackmount Server with 560W
High-Efficiency Power Supply
✓ Intel® 5000P Chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 32GB DDR2 667 &
533 FB-DIMM
✓ 8 x 3.5" Hot-swap SAS Drive Trays with SES2
* Dual-port Gigabit Ethernet Controller
SDR-I6301-T06
* 3U Rackmount Server with 800W
Redundant Power Supply
/ Intel® 5000P Chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 64GB DDR2 667 & 533 FB-DIMM
✓ Dual-Channel U320 SCSI with
16 (8+8) Hot-swap Drive
✓ Dual-port Gigabit Ethernet Controller
✓ 4U Rackmountable / Tower w/ 800W
High Efficiency Red. PS
✓ Intel® 5000P Chipset
✓ Dual Intel® 64-bit Xeon® Quad-Core
or Dual-Core
✓ Support up to 64GB DDR2 667 & 533 FB-DIMM
y Dual-Channel U320 SCSI with
8 (4+4) Hot-swap Drive
✓ Dual-port Gigabit Ethernet Controller
✓ 6U Rackmount with 550W Power Supply
✓ Intel® Chipset 5000V
✓ Dual Intel® 64-bit Xeon® Quad-Core or Dual-Core
✓ Support up to 16GB DDR2 667 & 533 FB-DIMM
✓ 6 x 3.5" Hot-swap SATA Drive Bays
✓ Dual-port Gigabit Ethernet Controller
SERVERS DIRECT CAN HELP YOU CONFIGURE YOUR NEXT HIGH PERFORMANCE SERVER SYSTEM - CALL US TODAY!
Our flexible on-line products configurator allows you to source a custom solution, or call and our product experts are standing by to
help you assemble systems that require a little extra. Servers Direct - your direct source for scalable, cost effective server solutions.
1.877.727.7887 I www.ServersDirect.com
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, Pentium, and Pentium III Xeon are trademarks of
Intel Corporation or it’s subsidiaries in the United States and other countries.
Dual-core.
Do more.
[LETTERS]
Baffled
I have been a reader of Linux Journal for many years and
find something to enjoy in every issue. I was, however,
somewhat baffled by your inclusion of Sandeep Sahore's
Tech Tip on his program showdate in the November
2007 issue.
Although it is indeed very useful to determine dates in the
past and future, showdate is entirely unnecessary, and by
the author's own admission, broken and quirky.
May I present GNU date, included with every distribution of
Linux I have ever used (source available for your favorite
UNIX, naturally). For the benefit of your readers, I have
duplicated the examples from the showdate Tech Tip and
added a few more.
The date ten years ago:
$ date --date="10 years ago"
Same as above in epoch seconds:
$ date --date="10 years ago" +%s
Five years, two months and 23 days from now in the format
YY-MM-DD:
$ date --date="+5 years +2 months +23 days" +%y-%m-%d
With date, when you combine + and - in one command, it
does the right thing (unlike showdate):
$ date +%y-%m-%d
07-12-05 (now)
$ date --date=“-5 years +2 months +23 days" +%y-%m-%d
03-02-28 (2 months and 23 days after 5 years ago)
Schedule an at job 12 minutes and 35 seconds from now:
$ at -t $(date --date="+12 minutes +35 seconds" +%Y%m%d%H%M.%S)
Date isn't broken by large numbers:
$ date --date=" + 1000 years"
Sat Dec 5 16:41:40 EST 3007
$ date --date=" + 10000 years"
Wed Dec 5 17:01:17 EST 12007
Date understands weeks too:
$ date --date="+3 weeks"
Date is even more flexible, for example, all of the following
are valid:
$ date --date="yesterday"
$ date --date="tomorrow"
$ date --date="last thursday"
$ date --date="+2 weeks yesterday" (two weeks from yesterday)
In fairness, like many GNU programs, a lot of the above is
documented only on the info page (not the man page).
Joshua
Determinism
I enjoyed Roman Shaposhnik's article
"Roman's Law and Fast Processing with
Multiple CPU Cores" in the November
2007 issue of LJ, but he too briefly
touched on an issue with large future
implications. The problem isn't finding
ways to make threads more deterministic;
the problem is in our assumption that
computers should be deterministic. A
reliance on determinism works for pro¬
cessing on 8, or 16, or even 256 cores,
but what about 256,000 cores? Or 256
million cores? As elements flicker in and
out due to errors and faults, these cre¬
ations will be better imagined as statisti¬
cal ensembles than simple machines, no
matter how many OSI-like layers are
created. As a developer, you can become
comfortable with ways to flesh out the
gotchas that occur in parallel environ¬
ments, but there is only so far that tools
and insights can go if they are based on
the wrong foundation. At some point
in the future, we'll need to trade our
Boolean yes or no for a Bayesian degree
of belief. The software community has
started to get a taste of this in loosely
coupled aggregates like grids, but there
is much, much more to come.
Jon Dunfee
Another Tip on a Tip
This is in response to the Tech Tip on
page 92 of the January 2008 issue,
"Removing Duplicate Lines in Unsorted
Text without Losing Input Order". If you
have Perl installed (most distros do),
you could do it like this:
$ perl -ne'$x{$_}++||print' /tmp/numbers
John W. Krahn
Bash Can Do It
I was surprised and dismayed to see
Dave Taylor resort to Perl to map letters
to numeric values, in his January 2008
Work the Shell column. He states that
the shell can't do this easily: "There's
nothing I can imagine without extraor¬
dinary levels of effort."
Perl is not needed; bash can do the
same thing easily:
ordvalue=$(('printf "%d\n.Sletter"'-96))
Russ Turner
Dave Taylor replies: Cool. I didn't
know you could do that!
Iceweasel Clarification
In the January 2008 issue of Linux Journal,
Kyle Rankin wrote an article concerning
anonymous Web browsing. Although the
bulk of his content appears accurate, I
noticed a fairly big mistake in one refer¬
ence regarding the Knoppix LiveCD. He
refers to Iceweasel as "Firefox's name on
Knoppix". This is inaccurate. Iceweasel is
the forked browser based on Firefox,
built initially by the Debian distribution.
Iceweasel relieves the non-free issues that
are part of the Firefox browser, as the
Firefox browser cannot be redistributed
10 | march 2008 www.linuxjournal.com
The Straight MkPeople
SINCE
uiS*
ABERDEEN
QUAD-CORE.
SAY NO MORE!
BERDEEN STIRLING 144
Four 6Zuad-Cores
1U 3TB Quad Quad-Core HPC Server
• Up to four Quad-Core Intel® Xeon® MP processors
• Intel 7300 chipset with 64-Bit Support
• Up to 192GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 3 x 1TB (3TB Total) Hot-Swap SATA Hard Drives
• 1000W AC Power Supply w/PFC
• 5-Year Warranty
BERDEEN STIRLING 128
1U 4TB Dual Quad-Core Server
• Up to two Quad-Core Intel Xeon processors
• Intel 5000P Chipset with 64-Bit Support
• Up to 64GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 4 x 1TB (4TB Total) Hot-Swap SATA Hard Drives
• 560W AC Power Supply w/PFC
• 5-Year Warranty
> 4,975
3U 12TB Dual Quad-Core Storage Server
• Up to two Quad-Core Intel Xeon processors
► Intel 5000P Chipset with 64-Bit Support
► Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory
► Up to 12 x 1TB (12TB Total) Hot-Swap SATA Hard Drives
► Areca ARC-1231 ML PCI Express 800MB/sec RAID Controller
► 650W 2+1 Redundant Hot-Swap Power Supply
* 5-Year Warranty
Starting at
$
3,389
Starting at
$
BERDEEN STIRLING X633
BERDEEN STIRLING X840
6U 32TB Dual Quad-Core Storage Server
• Up to two Quad-Core Intel Xeon processors
• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 32 x 1TB (32TB Total) Hot-Swap SATA Hard Drives
• Up to two Rear Hot Swap SATA Hard Drives for OS
• Dual Areca PCI Express 800MB/sec RAID Controllers
1350W 3+1 Triple Redundant Power Supply
1 5-Year Warranty
Starting at
$
6,439
1 5-Year Warranty
Starting at
$
Intel, Intel Logo, Intel Inside, Intel Inside Logo, Pentium, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries. For terms and conditions, please see www.aberdeeninc.com/abpoly/abterms.htm. Ij024
BERDEEN STIRLING 228
2U 8TB Dual Quad-Core Server
• Up to two Quad-Core Intel Xeon processors
• Intel 5000P Chipset with 64-Bit Support
• Up to 64GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 8 x 1TB (8TB Total) Hot-Swap SATA Hard Drives
• 700W Redundant Hot-Swap Power Supply
• 5-Year Warranty
1,899
Starting at
> 2,279
BERDEEN STIRLING X526
4U 16TB Dual Quad-Core Storage Server
• Up to two Quad-Core Intel Xeon processors
• Intel 5000P Chipset with 64-Bit Support
• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 16 x 1TB (16TB Total) Hot-Swap SATA Hard Drives
• Areca ARC-1261 ML PCI Express 800MB/sec RAID Controller
• 650W 2+1 Redundant Hot-Swap Power Supply
• 5-Year Warranty
5U 24TB Dual Quad-Core Storage Server
• Up to two Quad-Core Intel Xeon processors
• Intel 5000P Chipset with 64-Bit Support
• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to two Internal SATA Hard Drives for OS
• Areca ARC-1280ML PCI Express 800MB/sec RAID Controller
• 950W 3+1 Triple Redundant Hot-Swap Power Supply
• 5-Year Warranty
3,849
Starting at
* 4,989
8U 40TB Dual Quad-Core Storage Server
• Up to two Quad-Core Intel Xeon processors
• Up to 32GB 667MHz ECC Fully Buffered FBDIMM Memory
• Up to 40 x 1TB (40TB Total) Hot-Swap SATA Hard Drives
• Up to two Rear Hot Swap SATA Hard Drives for OS
• Dual Areca PCI Express 800MB/sec RAID Controllers
1350W 3+1 Triple Redundant Power Supply
8,029
Xeon*
inside"
Quad-core.
Unmatched.
888-297-7409
www.aberdeeninc.com/Ij024
[LETTERS]
Get a Clue
Mick Bauer's column "Getting a Clue with WebGoat", in the January 2008
issue of LJ, was missing a few clues. After some trial and error using Ubuntu
7.10, I found all the "Gutsy" clues. Mr Bauer left me clueless on setting the
jAVAJHOME variable. The QRG is:
$ sudo apt-get install sun-java5-jdk
$ export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun-1.5.0.13
$ wget http://webgoat.googlecode.com/files/
^Unix_WebGoat-5.0_Release.zip
$ unzip Unix_WebGoat*.zip
$ wget
http://downloads.sourceforge.net/owasp/
^webscarab-ins taller-20070504-1631.j ar?modtime=1178324741
$ java -jar webscarab-installer-20070504-1631. jar
$ java -jar M /home/username/WebScarab/webscarab.jar"
$ sudo sh ./webgoat.sh start80
What doesn't kill me makes me better.
PS. I like (intentionally, I hope) that the use of Tomcat was installed with WebGoat
and that in the same issue Alan Berg had an article on efficiency tricks with
Apache and Tomcat titled "Separate the Static from the Dynamic with Tomcat and
Apache". As my first use of Tomcat was with WebGoat, touching on Tomcat later
in the issue gave me a chance to further explore Tomcat. Bravo.
sbaker813
using the Mozilla Firefox name or logo if
any changes are made by a distribution.
Christer Edwards
GRUB Security
I enjoyed the "The Tao of Linux Security"
article by Jeramiah Bowling in the
January 2008 issue of Linux Journal.
I do have one small tip for the author,
however. He suggests setting a password
to the GRUB bootloader by adding
password yourpasswordhere below
the timeout line in the GRUB config
file. Although this is technically accurate,
if we're shooting for security, let's try
not to leave passwords lying around
in plain text.
Most major distributions should ship
with the grub-md5-crypt command
that allows you to generate md5-
hashed passphrases for the GRUB
bootloader. I suggest that anyone
applying a GRUB security model
would use this tool to generate
an md5-hashed password and
use that via the syntax password
--md5 pasteyourmd5hashhere.
Christer Edwards
More Work the Shell Tips
In the January 2008 issue of Linux
Journal, Dave Taylor is musing over
"how do you step through a word,
letter by letter, in a shell script", and
later, "how do you convert characters
into corresponding numerical codes".
Here is how (bash):
in=linux
while [ -n "$in" ]; do
val=$(($(printf %d ""${in:0:l}) - 96))
echo "... letter ${in:0:1} has value $val"
in=${in:1}
done
As for the Perl code used later in the
same article, the simplest way to get
from a string a list of corresponding
byte codes is to use unpack with aC*
or c* pattern. So the following Perl
gives the result he is after:
@values = map {$_ - 96} unpack "C*", "linux";
A corresponding list of "letter keys"
will be produced by split //,
"linux";. Of course, variables could
be used in place of literal strings.
Michal Jaegermann
LINUX
JOURNAL
fit Your Service
MAGAZINE
PRINT SUBSCRIPTIONS: Renewing your
subscription, changing your address, paying your
invoice, viewing your account details or other
subscription inquiries can instantly be done on-line,
www.linuxjournal.com/subs. Alternatively,
within the U.S. and Canada, you may call
us toll-free 1-888-66-LINUX (54689), or
internationally+1-713-589-2677. E-mail us at
subs@linuxjournal.com or reach us via postal mail,
Linux Journal, PO Box 980985, Houston, TX
77098-0985 USA. Please remember to include your
complete name and address when contacting us.
DIGITAL SUBSCRIPTIONS: Digital subscriptions
of Linux Journal are now available and delivered as
PDFs anywhere in the world for one low cost.
Visit www.linuxjournal.com/digitdl for more
information or use the contact information above
for any digital magazine customer service inquiries.
LETTERS TO THE EDITOR: We welcome
your letters and encourage you to submit them
to ljeditor@linuxjournal.com or mail them to
Linux Journal, 1752 NW Market Street, #200,
Seattle, WA 98107 USA. Letters may be edited
for space and clarity.
WRITING FOR US: We always are looking
for contributed articles, tutorials and real-
world stories for the magazine. An author's
guide, a list of topics and due dates can be
found on-line, www.linuxjournal.com/author.
ADVERTISING: Linux Journal is a great
resource for readers and advertisers alike.
Request a media kit, view our current
editorial calendar and advertising due
dates, or learn more about other advertising
and marketing opportunities by visiting us
on-line, www.linuxjournal.com/advertising.
Contact us directly for further information,
ads@linuxjournal.com or +1 713-344-1956 ext. 2.
ON-LINE
WEB SITE: Read exclusive on-line-only content on
Linux Journal's Web site, www.linuxjournal.com.
Also, select articles from the print magazine
are available on-line. Magazine subscribers,
digital or print, receive full access to issue
archives; please contact Customer Service for
further information, subs@linuxjournal.com.
FREE e-NEWSLETTERS: Each week, Linux
Journal editors will tell you what's hot in the world
of Linux. Receive late-breaking news, technical tips
and tricks, and links to in-depth stories featured
on www.linuxjournal.com. Subscribe for free
today, www.linuxjournal.com/enewsletters.
V
12 | march 2008 www.linuxjournal.com
Are you
Shocked
by the
high cost
of iSCSI &
Fibre Channel
SAN storage?
AoE is the answer!
ATA-over-Ethernet = Fast, Reliable, Simple storage.
www.coraid.com
EtherDrive® SRxxxx
Fast & Flexible RAID appliances
with slots for hot swap SATA disks
Check out our full line of EtherDrive® Storage and
VirtualStorage Appliances and NAS Gateways
1. Fast 10 Gigabit Ethernet Storage
without the TCP/IP overhead!
2. Unlimited expandability, at the
lowest possible price point!!
3. You want more storage...you
just buy more disks - it's that
simple!!!
Visit us at www.coraid.com
CORAID
www.coraid.com
1.706.548.7200
The Linux Storage People
FRONT
NEWS + FUN
WHAT'S NEW
IN KERNEL
DEVELOPMENT
The 2.4 kernel
[ “ U looks more and more
immobile. Except
for bug fixes, it no
longer seems to be
the case that any
new code will be
accepted. Even clean, well-written, mini¬
mally invasive driver ports from the 2.6
tree now are being turned away, as
Vitaliy Ivanov recently discovered. He'd
ported the adutux driver to 2.4 and
submitted it, only to be told by Willy
Tarreau that the driver would not be
accepted, because no one used the rele¬
vant hardware on 2.4 systems. The fact
that this may be because the driver has
not been available was met with the
argument that people who may have
needed such a driver probably already
have found different hardware to
solve their problem. And, Willy added,
because the 2.4 tree was not changing
so quickly these days, those who did
want the patch would have no trouble
applying it themselves.
Vitaliy was a bit disappointed and
surprised by this. But, in spite of the
rejection, Willy and other top hackers
still helped Vitaliy get the patch into
the best possible shape, in case anyone
ever did want to apply it. The patch
apparently now will live in Willy's own
personal tree, which gathers together
2.4 patches that are unlikely to make
it into the official tree.
The hardware4linux.info site has
come on-line, providing a database of
hardware and its interoperability with the
various Linux distributions that exist in
the wild. Like similar projects, this one
relies on user-contributed data.
It's possible that the Linux-tiny
Project will be started up again, under
Michael Opdenacker's leadership, but
there seems to be considerable opposi¬
tion. Linux-tiny is a general effort to
make the kernel smaller, both in RAM
and on disk, and to provide a central
location to submit all such patches, so
they can be fed to Andrew Morton
or Linus Torvalds. But, several folks,
including Andrew, felt there was no
need for a central location beyond the
kernel itself. His feeling is that any patch¬
es that can help make the kernel smaller
should be submitted to him, rather than
to Michael or anybody else.
However, as a lot of these patches
already have collected around Michael,
he feels he's still needed to help organize
them and present them to Andrew or
whomever. So, there does seem to be
the sense that Linux-tiny is needed, in
spite of the fact that folks like Andrew
are very much opposed. It seems as
though this could shake out either way.
A very interesting new distributed
filesystem has hit the scene, created
by Sage Weil as part of his PhD studies.
It's been under development for a while
now, but Sage has just made his first
official announcement. As a result, the
filesystem is likely to be more stable than
other filesystems at the time of their ini¬
tial announcement; however, because of
the lack of testing, users probably should
not trust Ceph with their data until it has
had a bit more time under the spotlight.
Ceph supports the familiar POSIX
filesystem semantics and distributes its data
across an arbitrary number of nodes on a
network. Data is replicated and rebalanced
behind the scenes, so the loss of only a
small number of nodes would be unlikely
to cause any data loss.
Originally, the filesystem client itself
had been done in FUSE, which made for
rapid development at the cost of some
speed and correctness. One of the reasons
Sage chose to make his announcement
now is that he has begun work on an
in-kernel client, which addresses all the
correctness and efficiency issues.
Adrian Bunk wants to take away the
Experimental configuration depen¬
dency. The idea behind Experimental
was that users could choose not to see a
large swath of unstable configuration
options and, thus, focus only on the
options that seemed the most thoroughly
tested and reliable. If, during kernel
configuration, users clicked on the
"Enable experimental features" option,
they suddenly would see all the weird
stuff that hadn't yet stabilized. The great
value of the Experimental option was
that it allowed newer code to have the
widest possible distribution among
users, without putting users in a position
to harm themselves by inadvertently
enabling a feature that would somehow
or other trash their systems.
Unfortunately, according to Adrian, so
many necessary drivers still are listed as
experimental, that distributions have been
enabling experimental features by default
in their production kernels. In many cases,
these drivers have not really been experi¬
mental for a long time, but their develop¬
ers just never bothered to remove the
dependency. So now, users have none of
the benefit of being able to turn off
experimental features. If they want to use
their system at all, in many cases, they are
obliged to enable experimental features
and hope they don't inadvertently enable
something else that is less stable.
It's unclear what ultimately will
become of the feature. Clearly, many
experimental features in the kernel
would have to be removed entirely, if
there were no way to hide them from
users who wanted only the most solid
features. If Adrian does remove the
Experimental option and nothing
replaces it, all those features may
lose out on their current high level of
availability to new users. Meanwhile,
the drivers that had caused the whole
problem by failing to remove their
dependency on the Experimental option
would get to stay in the kernel, because
they are not really experimental.
— ZACK BROWN
USER FRJENOLT by J.D. 'IIliad" Ffifcir
THAT LOOKS ftmERESTWfr
WHAT iS FT?
MILROSOFTS
eXPERFMEUT YOU
CREATE A PASSWORD
FROM WHA7 YOU SEE
IN WK BLOTS.
/
y MUKMCiii tifniH
14 | march 2008 www.linuxjournal.com
LJ Index,
March 2008
1. Percentage of users that click on ads at
least once per month: 1
2. Number of times per month most of those
who click on ads do so: 1
3. Out of three persons who click on advertising,
the number most likely to be female: 2
4. Projected billions of dollars (US) in 2008
advertising sales worldwide: 486
5. Projected billions of dollars (US) in 2008
on-line advertising sales worldwide: 44.6
6. Projected 2008 worldwide market share
percentage for on-line advertising: 9.4
7. Years that will pass before on-line advertising
will overtake radio advertising: 0
8. Years that will pass before on-line advertising
will overtake magazine advertising: 2
9. Lines of code searched by Koders.com:
766,893,913
10. Lines of code searched by KruglePublic, in
billions: 2.6
11. Code repositories searched by Krugle.com:
600
12. Thousands of projects searched by
KruglePublic: 100
13. Number of projects registered at
SourceForge: 164,138
14. Number of users registered at SourceForge:
1,744,635
15. Service listings in SourceForge Marketplace
at launch: 600
16. Millions of Linux-based mobile handsets
sold by Motorola: 9
17. Percentage of Motorola's handset portfolio
served by the company's Linux MotoMagx
platform: 60
18. Percentage of Linux CPUs running AMD
Athlon: 14.71
19. Percentage of Linux CPUs running
Pentium 4: 12.15
20. Percentage of Linux CPUs running other
Pentiums: 24.97
Sources: 1-3: A0L | 4-8: AdAge
9: Koders.com 110-12: KrugLe.com
13,14: SourceForge.net 115: CNN.com
16,17: AmericasNetwork.com
18-20: Linux Counter (counter.Li.org);
numbers gathered by December 9, 2007
[UPFRONT]
The Linux Muse
Convergent Living
keeps expanding
its portfolio of
Companion-branded
home electronics
controllers, all of
which involve "server¬
less smart appliances
running rock-solid
Linux". All are intended
to work with the company's
own components or with those of
many other manufacturers. At the
time of this writing, Convergent
Living's Integrated Mode Subsystem
Drivers supported the following:
■ 21 scene lighting systems.
■ Ten distributed audio/video multi¬
room preamps (with two "coming").
■ Five media audio streamers.
■ 14 digital media servers.
■ Three l/serial-based components.
■ Four security panels.
■ Seven automation panels.
■ Five I cameras, plus "almost any
streaming MPEG-3 camera".
It also supported a pile of
Ethernet converters; VGA/USB
extenders via CAT5; a serial
router and communications to
thermostats, humidi¬
fiers, shade controls,
weather stations; and
other "environmen¬
tal" electronics by
several manufacturers,
over an array of data
link types.
Its latest controller
is the Companion
Muse, which communi¬
cates to both the Net and
local home electronics over Wi-Fi.
It has a built-in Web browser, plus
the ability to control home systems
either through IP (Internet Protocol)
connections or through "transla¬
tors" that speak through serial,
IR and other interfaces.
The Muse weighs just less
than two pounds and runs on an
800MHz LX-800 Geode processor.
It has an 8.4" TFT Active Matrix
800x600 SVGA LCD touchscreen,
talks 802.1 1 b Wi-Fi and plays
16-bit audio through either a built-in
speaker or a headphone jack. It's
recharged through a desk cradle
or USB passthrough.
Configuring and integrating
widely disparate home electronics
tend to be complex professional
work, so Convergent Living sells its
components through professional
integrators. Meanwhile, as the line
continues to expand, it demon¬
strates the handiness of Linux as a
solid platform for integrating just
about anything.
RESOURCES
■ Convergent Living, Companion:
www.convergentliving.com/index.php?option=content&task=view8{id=15,
www.convergentliving.com/index.php?option=com_content8ftask=view8fid=438cltemid=67
and www.convergentliving.com/index.php?option=content8ctask=view8(id=28
■ "Linux touchpanel automates homes, boardrooms":
www.linuxdevices.com/news/NS8523585083.html
■ "Device Profile: Convergent Muse touchscreen automation controller":
linuxdevices.com/articles/AT6599836729.html
— DOC SEARLS
www.linuxjournal.com march 2008 | 15
[UPFRONT
t '
Distro Share
Distribution
Linux Counter (counter.li.org) has been
keeping track of many things for many
years. One of those things is distro share
percentages. Here is how they stacked
up, as of December 9, 2007. The data
is derived from 147,964 registrations
entered and 151,087 values.
— DOC SEARLS
Distro Share Percentages
Distribution
Count
Percent
CentOS
1,190
0.80%
Debian
28,949
19.56%
Fedora Core
10,451
7.06%
Gentoo
12,642
8.54%
Kubuntu
1,837
1.24%
Mandrake
7,602
5.14%
Mandriva
2,870
1.94%
Red Hat
11,349
7.67%
SUSE
14,757
9.97%
Slackware
13,166
8.90%
Ubuntu
19,490
13.17%
Others
26,783
18.10%
v
Linux as an RTOS
Linux success in the embedded space is well established. In October 2007,
VDC reported that Linux held a 40% share among embedded operating system
choices by system developers. Smaller share slices were held by commercial
OS vendors, in-house, "other" and "no formal OS". In the Linux wedge, free
Linux distributions outpaced paid ones by more than two to one. And, the free
side was trending upward, with free distros outpacing paid ones by more than
four to one among future embedded project deployment plans.
But, that's just one source of stats. More recently. Embedded Market Forecasters
(EMF) came out with a report titled "Embedded Linux Total Cost of Development
Analyzed", which it says is based on interviews with more than 1,300 embedded
developers. In its summary, EMF reported the following:
■ "Embedded Linux has achieved design parity with commercial RTOSes
for most projects."
■ "Embedded Linux design outcomes are consistent with the outcomes of
projects using OSes from commercial RTOS vendors."
■ "Use of a commercial embedded Linux OS is more effective than a
noncommercial 'in-house' Linux development undertaking."
"Embedded Linux can be used in a mission-critical environment that requires
MILS (Multiple Independent Levels of Security) or EAL (Evaluation Assurance
Level) certification or POSIX (Portable Operating System Interface) confor¬
mance, when used in protected memory under a certified RTOS."
Dr Jerry Krasner, President of EMF and author of the report, said, "This
study shows that designing with an embedded Linux OS can be as dependable
as designing with an RTOS."
RESOURCES
■ "Linux to remain a leading embedded OS, says analyst":
www.linuxdevices.com/news/NS2335393489.html
■ Embedded Market Forecasters, "Poor development tool selection costing
embedded developers an average of $553,000 per project":
www.embeddedforecast.com/images/MDD_Release_052107.pdf
— DOC SEARLS
New Features at LinuxJournal.com
If you haven't visited us recently, you
may have missed Linux Journal's Gadget
Guy, Shawn Powers, and his video prod¬
uct reviews. Each week, Shawn has
entertained and informed while giving
viewers a peek at some interesting
Linux-powered gadgets, such as the
popular ASUS Eee PC, the Z2 Zipit
Wireless Messenger and the Neuros
MPEG-4 recorder. Be sure to come back
to see what other cool toys he will get
his hands on.
Also, take a look at the section
aptly named "Live from the Field" to
get some interesting perspectives and
perhaps even a behind-the-scenes look
at Linux Journal from our very own
staff and advisory board. These folks
tend to have some useful information to
share, and you might even get a look
at some of their geek gear. After the
holidays, many of us posted photos
and videos of our geekiest gifts for all to
see. If you haven't seen these, they are
worth checking out and can be found
at www.linuxjournal.com/microblog.
Drop by and write your thoughts in
the comments sections or in the forums.
We'd love to hear from you.
— KATHERINE DRUCKMAN
16 | march 2008 www.linuxjournal.com
[UPFRONT]
What Are They Using?
Each month, we'll be featuring a fun Linux implementation by a notable user.
Launching the series is Wendy Selzer. A founder of Openlaw, its open DVD
forum and the Digital Effects Clearing House, she also was a star attorney
with the Electronic Frontier Foundation, where she led EFF's Digital Television
Liberation Front, fighting restrictive government technology mandates with
open-source software. These days, she lives near Boston, where she serves as
assistant professor at Northeastern University School of Law and fellow with
the Berkman Center for Internet and Society at Harvard Law School.
Here's Wendy:
I'm using MythTV to power my home entertainment system. The combination
digital video recorder, jukebox, streaming audio server and Web browser is
a Debian-based Pentium 4 running MythTV and other free software.
I built this machine when the Broadcast Flag was threatening the continued
availability of open high-definition television tuners, but since public interest
groups (including the American Library Association, Electronic Frontier
Foundation and Public Knowledge) defeated the Broadcast Flag, the hardware
is still available, and Moore's Law makes it cheaper all the time. (Full specs at
wendy.seltzer.org/mythtv; the large-screen TVs pictured aren't mine.)
The DVR picks up over-the-air television in HD and standard def, recording
a mix of programs I've directly selected, TiVo-like "season passes" and
those it gleans from searches or community-generated lists. Whenever a
"best movie of all time" or nature program comes up, I can time-shift it
to fit my schedule. If I'd rather watch the "NewsHour" in half an hour,
I can time-squeeze it to fit. Independent video from YouTube and Miro
round out the mix.
Ripping my CDs to lossless FLAC files gives me a jukebox from which I can
select playlists to listen to on my living-room stereo, stream to the study or
office, or move to a pocket. I can record the Metropolitan Opera's Saturday
matinee broadcasts (streamripper from a crontab) and pull up Wikipedia
pages or libretti alongside.
The system that started as a political statement has become immensely
practical (and fun). The general-purpose computer lets me watch media as
I want to see or hear it. We just have to make sure the media stays unen¬
cumbered and the technologies aren't hampered by ill-designed mandates
from Hollywood.
— DOC SEARLS
They Said It
Data likes to meet, have sex and
make babies, just make sure it
happens in your hotel room.
—Martin Geddes, psd on Twitter,
December 6, 2007
Put it all together, and here's what I
see happening. In the next few quar¬
ters, low-end Linux-based PCs are
going to quickly take over the bottom
rung of computing. Then, as businesses
continue to get comfortable with SaaS
(software as a service) and open-
source software, the price benefits will
start leading them toward switching to
the new Linux/SaaS office model.
You'll see this really kick into gear
once Vista Service Pack 1 appears and
business customers start seriously
looking at what it will cost to migrate
to Vista. That Tiffany-level price tag
will make all but the most Microsoft¬
centric businesses start considering
the Linux/SaaS alternative.
—Steven J. Vaughan-Nichols,
www.desktoplinux.com/news/
NS2414535067.html
Sun will be announcing a multi-year
award program in support of fostering
innovation and advancing open source
within our Open Source communities.
We'll be providing a substantial prize
purse and working with the communi¬
ties involved to develop the approach
that works best.
—Simon Phipps, Sun Microsystems,
blogs.sun.com/webmink/entry/
getting_paid_to_develop
Avoid “Argument list too long” Errors
TECH TIP
The shell has a maximum length for command-line argu¬
ments. If you try to pass more than the maximum, you will
receive an error:
Argument list too long
For example, to find which files contain a particular string,
you normally would do the following:
grep -1 STRING
But, if there are too many files, you may get the "Argument
list too long" error. In that case, you could do:
Is | xargs grep -1 STRING
— ALESSANDRO PAIUSCO
www.linuxjournal.com march 2008 | 17
COLUMNS
AT THE FORGE
OpenSocial and
Google Gadgets
reuven m. lerner Thinking about developing an OpenSocial application? First, you’ll need
to understand Google Gadgets.
The past few months. I've written about the
Facebook API, which allows third-party developers
to integrate their applications into Facebook. A
large number of such applications exist already,
and more are being created and released every day.
However, Facebook isn't the only social-networking
site out there. Indeed, Facebook isn't even the
largest social-networking site—although it is the
fastest-growing and seems to have a great deal
of momentum. This is due in no small part to
developers' ability to create and integrate new
applications into Facebook. And, although most
Facebook applications are (I think) pretty silly,
that hasn't stopped people from trying them and
even using them on a regular basis.
Facebook's offer of a developer API definitely was
a good thing for Facebook users. But, it was bad
news for at least three other groups of people. First,
users of other social-networking systems suddenly
were faced with the prospect of using a less-popular
system. (In the world of social networking, a less-
popular system also is less desirable.) Second, the
people running non-Facebook social-networking
sites, such as Linkedln and MySpace, suddenly were
faced with the prospect of their users leaving for
Facebook. Finally, software developers began to look
at Facebook as the most-desirable platform for which
they should develop, because it had the largest user
base. Even if one or more of the competing sites
were to unveil an API, and even if it were as rich as
the Facebook API, it probably wouldn't reach enough
users to make the doubled effort worthwhile.
So, I was fascinated to learn, via Marc Andreessen's
blog, that a number of social-networking sites
were responding to Facebook in a way that satisfied
all three of these populations. They announced an
API that would allow an application to work across
many different social-networking sites. This API,
known as OpenSocial, can be added to any site
("container") or application. If you write a Facebook
application, it'll work only on Facebook. But, if
you write an OpenSocial application, it'll work
under Ning, MySpace, Orkut and nearly a dozen
other systems.
Of course, OpenSocial isn't exactly the same as the
Facebook API. And, in fact, it has some disadvantages
when compared with the Facebook API. Also, as
I write these words in mid-December 2007,
OpenSocial still is stuck in an early beta release.
However, OpenSocial is interesting from a few
perspectives. First, it's an interesting shot across
Facebook's bow, and one that deserves our atten¬
tion, if only because it demonstrates the lengths to
which companies now will go to attract developers
and users. But, it's also interesting because it's the
first application standard I can think of that is based
on HTTP, JavaScript and HTML. That is, I believe
OpenSocial is the first Web development API that is
completely client-side, rather than server-side. If
nothing else, this shows how important JavaScript
has become to Web developers.
This month, we start looking at OpenSocial
from the perspective of an application developer.
OpenSocial builds on work done at Google; thus,
it's based on several technologies developed at
Google, including Google Gadgets. So, let's begin
our discussion of OpenSocial by looking at Google
Gadgets and how we can create and use them.
Next month, we'll look at how to turn a simple
gadget into a social gadget and connect it with
OpenSocial containers.
Google Gadgets
An OpenSocial application is, at heart, a combina¬
tion of XML and JavaScript, using a special version of
Google Gadgets. The code is written in JavaScript,
and preferences and guidelines for the gadget
are set using XML. The simplest possible gadget,
taken from Google's on-line documentation, is
the following:
18 | march 2008 www.linuxjournal.com
The above gadget, as you can imagine, doesn't
do very much. The first line shows that it's an XML
document and that it's encoded using UTF-8. This
means we can write gadgets in any language we
like, and they should work correctly. The gadget is
then contained inside tags, apparently
because gadgets were called modules when they
were under development. The content of a gadget
sits inside a .
There are three potential sections inside a gadget:
■ ModulePrefs: defines the settings for a particular
gadget.
■ Content: contains the HTML that is displayed for
the user, as well as any JavaScript code with
which the user will interact.
■ UserPrefs: used to store user preferences.
The above test gadget doesn't contain any
UserPrefs, and its Content section contains only
HTML, but it still is valid.
To see this gadget in action, you need to create
an iGoogle page. This requires having a Google
login. (I'm familiar with the privacy concerns that
are increasingly raised about Google. OpenSocial
will not be tied to Google; thus, it doesn't require a
Google login. However, for the time being, it's easi¬
est to create a gadget for an iGoogle page.) Go to
your personal iGoogle page: google.com/ig.
On the right side of the screen is a link called
Add stuff. This is how you add new gadgets to your
personal iGoogle page. By default, it shows the
most popular gadgets, and you're obviously wel¬
come to add as many or as few of these gadgets as
you want. However, if you're going to be develop¬
ing gadgets, add the My Gadgets gadget, which
gives you some additional control and functionality.
Use the search box to find My gadgets, and when
you find it in the search-result listing, click on the
add it now link. You will be brought back to your
iGoogle page, with this new gadget now available.
Publishing Your Gadget
Google has tried to make gadget development as
easy as possible. One way it eases the learning
curve has been through the creation of many on¬
line tools that remove the editing and storage needs
for many developers. Thus, although many Web
developers (like me, and possibly you) are happy to
write programs in Emacs and put them on their
own private Web servers, Google realized that not
everyone has access to (or familiarity with) such
tools. So, Google provides a Web-based editor
(GGE, the Google Gadget Editor), which not only
lets people edit their own gadgets via a Web browser,
but also provides free storage for gadgets.
I'm going to take a more traditional route to
storage in this column, although you're welcome to
ignore my example. I'll be putting my gadgets on
my Web server (atf.lerner.co.il). To incorporate these
gadgets into my iGoogle page, I must go to the My
Gadgets gadget and enter the complete URL of the
gadget. For example, I stored the above "Hello,
world" gadget on my server as rmlgadgetl .xml.
Thus, I entered the following URL into My Gadgets:
http://atf.lerner.co.il/rmlgadget1 .xml.
Sure enough, after a moment of loading, I saw
"Hello, world!" on my iGoogle screen. Each gadget
is displayed inside an iframe, an HTML entity that
allows the developer to create content that's inde¬
pendent of its surroundings. Or, thinking about it in
a different way, the iframes ensure that gadgets
cannot interfere with one another but stay "locked"
inside their frames.
More Interesting Gadgets
It goes without saying that most developers
would not be content to produce "Hello, world"
programs. Rather, we typically want to do something
a bit more substantive.
In order to do that, we need to create a bit
more HTML inside the section. We prob¬
ably should create some JavaScript that manipulates
that HTML as well, given that we have a completely
open canvas.
Note that I'm going to modify the original gad¬
get I created, which I named rmlgadgetl. Google
caches gadgets, which means that once you have
loaded one on to your iGoogle page, modifications
made to the gadget won't show up. This is when
you must fire up your trusty My Gadgets gadget,
and uncheck the cached check box for the gadget
(in my example, rmlgadgetl). Reloading the iGoogle
page will reload the gadget from the Web server,
allowing you to have a more interactive and produc¬
tive development experience.
Here's one update that demonstrates how to use
JavaScript inside the gadget:
Hello, world!
]]>
www.linuxjournal.com march 2008 | 19
COLUMNS
AT THE FORGE
Once again, there's not much content to this
widget. We simply use JavaScript and the DOM to
modify the contents of a div. So, let's make things a
bit more interesting and retrieve the latest headlines
from Linux Journal's RSS feed. Then, we can display
the first few headlines, even making them linkable:
Loading feeds...
]]>
The above gadget code begins with the same sort
of static code as our previous gadget, although I did
change it from saying "Hello, world" to something a
bit more useful ("Loading feeds..."), because this text
will appear while the feeds are loaded.
The JavaScript in this gadget is somewhat
interesting, mostly because it depends on the
_IG_FetchFeedAsJSON function, which Google pro¬
vides to gadget developers. This function takes four
arguments, and the first two are mandatory—the
URL from which to fetch the arguments and the
callback function that should be invoked when the
feed is retrieved. For our example, I'm using the
RSS/Atom feed URL for Linux Journal as provided by
FeedBurner.com. Thus, we will get the list of recent
www.linuxjournal.com headlines, as defined by
the site administrators.
The callback function, which I've named callback
here, is invoked with a single argument, the JSON
(JavaScript Object Notation), representing the feed
that was retrieved from our URL. That JSON con¬
tains an array named Entry, whose elements contain
the feed information. Each element contains Title
and Link properties, which we will use to construct
the output HTML.
When callback is invoked, we first go to
FeedBurner.com and retrieve the five most-recent
headlines:
_IG_FetchFeedAsJSON(url, callback, num_entries, get_summaries);
Then, we iterate over the elements of Entry,
appending them to a variable we've conveniently
named html and putting each Title inside an HTML
link, which opens the target URL in a new tab or
window (thanks to target="_blank M ):
for (var counter = 0; counter < feed.Entry.length;
counter++) {
html += "" + '' + feed.Entry[counter].Title + "" + "\n";
}
Finally, we assign our div (the one that starts by
saying "Loading feeds..."):
_gel('content').innerHTML = html;
Sure enough, our gadget works very nicely, pro¬
viding us with a dynamically updated list of head¬
lines from Linux Journal. What could be better?
One of the most interesting characteristics of
Google Gadgets is the way in which they are com¬
pletely self-contained, insulated from the surround¬
ing page and application. As I mentioned previously,
this is because each gadget sits inside an iframe,
and it undoubtedly was one of the reasons gadgets
were used as the basis for OpenSocial.
However, we already can see how this will lead
to a situation in which the application, rather than
the hosting OpenSocial "container" site, determines
the look and feel. This means if you include six
OpenSocial applications, each one will have its own
look and feel. This is a big difference from Facebook,
in which applications are forced, to a large degree,
to adhere to Facebook's look and feel, creating a
rather pleasant user experience. Time will tell
whether this causes problems or whether developers
and users will reach a happy medium on this issue.
A separate issue is the fact that each gadget
contains only a single page of HTML. Any updates
20 | march 2008 www.linuxjournal.com
that take place within the gadget, as we saw,
happen thanks to JavaScript manipulation of the
DOM. This is not a bad thing, and it is becoming
increasingly common as Ajax becomes more pervasive
among Web developers. However, it may be slightly
foreign for developers who are still using the
one-page-per-click paradigm.
Conclusion
Google Gadgets are small, self-contained mini-pages
written in a combination of XML, HTML and
JavaScript. They may be hosted by Google or on
your own server, and to date, they primarily have
been used for the personalized iGoogle service.
However, Google Gadgets now form the foundation
of OpenSocial, an open application standard used
by social-networking sites other than Facebook.
Next month, we will see how to convert our Google
Gadgets into an OpenSocial application. ■
Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD
candidate in learning sciences at Northwestern University, studying on-line
learning communities. He recently returned (with his wife and three children)
to their home in Modi'in. Israel, after four years in the Chicago area.
Resources
For the latest updates on OpenSocial, consult the Google group for
OpenSocial at groups.google.com/group/opensocial. I particularly sug¬
gest looking at the list of recent activity, which is at groups.google.com/
group/opensocial/web/whats-up-with-opensocial.
Extensive information about Google Gadgets can be found at
code.google.com/apis/gadgets/docs/basic.html, including
many examples. Some of the examples and instructions were slightly
out of date, but with a bit of digging, you should be able to figure
out what is going on.
To understand more about this month's specific example, which involved
retrieving remote content, consult code.google.com/apis/gadgets/
docs/remote-content.html.
Marc Andreessen, who cofounded Netscape and is now running the
Ning site for creating social networks, writes a blog about the software
industry, startups and OpenSocial at blog.pmarca.com.
COLUMNS
COOKING WITH LINUX
MARCEL GAGNE
My Desktop Lies over
the Ocean
Because being there is open to interpretation.
You have been on the phone for an hour,
Frangois, and it is nearly time for our guests to
arrive. Who are you talking to? Your cousin in
Riviere-du-Loup? And, you're helping her with her
Linux system? That is commendable, mon ami, but
we have work to do. Yes, I realize it takes a great
deal of time when you have to ask the other person
to describe what she sees while you try to tell her
what she should do next. It might be easier to
demonstrate. Yes, I know she lives a few hundred
kilometers away. With your Linux system and the
right tools, being there doesn't have to mean hours
and hours of driving. Wrap up your call quickly, and
you'll learn everything you need to know when I
serve up today's menu. Vite! Our guests are arriving
as we speak.
Welcome, everyone, to Chez Marcel. It is a great
pleasure to have you here, where fine Linux and
open-source software meets great wine. Please, sit,
while my faithful waiter takes a short trip to the
wine cellar. Frangois, please bring back the Collavini
2005 Villa Canlungo Pinot Grigio. Quickly, mon ami.
It only makes sense that being there, in person,
to show somebody how to work with his or her
system isn't always convenient. Taking control of an
existing remote desktop session lets you work with
the desktop as though you were there, without
having to walk up a floor or drive several hundred
miles. In that respect, it's not only a time-saver, but
also environmentally-friendly (imagine having to
fly overseas). Another great incentive for remote
control is the office environment. Do you need to
show users how to add an icon to their desktops?
Connect to their desktops and let them watch.
Have you received a call asking for help interpreting
an error message? Connect to the system and ask
the user to re-create the scenario while you watch.
The possibilities are endless. Taking control of a
remote desktop also provides everyone with a
learning experience. For you, the person doing the
teaching, it lets users show exactly how whatever
went wrong, went wrong. For users, it lets them
watch a master at work, so they too can learn the
ways of Linux. This remote control is probably better
referred to as desktop sharing.
Excellent, Frangois has returned with the wine.
Mon ami, after you have taken care of filling our
guests' glasses, please take care of mine as well.
Both of the most popular Linux desktop environ¬
ments—KDE and GNOME—come equipped with
excellent solutions for desktop sharing. With these
tools, users can invite someone either to watch
their desktop session or take control of it. In an
office environment, system administrators also can
set it up so they can take control whenever neces¬
sary. Let's start this tour with the KDE desktop
sharing application.
On my Kubuntu Linux system, remote desktop
sharing is under the Internet menu. The command
Figure 1. Invitations to desktop sharing come in
different flavors.
Figure 2. When you create a personal invitation, it expires
an hour later.
22 | march 2008 www.linuxjournal.com
name is krfb, if you want to start it directly using
your Alt-F2 run dialog. When you do so, a window
labeled Invitation - Krfb appears (Figure 1).
The window offers you three important choices.
You can create either a New Personal Invitation or
Invite via Email. The third button provides a more
complex interface that allows you access to invita¬
tions that already have been created. You can delete
existing invitations or create new personal invitations.
There's also a Configure button at the bottom—a
button that is of particular importance to system
administrators. Let's leave those things for now
and concentrate on creating a personal invitation.
To do that, click the Create Personal Invitation
button, and a window labeled Personal Invitation
- Krfb appears (Figure 2).
For security reasons, the invitation itself lasts
only an hour. If you don't do anything else, Desktop
Sharing automagically comes up with a password and
an expiration time for the session. The host address
necessary for the connection also is displayed.
Overriding either the password or the expiration
time is not allowed. Make sure you pass on the
information as it is shown to the person who will
be connecting. When you have passed on the
information (or written it down), click Close.
The other option is an e-mail invitation,
which is essentially the same thing, except the
Figure 3. Creating a
persistent, uninvited
connection adds
convenience, but
don’t ignore security.
sii-icnn
MECHANICS
visit us at www.siliconmechanics.com
nr rail nc trill froo at 173
Silicon Mechanics and the Silicon Mechanics logo are registered
trademarks of Silicon Mechanics, Inc. AMD, the AMD Arrow logo,
AMD Opteron, and combinations thereof, are trademarks of Advanced
Micro Devices, Inc.
Expert included.
Forrest and the Product Development team never stop thinking about the problems facing today's IT administrators.
Power efficiency, compute density, green computing, reliability, and serviceability are just some of the things he
makes a priority. That's why Forrest is excited about the new Bladeform 8840 Blade for the Bladeform 8100
Series Blade Server Platform. Each Bladeform 8840 Blade supports four Quad-Core AMD Opteron™ 8000
Series processors. With 16 cores per blade and 10 blades per 7U enclosure, you can pack the power of
960 cores in a 42U rack.
At the same time, Forrest is very impressed that the Bladeform 8100 provides 90%+ high-efficiency
redundant power supplies for operating cost reduction and earth-friendly computing.
The Bladeform 8100 with the Bladeform 8840 Blade is a perfect choice for
mission-critical enterprise applications as well as scale-out and
high performance computing environments.
When you partner with Silicon Mechanics, you get more than a high-efficiency
AMD solution—you get an expert like Forrest.
AMD£J
Opteron'
I adeform 8100 Series Blade Server Platforji
visit www.siliconmechanics.com/bladt
COLUMNS
COOKING WITH LINUX
Incidentally, both the KDE
remote client and the
GNOME Terminal Server
Client also let you connect
to an RDP session as well.
connection details are sent via e-mail rather than
read over the phone. The only catch here is that
you are sending the means to access your system
via e-mail during that one-hour period. If you
choose this option, you'll receive a warning
about plain-text e-mail over the Internet and the
wisdom of encrypting said e-mail. Click Continue
to get past the warning, and a KMail message
appears (with instructions on how to connect),
ready for you to click Send. If no one answers
the invitation, it disappears within an hour.
Before we move on, click Close to get past all
those invitations, and we'll have a look at another
means of providing access—uninvited connec¬
tions (that's our mysterious Configure button). If
sending an e-mail invitation presents interesting
security concerns, a wide-open, permanent invi¬
tation should ring additional bells. Nevertheless,
in an office environment, it also may be the sanest
method of giving yourself access. Click the
Configure button to bring up the Configure dialog
from the KDE Control Centre (Figure 3). Yes, that
is correct. This configuration dialog also is available
by running the KDE Control Centre from the K
menu (or by using the kcontrol command name)
and looking under the Internet & Network menu
for Desktop Sharing.
If you check the Allow uninvited connections box,
you still have to assign a password for connecting.
Furthermore, you have the opportunity to "Confirm
uninvited connections before accepting". You also
can decide whether to give those uninvited connec¬
tions the ability to control the desktop. If you don't
check the latter, users can give you control at any
time by selecting the desktop sharing icon that
Note:
The IP address displayed may be an issue if you are trying to connect to
a remote system that is on the other side of a home router or firewall.
In those instances, you may need to set up a port redirect to allow
port 5900 to connect to the PC you need to access. Because the way
to do this varies from ISP to ISP and router manufacturer to router
manufacturer, there isn't a quick way to explain it here. Your router
documentation should cover this.
Figure 4. GNOME’S remote desktop invitation is run by a
command named vino-server. Suddenly, I’m thirsty.
appears in their system tray.
On the GNOME side of things, there's a program
called Remote Desktop Sharing. On a typical
GNOME setup, click System on the top menu bar,
then look under Preferences for Remote Desktop
(if you like, you can run the command directly using
/usr/lib/vino/vino-server). The Remote Desktop
Preferences menu appears as shown in Figure 4.
Needless to say, I love the name.
Some of this is going to look very familiar,
because many of the questions mirror those of
the KDE Control Centre configuration for desktop
sharing. If you simply want to show what your
desktop is doing (and let somebody follow along),
click the Allow other users to view your desktop
check box. If you are looking for help, or you want
to help the person on the other end, make sure
the person sharing checks the Allow box, second
from the top. Users who want to leave a sharing
session open all the time may decide to check the
Ask you for confirmation button, so that a remote
user has to have their permission. Finally, if this is
an unattended connection, you'll surely want to
assign a password to allow this connection to
happen. Although it may not seem apparent
here, you also can generate an e-mail invitation
by clicking the command listed under Users can
view your desktop using this command.
To connect to a remote shared desktop, you can
use any VNC client—the GNOME vino-server pro¬
gram suggests vncviewer as the command to use—
including a Java-enabled browser. The invitation
e-mail tells you how to do this. The slicker, desktop-
oriented way to do this is by using the tools provided
by your desktop environment. The KDE Remote
Desktop Connection program (Krdc) can be started
24 | march 2008 www.linuxjournal.com
Remote Desktop Connection - Krdc
from the Internet K Menu, where you'll see it listed
as Remote Desktop Connection. From the dialog
that pops up, you can enter the host connection
information as shown in Figure 5.
The connection program can be used simply by
entering the sharing host's address and pressing
Connect. Another window appears asking you to
specify the quality of your connection—whether it
be a fast LAN connection, a slow dial-up connection
or something in between. When you do connect,
what happens depends on how the invitation was
created. If the confirm option was set, a warning
message appears on the remote desktop asking for
confirmation. On the client side, you then may be
asked for a password.
On the GNOME side of things, remote con¬
nections are done with the Terminal Server Client
program (Figure 6). You'll find it under Applications
in the Internet menu, but you also can run it
directly with tsclient.
The Terminal Server Client has five tabs, the
most important of which is the General tab.
Enter the remote computer's address (including
k
Remote desktop: |l92.168.22.7:0
n
Browse >>
Enter the address of the computer to connect to, or browse the network
and select one. VNC and RDP compatible servers will be supported.
Examples
kj Help
Preferences
Connect
0 Close
Figure 5. Connecting with the KDE remote connection program—note the :0 at the
end of the address.
the :0 display extension as shown by the desktop
sharing server program), and make sure you
select VNC as the protocol from the drop-down
list. For these remote desktop sessions, you sim¬
ply can click Connect and be done. As with the
KDE client, the remote user may need to confirm
the session (which may require you to enter a
password) and then manually give you control of
the mouse and keyboard. The additional tabs
allow you to define your display size, set color
pgdbg [all] 0;
#1179:
pgdbg [all] 0:
#1180:
pgdbg [all] 0:
#1161:
[0] Breakpoint at 0x619A81. function init_module_wrf_quilt, file module_io_quilt.f, line 1179
IF ( mytask ,EQ. 0 ) THEN
[0] Stopped at 0x619A8B, function init_module_wrf_quilt, file module_io_quilt.f, line 1180
OPEN ( unit=27, file="namelist.input", form="formatted", status="old" )
[0] Stopped at 0x619B5A, function init_module_wrf_quilt, file module_io_quilt.f, line 1181
niojgroups
£tli pplaom
1256 , "frame/module_io_quilt.F: quilt initial
[O^nqaum^:
MPI_C0MM_W0RLD
Comm_size 12
Comm_rank 0
Pending sends: none
Pending recieves: none
Unexpected messages: none
MPI_C0MM_W0RLD_collective
Comm_size 12
Comm_rank 0
Pending sends: none
Pending recieves: none
Unexpected messages: none
MPI_COMM_SELF
Comm_size
Comm rank
Pending sends:
Pending recieves:
Unexpected messages
MPI_COMM_SELF_collective
Comm_size 1
Comm rank 0
Pending sends: none
Pending recieves: none
Unexpected messages: none
www.pgroup.com/cdk
■* PGflBG - The Port [and Group
um\
IE'!*
ftMBI Grid HjuhWtkiry
2] sjjj us] M sj
WfrMH 0
CfitiVQf . ■]v'lrf
IF ( mpi_inited ) THEN
CALL wrf_error_fatal3 ( "module_io_quilt.b" ,
CALL mpi_init ( ierr )
CALL wrf_set_dm_communicator (MPI_C0MM_W0RLD )
CALL wrf_termio_dup
CALL MPI_Comm_rank ( MPI_C0MM_W0RLD, mytask, ierr)
CALL MPI_Comm_Size ( MPI_C0MM_W0RLD, ntasks, ierr
IF ( mytask .EQ. 0 ) THEN
OPEN ( unit=27, file="namelist.input", form="formatted", status=
nio_groups =1
nio_tasks_per_group =0
READ ( 27 , namelist_quilt )
CLOSE ( 27 )
ENDIF
| W lira: L1®0 in Addrnii; {Rt Lyi#*]
HS't H
The Portland Group, Inc. is an STMicroelectronics company. PGI and CDK are trademarks or registered
trademarks of STMicroelectronics. Other brands and names are the property of their respective owners.
PGI CDK
MPI Debugger/MPI Profiler
COLUMNS
COOKING WITH LINUX
Note:
KDE client pro¬
grams can con¬
nect to GNOME
desktops and
vice versa.
Gniiernl
Display
Local Resources
Programs Performance
Logon SeUimjb,
Type the name of line computer or chutist?
' a computer from the drop-down lust.
Computer:
Protocol:
User Name:
Password:
Domain:
Client Hostname:
Protocol Tile:
: i.lUU:U
JH
& Open jf^aueAs
Qi About Conned
Figure 6. The GNOME Terminal Server Client Program
a ft4--.klik F h K-hi.ir irug
M;iri.]L|4' [mat a Maris
Uisable KsmiiCe Control
Figure 8. The KDE desktop sharing system tray icon (top
right next to the clock) lets you manage connections and
desktop control.
€&> il^i djl] u# Wed Dec 12, 9:02 AM ^
I Preferences
I Disconnect all
I -5 Disconnect ::ffff: 192.16S. 1.100 I
I £# Help
I & About
Figure 7. The GNOME Desktop Sharing Tray Icon with Drop-
Down Menu
depth or modify some performance-related
parameters. Incidentally, both the KDE remote
client and the GNOME Terminal Server Client
also let you connect to an RDP session as well.
Once a session is open, a tray icon appears in
your system tray. The GNOME icon looks like a small
terminal screen (Figure 7), and the default KDE tray
icon (Figure 8) looks like a screen with a globe in
front of it. In both cases, you can right-click on the
tray icon where a drop-down or pop-up menu will
show you active connections and give you a means
to terminate them.
Once you have established a connection, the
remote system becomes a window on your current
desktop. You can switch to full-screen mode, or as
is the case with the KDE client, you can drag the
window to any size you desire, then click the Scale
button to resize the remote control session dynami¬
cally (Figure 9).
Despite the many advantages of doing things at
a distance, there is only one way to enjoy a glass of
wine, and that is by being there. Luckily, Frangois,
our most excellent waiter, is not elsewhere, but
right here in this restaurant. As the clock ticks ever
closer to closing time, I'm sure we can convince him
to let us enjoy a little more wine before we head to
our respective homes. If you please, Frangois, make
sure everyone's glass is refilled. Raise your glasses,
mes amis, and let us all drink to one another's
health. A votre sante! Bon appetitim
Marcel Gagne is an award-winning writer living in Waterloo. Ontario. He is the
author of the Moving to Linux series of books from Addison-Wesley. He also makes
regular television appearances as Call for Help’s Linux guy and every month on
radio’s Computer America show. Marcel is also a pilot, a past Top-40 disc jockey,
writes science fiction and fantasy, and folds a mean Origami T-Rex. He can be
reached via e-mail at mggagne@salmar.com. You can discover lots of other things
(including great Wine links) from his Web site atwww.marcelgagne.com.
Resources
Marcel's Web Site: www.marcelgagne.com
The WFTL-LUG, Marcel's Online Linux User Group:
www.marcelgagne.com/wftllugform.html
26 | march 2008 www.linuxjournal.com
Growing a World of
Linux Professionals
LPI-Deutsch
LPI-Bulgaria
LPI-UK
LPI-France
LPI-Spain
LPI-Portugal
LPI-Malta/Cyprus
LPI-North America
LPI-Maghreb
LPI-South Asia
LPI-Latin America
LPI-South Africa
We at the Linux Professional Institute believe the best way
to spread the adoption of Linux and Open Source software
is to grow a world wide supply of talented, qualified and
accredited IT professionals.
We realize the importance of providing a global standard
of measurement. To assist in this effort, we are launching a
Regional Enablement Initiative to ensure we understand,
nurture and support the needs of the enterprise, govern¬
ments, educational institutions and individual contributors
around the globe.
We can only achieve this through a network of local "on the
ground" partner organizations. Partners who know the
sector and understand the needs of the IT work force.
Through this active policy of Regional Enablement we are
seeking local partners and assisting them in their efforts to
promote Linux and Open Source professionalism.
We encourage you to contact our new regional partners
listed above.
Together we are growing a world of Linux Professionals.
Linux
Professional
Institute
Stable. Innovative. Growing
COLUMNS
WORK THE SHELL
Understanding Shell
Script Shorthand
dave taylor Wherein we delve into the mysterious shell script authoring style of
system scripts, deciphering common shorthand notations and explor¬
ing why they are a part of scripting. If you ever dig about in system
scripts, you’ll definitely want to read this column!
Oh happy day! I got an e-mail from a reader with
a shell script question that didn't appear to be
homework from a programming class or anything to
do with hacking passwords. The reader wrote:
I am reading the scripts in the /etc/init.d
directory. I am very new to such scripts and
don't understand how they're written. In
every script, there are statements like:
[ -x /usr/sbin/halt ] || exit 0
What is the meaning of this? Why is ||
used here?
Also, in the "stop" case of the halt daemon
init script, there is this sentence:
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$sname
I don't understand what these do. Can
you explain?
With apologies to my old friend Larry Wall,
this is what I call the "Perl syndrome" (though
if we really want to go back in time, I saw this
same problem with Algol-68 and PL/I, among
If you are missing that
script, you have some serious
problems, but a lot of system
scripts are written this way.
others, and even worse in Ada)—obfuscated
code because of the ability of programmers to
abbreviate their code to make it shorter and,
sometimes, more efficient.
Looking at the filesystem explains one of these
structures. Check this out:
$ Is -1 /bin/[
-r-xr-xr-x 2 root wheel 46704 Sep 23 20:35 /bin/[*
$ Is -1 /bin/test
-r-xr-xr-x 2 root wheel 46704 Sep 23 20:35 /bin/test*
It may seem odd, but there's actually a file in
the /bin directory in Linux that is called [, and
it's synonymous with the test utility. You can
learn about it by typing man test in a terminal
window, but it's actually more complicated than
that, because modern shells (such as Bash) have
test built in to the shell code itself for perfor¬
mance reasons. So, there are actually three different
versions of test.
If you do opt to use the [ version, the program
requires that you have a matching ] for syntactic
cleanliness (e-hygiene?). If you omit it, you'll get
-bash: [: missing ']’ as an error.
So, that first statement, [ -x /usr/sbin/halt ]
| | exit 0, can be unwrapped initially as a test,
and a quick glance at man test reveals that the -x
test is for checking whether the named file exists
and is executable. Basically, this statement ensures
that there's a /usr/sbin/halt script before it executes
it to avoid any errors. This is a portability test. If
you are missing that script, you have some serious
problems, but a lot of system scripts are written
this way.
Now, on to the || notation. Along with its
partner &&, these two notations cause a lot of
confusion for people delving into scripts, so let's
start by reading what the Bash man page says
about them (man bash):
commandl && command2
command2 is executed if, and only if, commandl returns
an exit status of zero.
commandl || command2
28 | march 2008 www.linuxjournal.com
command2 is executed if and only if commandl returns
a non-zero exit status.
The return status of AND and OR lists is the exit
status of the last command executed in the list.
Clear as mud, right? This will become more clear when we
go back to the test man page and find out that "The test utili¬
ty exits with one of the following values: 0 = expression evalu¬
ated to true, 1 = expression evaluated to false or expression
was missing."
So, the logic here is that the [] test is performed to see
whether the script exists and is executable, and if it fails, the
exit 0 is performed. How do you know if it fails? The test
statement would return an exit value of 1.
Now, let's look at the second statement with this in mind.
You asked about this statement:
[ SRETVAL -eq 0 ] && touch /var/lock/subsys/$sname
Again, the [ is a shorthand notation for the test appli¬
cation. RETVAL is a system variable, and the -eq is a
numeric test for equality. In this case, the return value
again determines whether the test is true or false. If it's
true (a zero return value), the touch command is used to
set what's called a semaphore—a lock file to indicate to
other scripts that the $sname subsystem is locked up and
unavailable to modify.
This is actually a pretty sloppy way to set a semaphore
because it's not atomic. There is a distinct likelihood that in
the interim between the first RETVAL test and the touch
command, the script will be swapped out for a few milliseconds
and another script run. This means that two scripts possibly
could both believe they've locked the file—something called
a race condition in computer science theory, and something
that is obviously not a good thing.
Anyway, I'm not supposed to be debugging system
scripts. So, suffice it to say that the purpose of the statement
is to test the return value of a previous command (there's
probably a statement like RETVAL=$? on the previous line, as
$? is shorthand for the return value of the previous shell
command). If the test is true, the temporary file is "touched"
(that is, it's created and given a creation timestamp of the
current date and time).
Later in the script, there is undoubtedly a statement like
rm -f /var/lock/subsys/$sname, and in fact, a cleaner way
to write it would be to trap exit conditions and make sure
that the lock file isn't left around, even if the script errors
out. This is done with the trap shell command. Error condi¬
tion 0 is a standard termination, so one clean way to write
this is as follows:
trap "/bin/rm -f /var/lock/subsys/$sname" 0
This provides a lot of flexibility, because you can capture
any of the dozens of possible signals like SIGINT (interrupt) or
This means that two scripts
possibly could both believe
they’ve locked the file—something
called a race condition in computer
science theory, and something that
is obviously not a good thing.
SIGHUP (hangup).
Anyway, you're not the first to be baffled by system scripts,
but as you can see, a bit of persistence reveals all.H
Dave Taylor is a 26-year veteran of UNIX, creator of The Elm Mail System, and most recently
author of both the best-selling Wicked Cool Shell Scripts and Teach Yourself Unix in 24 Hours,
among his 16 technical books. His main Web site is atwww.intuitive.com, and he also offers up
tech support at AskDaveTaylor.com.
Data Acquisition &
Control Computer
iPac 9302
i SL .fc'
=V - ISP
: jsrJst-
: f ]
■j—
1:
fajr
■ ---— i
, ” i i 1 ir ■
:'t’f ;W_\ .
IjOu h
if-
• Cirrus Logic EP9302 AR
200 Mhz Processor
• Floating Point Math Engine
« 2 USB 2.0 Host Ports
• SD/MMC Flash Disk Slot
• 48 Digital GPIO Lines
• 1 10/100 Base-T Ethernet port
• 5 channels ol 12 bit A/D & 3 PWMs
• 1 RS232 & 1 RS232/422/485 Serial Port
• Battery Backed Real Time clock/calendar
• Eclipse Development Environment
The iPac has enough I/O for demanding applications & with
a size of 3.5” x 3.8” it can fit almost anywhere. Prices start
at $150.00. Please contact us for more information.
2.6 Her pel
Since 1935
lilAC inc.
EQUIPMENT MONITOR AND CONTROL
Phone: (618) 525-4525 * Fax: (618} 457-0110 • V/eb: wwweimacinc.conn
23
VCARS OF
^INGl.F. BOARD|
StiLtmOKS
www.linuxjournal.com march 2008 | 29
COLUMNS
PARANOID PENGUIN
MICK BAUER
Security Features
in Ubuntu
Securing Ubuntu is as straightforward as installing it.
For a couple years, I resisted my friends' attempts
to get me to check out Ubuntu. I thought, "What's
the big deal? It's just another Debian derivative."
But, of course, I was wrong. Ubuntu is remarkably
easy to install and use, and although it is indeed
based on Debian, its emphasis on usability and
simplicity sets it apart.
Furthermore, both the Desktop and Server edi¬
tions of Ubuntu use dual-purpose live CDs that can
be used either to install Ubuntu or run it from CD
without affecting any other operating systems on
your hard disk. This makes it easy to test-drive
Ubuntu before installing it to your hard disk. (The
live CD method of booting Linux has important,
useful security ramifications; however, that will be
the topic of an entire future column.)
So, I have been messing around with Ubuntu
quite a bit lately and thought you might enjoy a
survey of its security capabilities.
First, a quick note about the scope of this
article—I'm sticking to Ubuntu Desktop; space
doesn't permit me to include Ubuntu Server, but I
might cover it in a future column. Suffice it to say
for now that Ubuntu Server is a subset of Ubuntu
Desktop, lacking the X Window System and most
other non-server-related software.
I also do not explicitly cover Kubuntu, which
simply is Ubuntu running the KDE desktop rather
than GNOME; Edubuntu, which emphasizes educa¬
tional applications; or Xubuntu, which is Ubuntu
with the Xfce desktop. Everything I cover in this
article should apply to these Ubuntu variants, but
there may be subtle differences here and there.
Note also that Gobuntu, an experimental
subset of Ubuntu consisting only of completely
free/unencumbered software packages, probably
has considerably fewer security features and
packages than Ubuntu proper.
Ubuntu vs. Debian
Ubuntu security isn't very far removed from Debian
security; underneath the GUI, Ubuntu is very
similar to Debian. In this sense, Ubuntu shares all
of Debian's security potential, and then some. If
a given security tool is available as a deb package
that works correctly in the current version of
Debian, it also can be installed in the current version
of Ubuntu.
So, why dedicate an entire article to Ubuntu
security? Two reasons. First, because it has been
more than a year since my last article on Debian
security. Second, Ubuntu has a few key differences
from standard Debian: its status as a live CD
distribution (which among other things makes it
a good choice for running on untrusted hardware)
and its ease of use, which on the one hand, doesn't
yet much apply to Ubuntu's security features,
but it does make Ubuntu more attractive to non¬
expert users than Debian proper, amplify the
ramifications of Ubuntu security. Ubuntu also
uses AppArmor, a powerful means of restricting
daemon behavior.
Software is the key difference between Debian
and Ubuntu. I've long been of the opinion that
Debian's staggering array of software packages
is also one of its biggest challenges. Figuring
out which of those thousands of packages you
need can be confusing even for expert users.
A key design goal of Ubuntu is, therefore, to
support a smaller, carefully selected subset of
Debian's packages.
Ubuntu, however, doesn't merely rebundle stan¬
dard Debian packages. Ubuntu maintains its own
versions, and according to Wikipedia, in many
cases, Debian and Ubuntu packages aren't even
binary-compatible. (The Ubuntu team has pledged
to keep Ubuntu compatible with Debian by sharing
all changes it makes to Debian packages, but the
Debian team has grumbled about Ubuntu's team
not being prompt enough in doing so.)
The biggest source of confusion I've experienced
with Ubuntu personally is that Ubuntu uses a differ¬
ent package repository schema than Debian, and
Ubuntu's own Web pages aren't terribly clear as to
how it works. But, it's actually straightforward.
The main repository consists of fully supported,
free (unencumbered) packages that are maintained
by the Ubuntu team, the core of which is employ¬
ees of Canonical Ltd. The main repository, therefore,
is the heart of Ubuntu.
The restricted repository consists of nonfree
(copyrighted) packages that are nonetheless
fully supported and maintained, due to their
critical nature. The majority of these packages
are commercial hardware drivers that lack open-
source equivalents.
30 | march 2008 www.linuxjournal.com
The universe repository contains free software
packages that are not considered part of Ubuntu's
core, and therefore, they are not fully supported.
The Ubuntu team takes no responsibility for security
patches for these packages; unlike those in the
main repository, security patches for universe
are issued only when the software's developers
issue them.
The multiverse repository contains commercial or
otherwise IP-encumbered packages that are not part
of Ubuntu's core, and it has the least amount of
support from the Ubuntu team. As with universe,
multiverse security updates are purely opportunistic.
In all four repositories, the vast majority of
Ubuntu packages correspond with Debian pack¬
ages. But, again, because all Ubuntu packages are
maintained separately, don't assume it's safe to
install a package from the universe or multiverse
repositories just because it's fully supported in
Debian. The Ubuntu team is committed to providing
prompt security patches only for the main and
restricted repositories.
In my opinion, this is a perfectly justifiable trade¬
off, just as it is in RHEL and CentOS—the fewer
packages a distribution supports, the greater the
feasibility of supporting them well, and the lesser
the complexity of the distribution. High complexity
and effective security seldom go together. However,
the fact that you can't rely on timely security
updates for universe and multiverse packages also
means that Ubuntu may not be the best choice for
you if you're going to depend heavily on packages
from those repositories.
Ubuntu Installation
Now that I've explained how Ubuntu's repositories
are structured, I can describe how to use them.
Obviously, there's a lot more to system security
than installing or not installing software. But,
software is one of the biggest, if not the biggest,
differentiators between Linux distributions, so it's
a logical place to start.
One interesting thing about the Ubuntu Desktop
installer is that at initial setup/installation, it doesn't
ask you which software packages to install. It
installs a static set of applications, and subsequently
you can only add to or remove from it. Nor does the
Ubuntu Desktop installer configure firewall rules or
allow you to set any other security parameters,
beyond creating the first nonroot user account.
Clearly, this installer emphasizes simplicity and
speed. Luckily, Ubuntu is configured with reasonably
good security by default.
The Rootless Ubuntu Experience
For example, it isn't possible to log in as root. Instead,
you log in using an account with administrative
privileges, such as that initial account the installer
creates for you, then you use the sudo command
to execute individual commands as root. (You
can use the Users and Groups applet in the
System^Administration menu to grant or revoke
administrative privileges to users.)
Using sudo prompts you for your own pass¬
word (the root account on Ubuntu doesn't even
have a password!), and then executes the given
command. Graphical programs in Ubuntu auto¬
matically use sudo and prompt you for your
password as needed.
Using sudo provides granular control over
who can execute what privileged commands.
It also logs all commands it executes. Having
the root account present but essentially disabled
also makes it somewhat more difficult for hostile
code to gain root access. In short, I heartily
approve of this design decision in Ubuntu. For
more information, take a look at the Ubuntu
RootSudo page (see Resources).
Installing Optional Software
Once you've installed Ubuntu, you can install
additional software packages as needed, using
the Install and Remove Applications applet
(Add/Remove... in the Applications menu) or the
Synaptic Package Manager (in the System menu
under Administration). Figure 1 shows the Install
and Remove Applications applet.
This applet is very simple to use, and it comes
preconfigured with a set of Ubuntu repositories on
the Internet. If you want to install packages from
universe or multiverse, you need to enable this
under Preferences. By default, only packages from
main and restricted are shown.
Figure 1. Install and Remove Applications Applet (aka Add/Remove Applications)
www.linuxjournal.com march 2008 | 31
COLUMNS
PARANOID PENGUIN
Figure 2. The
Synaptic Package
Manager
Personally, I prefer the Synaptic Package
Manager (Figure 2). It handles dependencies more
gracefully and offers more options for filtering and
listing packages. It also lists raw packages (all the
individual deb packages that make up an applica¬
tion), whereas the Add/Remove Applications applet
lists packages only by application name (which
isn't as precise). If installing an application involves
four separate component packages plus seven
Table 1. Security-Related Packages Installed by Default
Package Name
Description
apparmor, apparmor-utils
Novell AppArmor, type-enforcement
controls for selected applications.
fping (!)
Flood Ping, for probing ranges of
IP addresses.
gnupg
GNU Privacy Guard, a free
OpenPGP implementation.
libselinuxl, libsepoll
SELinux libraries (require user-space
tools from the universe repository).
libwrapO, tcpd
TCP Wrappers, simple IP filtering
for daemons.
netcat
Netcat, a general-purpose
port-forwarder.
openssh-dient
A free SSH client. Note that
ssh-server isn't installed by default.
tcpdump
Classic protocol analyzer (sniffer).
update-manager
GUI-based tool for automatic notifications
and installing software updates.
wpasupplicant
WPA client for 802.11 wireless networks.
dependencies, I want to know it.
Note that both the Add/Remove Applications
applet and the Synaptic Package Manager use
the Software Source applet to obtain current lists
of available packages. You need to know this,
because by default, neither the universe nor
multiverse repositories are enabled, and the
Software Sources applet is where you enable
them. In the Ubuntu desktop's System menu,
open the Administration submenu to find the
Software Sources applet. If you make changes
in this applet, you'll be prompted to download
fresh package lists before quitting.
Before I discuss actual packages, here's one
more note about obtaining them: besides the
Ubuntu repositories on the Internet, you also can
install packages from the Ubuntu Desktop 7.10
CD. However, beyond the packages installed
automatically, this CD contains only 29 additional
packages from main and three from restricted.
Therefore, in practice, you'll have to download
most of the software you install after the initial
system installation.
Notable Ubuntu Packages
Ubuntu Desktop 7.10 automatically installs with
a number of important security-related software
packages. Table 1 lists some of my favorites.
I've mixed security-auditing tools (fping and
tcpdump) alongside defense tools (gnupg, SELinux
and TCP Wrappers). Obviously, you need to give
some thought as to whether a given system is going
to have an "offensive" role versus a "defensive"
role with respect to security; security scanners can
be dangerous!
The main repository contains a wealth of addi¬
tional security software packages. Table 2 lists more
of my favorites.
But wait, there's more! We've actually scratched
only the surface. The universe and multiverse reposi¬
tories contain many, many more security software
packages. Table 3 lists a very small subset of these.
Remember, the Ubuntu team offers no guarantee of
timely security patches for these packages.
As you can see, Ubuntu Desktop is an extremely
versatile distribution. It contains a wide variety of
security tools, representing many different ways
to secure your system (and the network on which
it resides).
Automatic Updates in Ubuntu Desktop
Once you've installed a bunch of software, keeping
it patched is easy. To configure automatic updates,
run the Software Sources applet, and select the
Updates tab (Figure 3). These settings determine the
behavior of the Update Manager applet.
The Update Manager applet runs automatically
32 | march 2008 www.linuxjournal.com
i in—nnni
|Qq™|
Figure 3. Setting Up Automatic Updates in Ubuntu Desktop
in the background, but you also can start it manually
from the System menu in the Administration section.
You can configure it (from Software Sources) to do
any of the following: 1) notify you of updates, 2)
download patches automatically and notify you
when they're ready for installation, or 3) download
and install patches automatically.
Novell AppArmor in Ubuntu
Remember back in my August 2006 article "An
Introduction to Novell AppArmor", when I com¬
mented that despite its SUSE roots, AppArmor
probably would be ported to other distributions
soon? (No? Well, I did say that—you can look it
up!) Sure enough, not only does Ubuntu have a
port of AppArmor, but it's also installed and
enabled by default.
If you're unfamiliar with it, AppArmor is an
Table 2. More Security Packages in the Ubuntu Main Repository
Package Name
Description 1
aide
Integrity checker similar to Tripwire.
auth-config-dient
PAM (Pluggable Authentication Module)
configurator.
checksecurity
cron jobs for security checking.
chkrootkit
Rootkit detection toolkit (though this is best
run from read-only media).
cryptsetup
Tool for creating encrypted filesystems.
dovecot-imapd,
dovecot-pop3d
Secure IMAP and POP3 daemons.
exim4-daemon-heavy
SMTP daemon with extended features.
gpgsm
GnuPG for S/MIME.
ipsec-tools
User-space tools for configuring IPsec tunnels.
kwalletmanager
Password vault for KDE.
Iibkrb53, krb5-doc
Kerberos runtime libraries.
logcheck
Scans log files for anomalies and sends
admin e-mail notifications.
nessus, nessusd
Nessus security scanner.
opie-dient, opie-server,
libpam-opie
OPIE one-time password system
(based on S/KEY).
shorewall
System for generating iptables firewall rules.
slapd
OpenLDAP server daemon.
squid, squid-common
Web proxy with caching and security features.
vsftpd
The Very Secure FTP Daemon.
Table 3. Security Software in the Universe and Multiverse Repositories
Package Name
Repository
Description I
aircrack-ng
universe
WEP/WPA wireless network
shared-secret auditor.
amavisd-new
universe
Antivirus/spam-filter
helper daemon.
avscan
universe
GUI for ClamAV antivirus system.
bastille
universe
Comprehensive system-hardening
scripts.
chntpw
multiverse
Changes passwords on Windows
NT/2K/XP systems.
damav
universe
ClamAV, a free virus scanner.
djbdns-installer
multiverse
Secure domain name service daemon.
fi restarter
universe
An iptables GUI (GNOME).
flawfinder
universe
Source code security analyzer.
freeradius
universe
RADIUS server for remote access
and WLAN/WPA authentication.
perdition
universe
An IMAP4/POP3 proxy.
spikeproxy
universe
Web client proxy for Web site
probing/analysis.
tiger
universe
Security audit scripts.
tripwire
universe
The classic file/directory
integrity checker.
uml-utilities
universe
User Mode Linux virtualization engine tools.
wireshark
universe
Graphical network packet sniffer/analyzer.
zorp
universe
Application-layer proxy firewall.
www.linuxjournal.com march 2008 | 33
COLUMNS
PARANOID PENGUIN
What this means in English is that AppArmor
lets you restrict the activities of system
daemons—what files they can read, which
directories they can access, which devices
they can write to or read from and so on.
implementation of Type Enforcement, a type of
Mandatory Access Control. What this means in
English is that AppArmor lets you restrict the activi¬
ties of system daemons—what files they can read,
which directories they can access, which devices
they can write to or read from and so on. It is a
powerful means of containing the effects if a pro¬
tected daemon is compromised—even if attackers
succeed in hijacking a given process, they can't use
it to execute arbitrary commands, read arbitrary files
and so forth.
Perhaps surprisingly, given Ubuntu's very slick look
and feel, AppArmor is configurable in Ubuntu only
via the command line, using the aa tools (aa-status,
aa-genprof and so on) in the apparmor-utils package.
Visit the Ubuntu AppArmor page for more informa¬
tion (see Resources).
Managing Users and Groups
In the root/sudo discussion above, I mentioned the
Users and Groups applet. This applet is deceptively
simple to use. It's actually one of the more sophisti¬
cated front ends to adduser, addgroup and so on
Figure 4. Setting User Privileges in Ubuntu
that I've seen. If you select a user, click Properties,
and click the User Privileges tab, you can not only
grant that user the right to "Administer the system"
(that is, to execute commands as root using sudo),
you also can select from a long list of other system
privileges (Figure 4).
If you're an old-school sysadmin like me, you
know that none of these privileges are handled
directly by tools like adduser; the settings in this
part of the applet simply determine to which groups
the user belongs—groups that the Ubuntu team
carefully has configured to correspond with real-
world system administration-related commands and
objects. This is a clever and simple way to manage
administrative functions, especially in combination
with sudo.
Conclusion
As you can see, Ubuntu's ease of use doesn't come
at the cost of security—it has Debian's abundance
of security-related software packages combined
with straightforward but effective security design
decisions, such as disabled root and AppArmor, and
easy update management. ■
Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for
one of the US’s largest banks. He is the author of the O’Reilly book Linux Server
Security, 2nd edition (formerly called Building Secure Servers With Linu x), an
occasional presenter at information security conferences and composer of the
“Network Engineering Polka”.
Resources
Official Ubuntu Home Page: www.ubuntu.com
Ubuntu RootSudo Page, describing Ubuntu's
sudo implementation in detail:
https://help.ubuntu.com/community/RootSudo
"Keeping Your Computer Safe"—simple security
tips from Ubuntu 7.10's official documentation:
https://help.ubuntu.eom/7.10/keeping-safe/
C/index.html
Security Pages in the Ubuntu User Community's
Wiki: https://help.ubuntu.com/community/
Security
AppArmor Page in the Ubuntu User Community's
Wiki: https://help.ubuntu.com/community/
AppArmor
The "Securing Debian Manual", indirectly applica¬
ble to Ubuntu: www.debian.org/doc/manuals/
securing-debian-howto/index.en.html
34 | march 2008 www.linuxjournal.com
Continuous Data Protection
The Future of Data Centers
Can your backup
software do this?
RISoft
CDP Server
Acronis®
True Image
EMC
Retrospect ®
Daily Backups
1/
Hourly Backups
Not Supported
Not Supported
Open File Backups
Not Supported
Bare-Metal Restore
Not Supported
Continuous Data Protection
Not Supported
Not Supported
Restore Linux LVM
Not Supported
Not Supported
Restore Linux Software RAID
Not Supported
Not Supported
Easy To Use Web Interface
Not Supported
Not Supported
Manage Thousands of Servers
Not Supported
Not Supported
Control Panel Integration
Not Supported
Not Supported
$80-$100/server
$699 /server
You Can't Afford It
Data Centers serious a bout uptime and performance use RISoft.
For more information visi
: www.r1soft.com or call us at 800-956-6198
Copyright 2007 Righteous Software Inc All Rights Reserved.
R1 Soft is a trademark of Righteous Software Inc. Other names may be trademarks of their respective owners.
COLUMNS
HACK AND /
Automate your
Desktop with wmctrl
kyle rankin Why move, resize and shade windows by hand when a program can
do it for you?
Okay, I'll admit it; I'm addicted to automation. A
Roomba vacuums for me, my main router checks its
DSL connection and automatically resets my DSL
modem if it's down, my porch light is motion-
sensitive, and my bin directories are full of
homegrown scripts I use to automate mundane
computer tasks. There is something so satisfying
when you can reduce a long series of steps
down to a single script and just run that script.
When most people think of automation with
scripts, they think about the command line. After
all, most scripts are concerned with standard
command-line fare, such as pipes, simple logic,
redirection and parsing text output. These days,
much of the work on the desktop is done with¬
out a terminal, so it would be nice if you could
automate some of those more mundane graphi¬
cal tasks too. A tool called wmctrl can do exactly
that, wmctrl provides a command-line interface
to standard window management tasks, so you
These days, much of the work
on the desktop is done without a
terminal, so it would be nice if you
could automate some of those more
mundane graphical tasks too.
can resize and move windows, change desktops,
toggle sticky and rolled-up statuses on a window
and much more, all from a shell script.
wmctrl is a common package in most modern
distributions, so you should be able to install it
with your distribution's package manager. Otherwise,
you can obtain the source from wmctrl's main
Web site (www.sweb.cz/tripie/utils/wmctrl)
and build it. One of the great things about
wmctrl is that it isn't window-manager-specific.
It changes your windows via Extended Window
Manager Hints (EWMH), and because most the
popular window managers these days (such as
GNOME'S Metacity, KDE's KWin, Compiz Fusion
and Fluxbox) support EWMH, not only will wmctrl
likely work with your window manager, but also
if you decide to change to a different window
manager, your wmctrl scripts probably will work
just the same.
Quake Terminal
One of the best ways to illustrate the power of
wmctrl is to create a script that turns a regular ter¬
minal into a Quake terminal. For those of you who
haven't played any games from the Quake series,
when you press the ' key in Quake, a terminal pops
down from the top of the screen so you can type
commands. This type of terminal is very handy on a
cluttered desktop, but you even could use this to
create a type of "boss button" to make a window
disappear quickly.
In this example, I create a terminal that I've
titled "Quake Term", but you can change this
script to work with the title of any window on
your desktop. If you are unsure how wmctrl will
view your window's title, run wmctrl with the -I
option to show information about all the win¬
dows on your desktop:
greenfly@minimus:~$ wmctrl -1
0x020000ba
0x00e00031
0x01200003
0x00800029
0x00800003
0 minimus Quake Term
-1 minimus Desktop
-1 minimus gkrellm
-1 minimus Top Expanded Edge Panel
-1 minimus Bottom Expanded Edge Panel
0x01000172 0 minimus greenfly.org - Mozilla Firefox
The very last field in this output is the title of a
particular window, and this is the information wmctrl
can use to identify windows for which you want to
script actions. To create a basic Quake Term, you
just need a single wmctrl command:
#! / b i n / s h
wmctrl -r 'Quake Term' -b toggle,shaded
The -r option tells wmctrl the window title on
which to act, and the -b option tells wmctrl either
to add, remove or toggle up to two different
window properties (in this case, the shaded state
of my window). The wmctrl man page lists all
36 | march 2008 www.linuxjournal.com
the available properties you can tweak with this and any
other options.
Note that wmctrl scripts work best if windows have
unique titles. If you have multiple windows open with the
same title, you might not shade the right one. Each terminal
sets its title differently, but for instance, on a GNOME terminal,
you can change the title within your profile settings (right-click
on the terminal and select Edit Current Profile).
I use a modified version of the above command that not
only shades the window, but also moves it to the back below
any other windows. The script also keeps track of the toggled
state with a temporary file so that I can be sure the shaded
and stacked states stay in sync:
#!/bin/sh
# Unshade and bring to front
if [ -f /tmp/.quake.shaded ]; then
wmctrl -r 'Quake Term' -b remove,below
wmctrl -r 'Quake Term' -b remove,shaded
rm /tmp/.quake.shaded
# Shade and send to back
else
One of the great things
about wmctrl is that it isn’t
window-manager-specific.
wmctrl -r 'Quake Term' -b add,shaded
wmctrl -r 'Quake Term' -b add,below
touch /tmp/.quake.shaded
fi
I simply bind Super-' to run the above script, and then I can
toggle my terminal up and down with a quick key sequence.
Quake terminals are handy, but you can do much more
powerful things with wmctrl. One of the most handy scripts
I've created with wmctrl solves a problem I've had when I
chat in IRC and browse the Web at the same time—it's a
pain to resize both windows so you can see both, just to
resize them back when you are done chatting or browsing,
wmctrl lets you resize and move windows, provided you
know how to describe the new window location and geom¬
etry. With this in mind, I've created a script that toggles
between two states: normal mode and chat mode. In chat
Expert included.
Travis takes the concerns of his customers very seriously. He knows that IT administrators are concerned about more than
just prices. Compute density, reliability, and high efficiency are all part of the equation when evaluating whether a server is
truly cost effective. That's why Travis is confident when he takes orders for the Silicon Mechanics Rackform iServ R254.
The R254 features two Quad-Core or Dual-Core Intel® Xeon® 5000 Sequence processors with 45nm Hi-k silicon
technology, a 1333-MHz System Bus, and Intel® Virtualization Technology. It supports 6 DDR2 DIMMs,
2 integrated Gigabit Ethernet adapters, and 2 hot-swap SATA drives.
Travis knows that his customers can evaluate the R254's energy efficiency in various configurations using the
Silicon Mechanics web-based power calculator, and that they can count on Intel's record of reliability. He is
confident that they are getting truly cost-effective compute power for high-performance deployments.
When you partner with Silicon Mechanics, you get more than
Intel solution — you get an expert like Travis.
a powerful and energy-efficient
Xeon
inside™
Powerful.
Efficient.
MECHANICS
visit us at www.siliconmechanics.com
or call us toll free at 866-352-1173
Try out the Silicon Mechanics Power Calculator,
under "Configured Power" at
www.siliconmechanics.com/power
Silicon Mechanics and the Silicon Mechanics logo are registered trademarks of Silicon Mechanics, Inc.
Intel, the Intel logo, Xeon, and Xeon Inside, are trademarks or registered trademarks of Intel Corporation
in the US and other countries.
COLUMNS
HACK AND /
In chat mode, my IRC window shrinks
and moves so that it sits in a narrow
strip at the top of the screen, and my
Web browser resizes to be shorter so I
can see both windows at the same time.
the y coordinate to 0 instead of 96. I've found
that in some window managers, the geometry
the window manager reports to wmctrl is different
from reality. Basically, you need to do a little trial
and error and tweak the coordinates so that every¬
thing lines up just right. Once you are satisfied with
your respective wmctrl commands, you can throw
them in a script very similar to the one I used above
for the Quake terminal:
mode, my IRC window shrinks and moves so that
it sits in a narrow strip at the top of the screen,
and my Web browser resizes to be shorter so I
can see both windows at the same time. Then, I
can run the script again, and the windows move
back to their normal locations.
To create the script, first arrange your two
windows (in my example, one with "Irssi Term"
in the title and one with "Firefox" in the title)
how you normally want them, and then run a
special wmctrl command to list all the windows
on your desktop along with their geometry and
size information:
greenfly@minimus:~$ wmctrl -1G
0x00e00031
-1
0
48
1280
768
minimus Desktop
0x01200003
-1
-130
100
62
367
minimus gkrellm
0x00800029
-1
0
0
1280
24
minimus Top Expanded Edge Panel
0x00800003
-1
0
1524
1280
25
minimus Bottom Expanded Edge Panel
0x01000172
0
6
96
1040
708
minimus greenfly.org - Mozilla Firefox
0x0201c24f
0
-2552
96
642
410
minimus Eterm Main 1
0x02000021
0
-2552
96
642
410
minimus Eterm Main 1
0x020000ba
0
938
96
810
500
minimus Irssi Term
In this output, the -G option adds four extra
columns in the middle. These columns represent the
x-offset, y-offset, width and height, respectively. So,
in the case of Firefox, the x-offset is 6, the y-offset
is 96, the width is 1040, and the height is 708. Jot
down these values for the two windows you want
to script, and then resize and move them to reflect
your "chat mode". Next, run the command again
and jot down the new values.
wmctrl provides the -e argument that allows
you to modify the position and size of a window.
The argument actually takes five integer values in
a row—g,x,y,w,h—where g is the gravity of the
window (usually put 0 here), x and y are the x
and y coordinates for the top-left corner of the
window, and w and h are the width and height,
respectively. So, if I had moved my Firefox terminal
and wanted to move it back to the above coordinates,
I would run the following:
wmctrl -r Firefox -e '0,6,0,1040,708'
If you look carefully, you might notice I changed
#!/bin/sh
# Change to normal mode
if [ -f /tmp/.irssi.halfshaded ]; then
wmctrl -r 'Irssi Term' -e '0,469,0,810,500'
wmctrl -r Firefox -e '0,3,0,1040,708'
rm /tmp/.irssi.half shaded
# Change to chat mode
else
wmctrl -r Firefox -e '0,3,223,1210,535'
wmctrl -r 'Irssi Term' -e '0,0,0,1214,160'
touch /tmp/.irssi.halfshaded
fi
I noticed that with the current window manager
(Compiz), when I ran this command, some bug—
either in wmctrl or, more likely, in the window man¬
ager—caused Firefox to move from my second
desktop to my current desktop. If this happens to
you, there's a simple fix. Simply add the following
line above the if statement in the script:
wmctrl -o 1281,0
wmctrl has commands both for shifting to
different desktops and also to different viewports.
Because Compiz often uses multiple viewports
instead of desktops, the above command moves me
to the second viewport (my desktops are 1280x768,
so 1281,0 corresponds to the top corner of my
second viewport).
wmctrl has a lot of power. I recommend looking
at its man page and reading about the large num¬
ber of available options. The real power in wmctrl,
however, lies in your ability to imagine new and
interesting ways to script window manager actions.
My next project is to create a "reset" script that
moves all the windows on all my desktops to
precise locations and sizes, in case they all are
moved around and resized. Sure, I could do all
that by hand, but then I'd miss this great oppor¬
tunity for automation. ■
Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and
the author of a number of books, including Knoppix Hacks and Ubuntu Hacks for
O’Reilly Media. He is currently the president of the North Bay Linux Users’ Group.
38 | march 2008 www.linuxjournal.com
SAVE $200
OFF CURRENT PRICING
WHEN YOU REGISTER BY
JANUARY 28,2008
AND USE PRIORITY CODE:
PA570SBC
Putting Open Source to Work
FEATURED SPEAKERS
MARCH 25-26, 2008 » PALACE HOTEL » SAN FRANCISCO, CA » OSBC.COM
InfoWorld’s Open Source Business Conference (OSBC) is the industry’s
forum for senior business leaders, C-level technical strategists, lawyers and
venture capitalists to collaborate on emerging business models, strategies
and profitability through open source. Over the course of two days, the
agenda will deliver content-rich sessions from well-known thought leaders
on how open source technology is being used today.
Dan Agronow
CTO, The Weather Channel
Interactive
Peter Fenton
Managing Director,
Benchmark Capital
Jacob Harris
Senior Software Engineer,
The New York Times
InfoWorld
OSBC
SAN FRANCISCO
THIS YEAR’S FEATURED TRACKS AND TOPICS INCLUDE:
Putting Open Source to Work for the CIO/CTO
Learn how to get quality support for open source projects,
Matthew Mengerink
VP, Core Technologies,
PayPal
Marten Mickos
CEO, MySQL
as well as strategies for implementation and cost savings.
Putting Open Source to Work for the CEO/CMO
Get up to speed on business models, effective download
conversion strategies, and more.
Putting Open Source to Work for the General Counsel
Tackle the legal and business opportunities and risks of open
source software.
Steve Pearson
VP, Advanced Technology,
CBS Interactive
Brad Smith
SVP, General Counsel &
Corporate Secretary,
Microsoft Corporation
Jon Williams
CTO, Kaplan Test Prep &
Admissions
Putting Open Source to Work: Highlighted Products
and Services
See first-hand the latest open source product features
and capabilities.
( \
REVIEW THE COMPLETE
PROGRAM AGENDA
AND SPEAKER LIST AT
OSBC.com
v J
View Complete Program Details and Register Today at www.OSBC.com
PLATINUM SPONSOR:
GOLD SPONSORS:
LEGAL TRACK SPONSORS:
Microsoft
Jefferies O NoR ™
NOVell ORACLE'
Baker & MPKen
Cooley
GDDWARD KRONISH/lp
Holme Roberts & Owen llp
PRODUCED BY:
InfoWorld
Complete list of sponsors is available at www.OSBC.com
NEW PRODUCTS
r
Computer Professionals'
Union Karapatan-Monitor
Here's some irony for you. On one hand, Google stifles human rights by censoring Google China for the
authoritarian Chinese regime. At the same time, Google Code hosts an antidote, a new human-rights moni¬
toring program, called Karapatan-Monitor. Created and maintained by the Computer Professionals' Union in
the Philippines, the open-source Karapatan-Monitor records incidents of human-rights violations and allows
for classification of violations, perpetrators and victim status. Specific victim updates (for example, court cases
and file attachments) also can be recorded. Now, the question remains, "Dear Google, can those who need Karapatan-Monitor
most, such as our Chinese brothers and sisters, even access it?"
www.cp-union.org
Avinti's NEWT Free Malware Security Service
The battle of good vs. evil continues, with the good guys adding a sharp new arrow to
the quiver: Avinti's NEWT Free Malware Security Service. Fresh out of beta, NEWT
(Neutralize E-mail and Web Threats) is a freeware plugin filter for Sendmail, Postfix and
(soon) Exim that addresses blended threat attacks. Avinti reported an average of 750
new threat e-mail messages per day in late 2007. The company emphasizes that
"blended threats are an increasingly popular way for hackers to bypass traditional e-mail
security" by sending URLs hosted on botnet-infected computers. In addition, "some of the malware also is on legitimate sites that
have been injected with a cross-site scripting hack, making detection and blocking by Web filters difficult." NEWT can block, tag
or quarantine e-mail messages containing such threats. NEWT is available for free download from Avinti's Web site.
www.avinti.com/newt
WaveMaker's Visual Assembly Studio
& Rapid Deployment Framework
WaveMaker has declared Visual Assembly Studio & Rapid Deployment Framework,
a new team of products for developing Web applications, as "Web Fast and CIO
Safe". (Do you breathe fire, as well, dear CIO?) Visual Assembly Studio provides
departmental developers with a visual environment to create scalable, data-driven
Web applications without complex code or portal frameworks. Meanwhile, Visual
Assembly Studio enables the drag-and-drop assembly of Web applications using
Ajax widgets, Web services and databases. WaveMaker claims a 67% decrease in
development time and a 98% reduction in lines of code written vis-a-vis .NET. Both
products are built on open source and open standards. Visual Assembly Studio is
free, and the Rapid Deployment Framework is available under commercial license.
www.wavemaker.com
VMware's ESX Server in SAP Production Environments
VMware, Inc., and SAP AG recently announced a partnership whereby
SAP's 64-bit enterprise applications and business solutions (such as ERP, Bl,
CRM, SCM and so on) for Linux and Windows will run on VMware's ESX
Server. Already-certified hardware includes servers from Dell, Fujitsu-
Siemens, HP, IBM and Sun. Both firms will collaborate on support services
and problem resolution arising from the partnership. The companies state
that the partnership will "combine the powerful process management
capabilities of SAP solutions with the robust data-center management and
cost-saving features of VMware infrastructure." The results are projected
to provide improved management of IT resources, reduced downtime,
reduced server sprawl and quick-and-easy server provisioning.
www.vmware.com/SAP
40 | march 2008 www.linuxjournal.com
1
NEW PRODUCTS
Edward L. Haletky's VMware ESX Server
in the Enterprise: Planning and Securing
Virtualization Servers (Prentice-Hall)
If you take advantage of the SAP-VMware deal (see page 40), here's a strategically placed
impulse buy: Edward L. Haletky's VMware ESX Server in the Enterprise: Planning and Securing
Virtualization Servers, published by Prentice-Hall. Author Haletky, an expert in large-scale ESX Server
implementations, has gathered a practical, solutions-focused collection of information on the applica¬
tion—tips, best practices, field-tested solutions, issues, trade-offs and pitfalls. He also covers the entire
life cycle, including planning, installation, system monitoring, tuning, clustering, security, disaster
recovery and so on. Focusing on ESX v3.x, the book also illustrates differences with ESX v2.5.
www.informit.com
Vadym Gurevych's osCommerce Webmaster's
Guide to Selling Online (Packt)
Nowadays, finding a professionally produced guide to an open-source application is a snap, thanks in part
to nimble book publishers like Packt Publishing. Packt just released Vadym Gurevych's osCommerce
Webmaster's Guide to Selling Online, a guide to creating a successful osCommerce-based on-line busi¬
ness. osCommerce is an open-source e-commerce solution using PHP and MySQL that runs on a variety
of platforms. This book focuses on fine-tuning an osCommerce-based site to maximize its effectiveness,
such as increasing Google juice and improving shopping-cart design. Meanwhile, Packt offers a different
book, Deep Inside osCommerce: The Cookbook, for the development side of the application.
www.packtpub.com
Sander van Vugt's Beginning Ubuntu Server
Administration: From Novice to Professional
(Apress)
Do you think that Ubuntu Server will take over the Linux server space as it has the desktop?
Apress has a new means for you to decide for yourself in Sander van Vugt's Beginning Ubuntu
Server Administration: From Novice to Professional. Intended for system administrators who need
to "land that crucial entry-level job", Beginning Ubuntu will help you securely install, update and
deploy an Ubuntu server, focusing on practical information rather than theory. The book covers
standard servers, the command line and remote management.
www.apress.com
OpenPeak's OpenFrame Devices
In-home device convergence has long been the Holy Grail for many a company. Remember
WebTV? (Stop giggling, please, we must proceed!) A new and compelling Grail-seeker is
OpenPeak with its forthcoming OpenFrame line of devices. Although details remain sketchy
pre-Consumer Electronics Show, we do know that the goal is to create a line of Linux-based
devices that "revolutionize the home phone into a 'third screen', complementing the home's
PC, TVs and mobile phones." These devices will utilize telephony, VoIP and Internet, thus i
allowing users to access e-mail, voice mail, personal calendars and information, as well as “
leave memos for family members and make phone calls—all from one device. The good news
for us is that OpenPeak is seeking outside developers to create applications for its software
platform. All products will be available through OEM partners, the first of which is Verizon.
www.openpeak.com
Ubuntu Server
Administration
Tram Name to ftde&iHial
AjMIrtfc
Please send information about releases of Linux-related products to James Gray at newproducts@linuxjournal.com or New Products
c/o Linux Journal, 1752 NW Market Street, #200, Seattle, WA 98107. Submissions are edited for length and content.
www.linuxjournal.com march 2008 | 41
REVIEWS
HARDWARE
ASUS Eee PC
An easy-to-love, ultraportable PC. jeshall
The ASUS Eee PC is an extremely
small, ultraportable notebook at the
cheapest end of the market. At $399
US, it's supremely affordable. The entire
industry has been buzzing around it,
with Asus claiming that it was America's
most popular Christmas gift.
When we arrived at the store to pick
up our Eee to review, all the salespeople
were busy. We looked near the lap¬
tops for it and couldn't see it—
had the shipment been delayed?
We finally snared a sales¬
person to ask about the Eee
and were led to the small
electronics cabinet. There, nes¬
tled among the compact cameras
and iPods, was one of the smallest laptops
we'd ever seen. Its box was also
diminutive. Inside the box is the Eee,
manuals, CD, charger, neoprene sleeve
and the Eee's battery. We appreciated
the inclusion of the sleeve—most
notebook bag and case makers have
nothing for a machine this small.
First Impressions
Asthetically, the Eee looks like exactly
what it is—a miniature laptop. Ours
came in pearl white. It drew comments
and
admiring
glances everywhere
we took it—for both its
extremely small size and smooth
styling. The only aspect that mars its
appearance is a large screen bezel. We
feel the Eee would be vastly improved
cosmetically if the screen filled even half
that bezel. But, that's a minor issue in
an otherwise very attractive notebook.
The Eee has a nice touchpad,
/
|ji In This Issue | Linux Journal - Mozilla Firefox
“Q
Fite Edit View History de|jC*e.ti5 Bookmarks. Tods Help
Jf» • canllaitti -
^ ww Juiuxjour iuI, tuif^rruy*]^ii in
MH IjgH k]
Current issue: January 2008
Thir 1 j.inLinjy l r . r .ikn of limix 1 l OriJ ! :o': an Tbr 1
uvyr-ImjJurt-dnL lupk uf b-umrity. 0uL. be f un? beltiny
fortJh to lOrtiry your systems, wet your whistle wltn
npuvpn Ipinpr's primer on me new Farptmnk API
dnd Elk 5, nayiTiund'^ mutiny ^ oil thu lilitoiy mid
future oT open source. Once satiated, qet your
rrH-ommcmriprl flaw nf *ir€ urlty proroln wlTh nrrlrlf™;
from Jerdrnldh Buivllny tm simple iesvurib. fin Linux
security, Ron AtEcMson on clandestine secrets cl
rhp fiNfi hierarchy, Rpqis rtai^ard a,nrt nominit c.phi
on PactaetFence and Kyle Rankin on forensics with
Autopsy and t*leutnv.it
FREE An
with your new subset! j
J
l IU!_ XL I EL 2 4 £!iiLLIJII Uvi Xi J I IZU.1, Tj’I 1 fl/l!*:. JtUU.U IJ.UJL. _ LL
4 ______111_ w ZT*r
FSead imq.ydui.ube com
Q] Open Notebook
■j In Tills Issue | L
ftviB 15:40 QOO ►
Figure 1. Web browsing shows how cramped the Eee screen is.
although a
little small.
There is a single¬
width button that
will execute a right-click
if you press down on the
right-hand side. We found this a little
difficult to get used to, as it was hard to
tell without looking exactly where you
were about to click. The touchpad will
scroll if one traces a finger down the far
right—an extremely small target we
found difficult to hit reliably. We've read
a lot of reviews that seem displeased
with the keyboard, and frankly, we just
can't see why. The keyboard has an
excellent feel to it, although again, it is
extremely small. It took less than an
hour to get used to touch-typing on it
at quite a reasonable speed.
The screen is LED-backlit, making it
extremely bright. Unfortunately, that's the
only kind thing we can say about it. The
contrast and colour is dreadful, and
although the screen is a reasonable DPI,
the resolution is just not high enough for
Web browsing. Most sites these days are
optimised for at least a 1024x768 resolu¬
tion, and having a screen only 800 pixels
wide made us scroll sideways fairly often
to see whole pages.
The speakers are surprisingly good.
Sure, the sound isn't studio-quality, but
the volume can be maxed out without
42 | march 2008 www.linuxjournal.com
\
REVIEWS
distortion, and the clarity is acceptable.
With good headphones, sound is even
better, although it did have a slightly
muddy quality. The headphone socket
is extremely clean with no discernible
hiss even at high volumes. The internal
microphone is adequate for voice chat,
and plugging in a headset with an
external microphone works exactly as
you'd expect.
Connectivity is excellent with 10/100
Ethernet, 802.11 b/g wireless and three
USB ports. There's also an SD card slot
on the left-hand side, and the card sits
flush with the side of the laptop. It sup¬
ports SDHC cards, which is a very viable
option for expanding the onboard storage.
There's also a VGA-out port that displays
up to 1280x1024 on an external display
with excellent acceleration. This feature
alone makes the Eee far more worthwhile
for serious use, as the mediocre inter¬
nal display becomes an acceptable
compromise—having a tiny device to
carry around, but a reasonable screen
resolution while at home.
Software
ASUS's customised "easy" interface is
built on Xandros and consists of a
tabbed desktop application launcher
and the IceWM window manager and
panel. The interface is slick and well
optimised for the low screen resolution.
A home key on the keyboard where the
Windows key usually is minimises all
applications and reveals the program
launcher. It's pretty clear ASUS antici¬
pates that most people will be running
applications maximised. The launcher
tabs are divided into Internet, Work,
Learn, Play, Settings and Favourites.
The Internet tab includes launchers
for Firefox, Skype and the Pidgin
instant-messaging client, as well as
some shortcuts for loading Firefox with
a preconfigured page to access services,
such as Wikipedia, various Webmail
providers and Internet radio. The version
of Skype installed does not support
video chat, which we feel to be a fairly
glaring omission for a device with a
built-in Webcam.
The Work applications include
Thunderbird for e-mail, KDE's Kontact
suite for PIM and Adobe's Linux Acrobat
Reader software. OpenOffice.org ver¬
sion 2.0 is available, and it performs
surprisingly well given Eee's limited
resources. One feature that isn't
immediately apparent, but mentioned in
the manual, is that a terminal can be
accessed with the keybinding Ctrl-Alt-T.
SSH and rdesktop are two applications
that can be accessed this way for those
who are terminal-savvy.
KDE's edutainment suite is well
represented under the Learn tab with
science-, language- and math-related
educational tools from the project
included. Tux Typing, Tux Math and
Tux Paint complete the selection.
With the addition of on-line learning
facilities, we feel the Eee would make
an excellent educational aid.
The Play tab includes quite a few
subcategories for various types of
media. A basic image viewer
Specifications
■ 4GB solid-state Flash disk
■ 512MB, 400MHz DDR2 memory
■ 900MHz Intel Celeron Mobile
■ Intel 945GM Graphics
■ Atheros 802.11 b/g wireless
■ 9 11 screen at 800x480 resolution
■ Three USB 2.0 ports
■ Kensington lock slot
■ SD/MMC reader
■ VGA out
■ 10/100 Ethernet
■ Headphone and microphone jacks
■ 640x480 Webcam
■ Customised Xandros OS
■ IceWM, with ASUS enhancements
(Gwenview) is included, as well as an
excellent MPlayer front end capable of
viewing most multimedia formats. We
found that getting high-quality, full¬
screen, highly compressed media
content was quite the struggle, but
with a bit of practice, we're sure we
can encode some video files that the
Eee will play well. DVD content off
an external drive plays reasonably.
We were very pleased to see some
of our favourite procrastination-enablers
under the Games tab. Frozen Bubble is
insanely addictive, and Crack Attack
looks like it will be second on the list of
"Reasons This Review Will Almost
Certainly Be Late". Penguin Racer a nd
Potato Guy are old-fashioned favourites,
and Solitaire, Sudoku and a Tetris clone
round out the selection.
The Settings tab allows for minimum
configurability—here are options for
setting up printers, configuring the
touchpad and checking for updates,
among others. We eagerly looked
Figure 2. ASUS "Easy” Interface
www.linuxjournal.com march 2008 | 43
REVIEWS
7
Figure 3. Kontact’s excellent PIM suite is a little squished.
Figure 4. How can a game this simple be so insanely addictive?
through the personalisation dialog
but were disappointed to see it did
not allow us to change the theme to
one that does not attempt to model
Microsoft Windows XP's much-hated
style. The tool to enable an external
display is simple and straightforward—
something we certainly haven't found
on other Linux desktops.
The Favourites tab lets us create
launchers to our favourite applications,
although there was no way of creat¬
ing a launcher to an application that
wasn't already on another tab. The
option to create a custom launcher
would be appreciated.
The first thing we tried was con¬
necting to various wireless networks,
using a USB GSM modem. For some
unknown reason, there actually are
two networking tools installed on the
Eee: one that can scan and connect to
wireless networks, and one that han¬
dles all other connections and saved
profiles for wireless networks. It took
quite a few connections where we had
to enter the key in every single time
before we discovered the second tool,
with the key saved. It seems utterly
needless to have two separate tools
for this when the various Network
Manager front ends are an excellent
We were blown away
by how easy it was
to configure a USB
3G modem—the
connection wizard
did almost all of the
work for us, and we
were on-line within
five minutes.
example of an all-in-one tool that's
painless to use. Hopefully, ASUS will
merge these tools in a later release.
We were blown away by how easy it
was to configure a USB 3G modem—the
connection wizard did almost all of the
work for us, and we were on-line within
five minutes. Powering the modem seems
to reduce the battery life to about two
and a half hours, but we still were
impressed that the laptop and modem
are less than 1 kg to carry around. Battery
life in general is a bit of a sore point. The
Eee gets a little more than three hours in
our testing, if it's on wireless, and we feel
this just isn't really enough for an ultra¬
portable. That said, the power adapter for
the Eee is quite small; it looks a bit like an
oversized cell-phone charger. Carrying the
charger to top up the Eee whenever you
happen to see a power point really doesn't
add much weight or bulk.
Although we appreciate that the
Eee could include only so much for the
price, it would have been nice to see
Bluetooth support and a larger screen.
At the end of the day though, every
time we thought of a way the Eee could
be improved, we kept coming back to
the price—$399. The cheapest ultra¬
portable from other vendors is closer to
$1,200, and those aren't as small or
totable as the Eee. It's no wonder that
the Eee is taking off so quickly and
developing such a following. Out of the
box, it's a compelling little appliance.
Most of the Eee's downsides are elimi¬
nated when you see how the machine
can be customized. With some custom
packages and a full Linux desktop, the Eee
is a formidable tool for the intermediate
Linux user. In my opinion, the Eee is five
minutes away from being a great backup
writing and open-source development
44 | march 2008 www.linuxjournal.com
Figure 5. Networking Tools
tool. Install Subversion, add a USB HSDPA
modem, and I'd have an extremely
portable, very cheap and rugged tool for
basic hacking tasks and for writing arti¬
cles—most of this article was written on
the Eee, sitting in various cafes around
Wellington. With a USB-to-serial adapter
and the addition of minicom, it would be
a great tool to take into server rooms to
aid me in my day job as a sleep-deprived
systems administrator. It's been my con¬
stant companion for the past few weeks—
coming with me to places I wouldn't dare
to risk my far-more-expensive and delicate
Sony Vaio. Throw it in a backpack or even
a large handbag, and it's ready and wait¬
ing. I'd far rather risk spilling beer on it
at a pub hackfest, getting knocked
around in my carry-on luggage or being
taken to conferences where I have an
absolute gift for having computers
stolen. Although $399 isn't cheap
enough to make it disposable, it's far
more so than something costing $2,000.
Next month, I'll take you through vari¬
ous ways the Eee can be hacked to unlock
the full power of the Linux it's running
underneath, and I'll also take a look at
trying different Linux distributions on \t.m
Jes Hall is a Linux Technical Specialist and KDE developer from
New Zealand. She’s passionate about helping open-source
software bring life-changing information and tools to those
who would otherwise not have them.
For details :
http://www.embeddedlinuxconference.com/
Lh Linux J-orum JdSS WV I bJrd Un«\ Bedve-io:\ uk y Wdb, UsA-
Embedded
Come and join us!
Conference (ELC) 2008
ELC is the mein event where developers from around the world who work on
open source software for embedded systems can get together and meet with
open source community people. Through a variety of sessions, BoFs, tutorials,
technical showcases and evening activities, we will exchange knowledge of
open source software technologies, to learn, share, and overcome the
problems we all face using Linux. Come join us and be inspired by technical
ideas on the evolution of Linux and related software, and at the same time
connect with your counterparts in this industry.
A. the Computer History Museum (Mountain
From ApriH5th to 17th
Currently in its fifth year, ELC is the longest-running international conference dedicated specifically to using Linux in embedded devices and products.
REVIEWS
7
SOFTWARE
IBM's Unfinished
Symphony
When Lotus Symphony faces the music, the question
becomes, "Do we really need another proprietary office
suite based on OpenOffice.org?” bruce byfield
Talking about IBM Lotus Symphony in
any meaningful way is impossible without
constant references to OpenOffice.org.
Consisting of three applications—the self-
explanatory Documents, Presentations and
Spreadsheets—Symphony is not only a
proprietary rival to OpenOffice.org in the
cross-platform office space, but also is
based on OpenOffice.org code, a move
made possible by OpenOffice.org's release
under the GNU Lesser General Public
License. Under these circumstances, com¬
paring the two applications is by far the
quickest and most accurate way to explore
Symphony's general features and interface,
as well as what new features it adds to the
codebase and what it leaves out.
To say the least, the result is mixed.
Specifically, Symphony is the
OpenOffice.org 1.14 code dropped
into an Eclipse framework, without any
attempt to include the various add-ons
available for the original. The version
choice has the advantage of ensuring
that Symphony is based on a mature
codebase, and the reliance on Java
sidesteps the need to bring developers
up to speed on every intricacy of
OpenOffice.org's notoriously cryptic code.
However, these choices also extract a
price. For one thing, version 1.14 is
two years old and missing many of the
improvements in the 2.x releases. These
include such features as version 2.3's
new chart system, the ability to use
movie and sound clips in presentations,
and the expansion and improvement of
the on-line help. All that Symphony
seems to have borrowed from later
releases is the enhanced drawing toolbar.
As for any add-ons, forget them.
Symphony does not even include
ExtendedPDF, which gives users
expanded control over exports to PDF.
Although Symphony does allow exports
to PDF, the feature is basic compared to
the one offered in the latest versions of
OpenOffice.org in most distributions,
which install ExtendedPDF by default.
Similarly, although reliance on Java
may speed development—IBM boasts
that the current beta 2 was developed
in less than two months—it does not
make for compact apps without
careful coordination of development.
Symphony's installation size is huge—
683MB compared to less than 200MB
for recent versions of OpenOffice.org,
even though it does not include
versions of OpenOffice.org's drawing,
database and equation editors.
Symphony's start-up speed is slow
too, taking at least twice as long as the
latest versions of OpenOffice.org using
the same equipment. Although these
figures may improve in later releases, they
seem unlikely to match OpenOffice.org's
any time soon.
The Interface
Despite improvements during the last
two years, including a change from bat¬
tleship gray to beige, OpenOffice.org's
interface has never been an example of
beauty. It tends to be ramshackle, never
sure if it should borrow from MS Office
and other proprietary apps or develop
its own design. Nor has any attempt
been made to enforce design standards,
which means that new features, such as
the dictionary and font installers, follow
a logic of their own. If there ever was a
program that demanded an interface
redesign, it was OpenOffice.org.
And, at first glance, Symphony pro¬
vides that redesign. Its selection of blues
with the occasional orange highlight
may be chosen mainly for IBM branding,
but the overall effect is much more uni¬
fied and pleasant to the eye than any¬
thing OpenOffice.org has managed to
offer so far. However, this unity is mainly
on the surface. Open a dialog box, and
you are back with OpenOffice.org's
familiar, starkly functional designs.
In much the same way. Symphony
attempts to edit and rearrange
OpenOffice.org's menus. Because many
OpenOffice.org features are omitted
(see below), Symphony can hardly help
but have shorter menus, making them
easier to use. In fact, Symphony even
has the space to make some features
more prominent, dragging the Direct
Cursor out of Tools^Options to place it
in the Edit menu, or to make page
numbering a top-level item rather than
hiding it among Insert^Fields to the
puzzlement of new users. Such changes
can only increase ease of use.
Too often though, the changes seem
arbitrary. Replacing Format Cells with
Text and Cell Properties in Spreadsheets
does nothing for clarity, any more than
replacing the Format menu with Layout
or the Insert menu with Create does.
And, is there any reason for labeling
spreadsheets with letters instead of
OpenOffice.org's numbers?
The same mixture of usefulness and
arbitrariness occurs with the positioning
of items. Moving the Options item from
the Tools menu to the File menu (where
it is called Preferences) seems sensible,
because the File menu is where you
expect to find basic setup settings.
But, why shift page setup from
Format/Layout to the File menu? The
fact that MS Word used to do so hardly
seems reason enough.
A more concrete improvement is
Symphony's borrowing of a Web brows¬
er format, opening on a useless Home
page and opening new documents by
default in tabs in the same window.
From there, a document can be opened
in a separate window via a right-click.
This arrangement is enhanced further
by a thumbnail view of documents in
the Window menu, which can be set to
view only a specific type of document.
However, the addition of a docked
Properties window on the right side
of the editing window is less useful.
This window displays elements that
are selectable from the menu in
OpenOffice.org, showing Text and
Paragraph settings in Documents,
Page settings in Presentations and cell
settings in Spreadsheets. Anyone
familiar with OpenOffice.org might
46 | march 2008 www.linuxjournal.com
wonder not only about the advisability
of another floating window to add to
the Navigator, Styles and Formatting,
Gallery and Data Sources (although
Symphony eliminates Data Sources),
but also why the Properties window is
so important that it is the only float¬
ing window that can be docked on
the right side of the editing window.
Even more important, the effect of
showing the Properties window by
default is to encourage manual format¬
ting at the expense of styles. Particularly
in the word processor, this emphasis is
equivalent to teaching someone to make
hand signals when learning to drive and
not bothering to mention the signal light.
More than any other office suite,
OpenOffice.org relies on styles, with sev¬
eral features, such as tables of contents
and outlines, being much more difficult
to use if you rely on manual formatting.
Perhaps the Properties window is in
response to OpenOffice.org users who
do not want to be forced into using
styles (as though styles were anything
except a time-saver for them), but its
prominence suggests that Symphony's
designers do not understand the logic
of the program they are mutating. If
you are using the code the way it was
intended to be used, the Properties
floating window is an irrelevance.
Missing Features
To those familiar with OpenOffice.org,
one of the distinguishing characteristics
of Symphony is how many features
have been ripped out. In all the applica¬
tions, the list is a long one.
To start with, many features for
interoperability are missing. For
instance, unlike in OpenOffice.org, in
Symphony you cannot store data for
use in other documents, embed one
document in another or export a list
of headers in the word processor to
create the slides in a presentation.
In Documents, the list of the missing
continues. All wizards are gone, as well
as any capacity to create labels, business
cards or anything else that requires a
mail merge. No Autotext, bibliographies,
hyphenation, thesaurus, outline number¬
ing, autoformats for tables or master
documents are available. Neither are
many types of fields, including ones for
hidden paragraphs or text, input lists,
document information or user data.
Presentations and Spreadsheets are
somewhat less devastated. Still,
Presentations lacks the initial wizard or
any sound support, and Spreadsheets
lacks the ability to split or freeze win¬
dows to improve the viewing of long
documents or to autoformat selected
cells. Flowever, in Presentations, you
might think that more is missing than
really is the case, because many items
are concealed in main and right-click
menus, and combo boxes for things
such as slide transitions list only a half-
dozen items at a time and require click¬
ing Other to see other selections.
In none of the three programs can
you edit keyboard shortcuts or cus¬
tomize menus and toolbars. You still can
run macros, but without these customiz¬
ing features, they are less accessible.
Instead of assigning them to keystrokes
or adding them to the toolbar, you have
to drill down through several levels of
menus in order to use them.
What is left is enough for most users
in undemanding circumstances. Still, the
logic behind what is omitted is obscure.
Although the tendency is to exclude any¬
thing that requires instruction to learn or
increases users' ability to customize, per¬
haps the true reason is to trim the hard
drive requirements as much as possible.
New Features and Old
Against these omissions. Symphony
boasts only a handful of innovations.
The single window for opening applica¬
tions includes a Web browser accessible
from the New button, but this hardly
seems the time to introduce one.
OpenOffice.org dropped its Web brows¬
er when its code was first released, and
the integration of applications on
GNU/Linux desktops is strong enough
that nobody has missed it since.
Otherwise, new features—as
opposed to ones made more prominent
by repositioning—are surprisingly few in
Symphony's applications. Aside from the
single window with search and thumb¬
nail features, probably the main addi¬
tion is the Freehand Table feature it bor¬
rows from MS Office. And this feature,
although showy, is slow and impractical
compared to choosing the number of
rows and columns by dragging the
mouse over a grid.
However, Presentations does include
one legacy feature that longtime
OpenOffice.org users might still be pin¬
ing for: the arrangement of slides in
tabs. This arrangement is more eco¬
nomical with space than the slide pane
that replaced it in OpenOffice.org's
Impress, allowing much more room to
display the currently active slide. But,
this feature is hardly enough to attract
users by itself.
A Lack of Purpose
How Lotus Symphony fits into IBM's
corporate strategy is anybody's guess.
Perhaps it is a matter of corporate
pride, an attempt to revive a product
line that was a contender in the office
application market more than a decade
ago? A desire to support open stan¬
dards by releasing programs that sup¬
port the Open Document format?
If the intent is to undermine MS
Office's dominance on the desktop, as
some have alleged, then as an under¬
featured, proprietary application,
Symphony seems to have poor odds for
success. So far, at least, there is not
even any evidence that Symphony will
integrate with Lotus Notes to offer the
combination of office applications and
calendaring that OpenOffice.org lacks.
IBM would strike a greater strategic
blow if it contributed directly to the lat¬
est version of OpenOffice.org instead of
focusing on what seems a quixotic and
halfhearted project at best.
That, in the end, is why Symphony
disappoints. As a project, OpenOffice.org
badly needs some fresh ideas. Its interface
probably needs redesigning from the
ground up, both in terms of names and
positioning of features. Some features
deserve to be more prominent, while
some may be no longer relevant or
require radical redesign. Symphony
attempts all these things, but with no
clear vision and only halfheartedly.
In the end, all Symphony offers is a
version of OpenOffice.org stripped to
the basics and suitable mainly for those
who won't take the time to learn to
use office applications properly. Such an
outcome is disappointing for those who
would like to see OpenOffice.org
undertake some basic improvements,
and not nearly sufficient to justify
Symphony's independent existences
Bruce Byfield is a freelance journalist who covers free software
for Datamation, Linux.com and Linux Journal. He also does
e-learning course design and marketing and communication
consulting. Away from the computer, he enjoys excessive
exercise, hanging out with parrots, listening to punk-folk
music and reading any history books he can get his hands on.
www.linuxjournal.com march 2008 | 47
REVIEWS
7
SOFTWARE
Domo Arigato Mr
Androidato—An Introduction
to the New Google Mobile
Linux Framework, Android
All your phones, are belong to Google—a brief overview of Android, the new software
stack created by Google for the Open Handset Alliance, adam m. dutko
The Open Handset Alliance (OHA) is
an industry trade group comprising
more than 30 technology and mobile
companies. The focus of the OHA is to
accelerate innovation in the mobile
application and hardware space and to
provide consumers with a more compre¬
hensive and inexpensive mobile device
experience. Android is a new, mobile
application development framework
developed by Google for the OHA that
represents part of a greater promise
from OHA members to make the open
platform an industry success.
Along Came an Android
In addition to announcing its intent to bid
on the C Block of the 700MHz wireless
spectrum recently, Google continues to
lead the charge to ensure that the FCC
mandates the spectrum be open for all
mobile devices and all operating systems.
These two points are partly why the
Android announcement is so important.
Imagine using your phone as you do now,
but with the option to modify it like you
do your desktop computer. With Android,
you will be able to tweak a subset of soft¬
ware on your phone to your liking—more
so than merely changing the background,
selecting a ring tone or downloading
carrier-sanctioned software. If this idea
becomes a reality, it might herald the
beginning of a new era of personal
computing and possibly even foster the
creation of a new generation of small
mobile phone companies and soft¬
ware vendors. Without waxing too
philosophically on the benefits of an
open spectrum, open devices, open
software and open access, let's get to
the meat of the problem, or shall we
say, the logic of the Android.
The Meat
The key features of the Android Software
Development Kit (SDK) include an appli¬
cation framework, a memory-optimized
runtime environment named Dalvik (so
called because of one of the main engi¬
neer's affinity for the Icelandic town), an
integrated browser based on WebKit, a
custom 2-D graphics library, a 3-D graph¬
ics library based on OpenGL ES 1.0, struc¬
tured data storage through SQLite,
support for a variety of media formats
(MPEG-4, H.264, MP3, AAC, AMR, JPG,
PNG and GIF), and hardware-dependent
support for a multitude of components
(GSM, Bluetooth, EDGE, 3G, Wi-Fi,
Figure 1. Browsing the Linux Journal Web site
using the WebKit-based browser on the
Android emulator. This particular screenshot
highlights the built-in zoom feature that enables
you to see a full-size view of a Web site.
camera, GPS, compass and accelerometer).
All of this functionality is accessible
through the Eclipse IDE or on its own
through the user's own Java environment.
The platform also includes an emulator,
debugging utilities, memory and perfor¬
mance profiling tools, and the source
code for a set of example programs.
So Many Layers, So Little Time
The Android framework consists of
four layers, as shown in Figure 3. At
the top of the stack is the aptly named
Applications layer, so called because it is
where finished applications are assem¬
bled and situated in the framework. The
second is the Application Framework
layer, where the building blocks of each
application are created using the under¬
lying system libraries and associated
application code. Next comes the Library
and Runtime layer where core system
libraries, Google Java libraries and the
Dalvik virtual machine reside. The fourth
and final layer is the Kernel layer, where
Linux (version 2.6.x) communicates with
the underlying hardware.
Application Layer
The Android operating system is a multi¬
process system, wherein system and
application processes run within their
own ID space. Security between applica¬
tions and the system is maintained at the
process level using standard Linux facili¬
ties, such as Discretionary Access Controls
(DACs). When an application is installed,
it is given a unique user ID on the system
for the duration of its installation lifetime.
This unique user ID affords the application
a dedicated and protected execution
stack within the Android system.
The default behavior of an Android
48 | march 2008 www.linuxjournal.com
Figure 2. Using the built-in Maps feature to
find my hometown in Ohio. The maps feature
works similarly to the one found on the
Internet—first providing a world view, then
allowing you to pick a particular region and
keep zooming until you reach the magnifica¬
tion limit or are satisfied with what you see.
application is to operate within its own
container on objects it owns. In other
words, Android applications have no per¬
mission to perform operations that might
adversely impact the user experience or
associated data. This behavior can be
modified in two ways: 1) the program¬
mer can explicitly share application space
with another application, or 2) the pro¬
grammer can explicitly share application
components with other applications and
the system. These exceptions are made
through the application manifest file.
The manifest file, AndroidManifest.xml,
is a file required in every application, and
it resides in the root of the application
folder. It not only provides a means for
defining the security characteristics of
your application, but it also provides an
outline of your application in the form of
exposed application components known
as activities, intents, receivers, services
and providers. More information on the
manifest file is available on the Android
Web site (see Resources).
Application Framework Layer
Designed with reuse in mind, this layer
enables programmers to piece together
five types of components to create the
basic building blocks of an application:
Applications
r
v
v_y
Application
Framework
V_ )
Core (Google)
Libraries
Dalvik VM
Java
Libraries
_y
f \
Linux 2.6.x
(Kernel)
v _'_._ J
Figure 3. Hierarchical View of the Android Framework
1. Views
2. Content Providers
3. Resource Managers
4. Notification Managers
5. Activity Managers
The first component, Views, represents
the most basic piece of a user interface.
Each view is responsible for managing the
layout and events associated with the
screen area it represents. Views can be
grouped together to form Viewgroups
and arranged into a hierarchical tree, with
other views and Viewgroups. This tree
forms a user interface for a particular
application activity, such as entering a new
contact into a contact book or adding a
note to your diary.
The next component is the Content
Provider. Content Providers enable a
programmer to define a resource from
which to pull or push data using a
Content Universal Resource Indicator
(ContentURI) wrapper and a Universal
Resource Indicator (URI). Each ContentURI
wraps around a unique type of data, such
as contacts, settings and call logs, and
provides helper methods for accessing
associated data referenced through a URI.
Programmers are free to dictate how they
want to store, retrieve and modify publicly
shared application data, but they must
create the provider with a repeatable way
to query and return data.
To accomplish this requirement, each
URI must contain at least three compo¬
nents: the standard prefix of content://,
the data authority and the data path to
the content provider. An additional com¬
ponent can be added to the URI if the
programmer wants to request a specific
piece of data by unique ID, but the fourth
component is only necessary when the
application programmer is faced with
having to know the exact ID of a record.
When put together, a typical URI might
look like content://contacts/people/42.
You also can use a URI to return
a whole set of records. For instance,
if you wanted to return the complete
set of contacts, you would use
content://contacts/people. Quite useful,
no? But, what happens when you want
to look up Ford in your contact book
and can't remember the ID of the
corresponding record? Android provides
helper classes for each type of ContentURI
for this exact situation, enabling users
to find data provided by a particular
Content Provider easily. The exact
details on how to create, use and modify
Content Providers, and how to use
more-advanced concepts, like managed
cursors, are explained in more detail on
the Android Web site.
The next component is the Resource
www.linuxjournal.com march 2008 | 49
REVIEWS
7
Table 1. How the Android Framework Compares to Existing Mobile Frameworks
Android
Motodev
Maemo
OpenMoko
Qtopia
License(s)
Apache2 (mirrored
GPLv2.0/LGPL components)
GPLv2.0
(kernel)/proprietary
Many free and
open-source licenses
GPLv2.0/LGPLv2.1
GPLv2.0
(Community Edition)
Company
OFI A/Google
Motorola
Nokia
FIC/OE
Trolltech
SDK (price)
Eclipse plugin or
standalone (free)
Eclipse plugin
(Community Edition, free)
VistaMax or Laika (some
parts require a device)
OpenEmbedded
(free)
Qt Tools (Community
Edition, free)
Sign-up Required
No
Yes
Depends (OS requires
valid device ID)
No
Yes (Community
Edition, free)
Primary Ul
Java
Qt
GTK+
GTK+
Qt
Primary Application
Language(s)
Java (underlying
libraries C/C++)
Java ME/C++
Languages with
GTK+ bindings
Languages with
GTK+ bindings
Languages with
Qt bindings
Preferred Simulator
Android emulator
MotoDev emulator/
Java ME emulator
QEMU
QEMU (and others)
Greenphone emulator
(QEMU)
Primary Devices
Unknown (probably
OHA devices)
Most Motorola
mobile devices
Nokia N Series
(and others)
Neo1973
Neo1973 (Greenphone
discontinued)
Licensing
Free (some services
cost extra)
Free (some services
cost extra)
Free (device required
for some OS bits)
Free
Free (noncommercial
only)
Manager. Resource Managers provide a
way to work with application-associated
files that do not contain code, such as
icons, layouts and files associated with
application internationalization and
localization. Because all resource files
are compiled into the binary at build
time by the Android build system,
Resource Managers are sensitive to
where files are located in the source
tree. To make build errors related to
misplaced external files easier to avoid,
all Android projects created through the
Eclipse plugin contain a resource
directory named res at the root of the
application source tree. The resource
directory contains subfolders for spe¬
cific types of data, which the compiler
searches and verifies application code
against at build time. The exact details
on dealing with Resource Managers
are quite complex, and the specifica¬
tions for dealing with Localization and
Internationalization are not yet com¬
plete, so if you would like to know
more, please follow the link provided
in the Resources for this article.
The next component is the Notification
Manager. Notification Managers provide
developers with the ability to alert users
to events occurring on their devices.
Some examples include displaying a
view in the form of a notification
window when an e-mail arrives, alerting
users to incoming calls by flashing the
back light, or maybe even nagging users
with a loud Britney Spears ring tone
when the battery is running low. These
are all typical examples of how you
might use a Notification Manager in an
Android application. The exact details
on how to implement a Notification
Manager also are located on the
Android Web site (see Resources).
The final component of the
Application Framework layer is the
Activity Manager. Activity Managers are
arguably the most important part of any
application running in the Android frame¬
work. Activities are defined as user-per¬
formed atomic tasks that, when initiated
by the user, elicit new behavior from the
application. Such behavior might create a
new view, retrieve data from a content
provider or access underlying hardware to
make a phone call. Such tasks are the
foundation on which applications are
built in the Android framework. Activity
Managers are the components responsi¬
ble for maintaining the navigation stack
within an application and performing var¬
ious housekeeping tasks based upon
available resources and the particular
state of an activity. In general, Activity
Managers try to keep processes related to
activities around for as long as possible,
but at times, they might be forced to free
up resources by terminating particular
activities. More information about imple¬
menting Activity Managers is available on
the Android Web site (see Resources).
Library and Runtime Layer
The third layer in the Android frame¬
work consists of a set of shared C/C++
libraries, core Java libraries and the
Dalvik virtual machine. The current set
of libraries available in the Android SDK
includes a BSD-derived implementation
of libc optimized for embedded Linux
devices, media libraries based on
PacketVideo's OpenCORE, a display
subsystem and 2-D/3-D management
library called surface manager,
LibWebCore, the SGL 2-D graphics
engine, 3-D libraries associated with the
OpenGL ES 1.0 API, FreeType and SQLite.
In addition to these libraries are
the assorted core Google Java libraries.
Some people have questioned the
Android implementation of Java as
proprietary, although others claim
the implementation is a necessity for
Google to optimize the Android frame¬
work. The important thing to remember
is that the Google Java libraries provide
only a subset of what the Sun Java
libraries provide. The remaining portion
of this layer is Dalvik. Dalvik is a memo-
50 | march 2008 www.linuxjournal.com
ry-optimized Java Virtual Machine (JVM)
created by Google to run optimized
.dex bytecode. In addition to the
Google Java libraries, Dalvik and the
associated bytecode compiler dx remain
a potential source of contention in the
Free and Open-Source Software world.
Google claims the source will be avail¬
able soon, but remains mum about why
it decided not to pursue these changes
through Sun's open-source Java efforts.
Kernel Layer
The layer closest to the physical hard¬
ware in the Android framework is the
Linux kernel. Android is scheduled to
ship with version 2.6.x, and it will rely
on Linux to manage a variety of ser¬
vices, such as security, memory manage¬
ment, process management, networking
and drivers for a variety of devices.
The Android Eclipse
If you are interested in working with the
Android SDK, you can do so through
Eclipse or through other development
environments or IDEs. If you want to
use the Eclipse IDE, you need to have
version 3.2 or 3.3 installed, along with
the Eclipse JDT Plugin, as well as version
5 or 6 of the Java Development Kit
(JDK). You also may want to install the
Android Development Tools (ADT)
Plugin through the Software Updates
Figure 4. The default menu for Android shown
through the emulator. You can navigate the
menu by clicking the buttons with your
mouse or selecting them with your keypad.
menu using the following link:
https://dl-ssl.google.com/android/
eclipse. The ADT Plugin automates a lot
of what you would have to do manually
in order to develop Android applica¬
tions, and it is recommended if you are
new to Java development or if you are
generally lazy like most programmers.
After you are done setting up your
environment, you need to add the most
important piece, the Android SDK. You
can find the most recent version of the
SDK at code.google.com/android/
download.html. After downloading the
SDK, it is recommended you verify the
md5 checksum before unzipping the con¬
tents. Once you have verified the contents,
you then need to unzip the contents to a
location of your choice and add the cor¬
responding path to the Android menu
within your Eclipse preferences menu.
If you do not want to use Eclipse, you
still need JDK 5 or 6 and Apache Ant
1.6.5 or later, in addition to the Android
SDK. I leave it up to you to perform the
necessary steps associated with sourcing
the SDK components into the proper
path if you choose not to use Eclipse. If
you run into problems, it is important to
note that the GNU compiler for Java
(GCJ) is not supported, and that if you
have JDK 1.4 installed, you will not be
able to use the Android framework. If
you have questions about installing the
Android SDK and/or configuring your
environment, more in-depth information
is available on the Android Web site.
Robotic Memories
One of the best things about the Android
SDK is how easy it is to get up and run¬
ning. Using my existing Eclipse Europa
environment, I was able to start work on
my first application only a few minutes
after downloading all of the components.
It literally took me a few mouse clicks and
keystrokes to get the equivalent of a
"Hello, world!" application running in the
Android emulator, and only a few more
minutes to get a Notepad application run¬
ning. The next best thing about Android is
that it is completely focused on application
development and not on peripheral
requirements, such as kernel compilation
and installation. If you want to be com¬
pletely focused on mobile Java application
development, Android might be the
mobile Linux framework for you. In short,
Google has painstakingly taken the time to
provide a great abstraction layer for devel¬
oping mobile Linux applications, and it has
provided a path to existing Java application
programmers to create Google-enabled
and OHA-supported applications.
Despite all these wonderful things, I
must confess that I still felt slightly unsatis¬
fied with Android. On the one hand, I was
very happy to be able to start working on
application development so quickly, but on
the other hand, I felt like, that's it? Maybe
it's because I was working with the beta
version of the SDK and not all of the com¬
ponents have been released yet, but for
some reason, I felt more like a kid snap¬
ping Legos together than a developer cre¬
ating an application stack on which to run
my new application. So, if you are like me
and want control over your entire stack,
I still recommend sticking with a more
transparent and flexible approach like the
OpenMoko framework. Just remember,
that like all other free and open-source
software projects, the choice is yours.H
Adam M. Dutko is a Lead Web Designer for a small family-
owned business located in Kent. Ohio. He maintains the mrxvt
and astyle packages for Fedora, brews beer and works on
Wireless Sensor Networks at the Cleveland State University
Software Engineering Lab. He currently lives in Lakewood.
Ohio, with his wonderful wife. Gretchen. You can read more
about him at littlehat.homelinux.org ; 8000 .
Resources
Android: code.google.com/android
Android SDK: code.google.com/android/download.html
Open Handset Alliance: www.openhandsetalliance.com
A Java Developers Thoughts on Dalvik: www.oreillynet.com/onjava/blog/2007/
11/dalvik_googles_tweaked_nonstan.html
Eclipse: www.eclipse.org
www.linuxjournal.com march 2008 | 51
Desktop
Must-Haves
This article is an introductory piece to get you thinking
about the Linux Desktop and all it can do.
DAN SAWYER
S o, you’ve been playing around with Linux for a
few years now—running a file server here, a
firewall there—but you’re finally getting around
to migrating your desktop away from Windows.
After all, it’s either Linux or Vista, and you don’t fancy
your whole system being locked down with badly imple¬
mented DRM or crippled by system requirements.
Because when must a mere operating system need 15GB
of hard drive space, 512 MB of RAM and a 1GHz CPU
just to boot up?
Moving from Windows-land isn’t merely a matter of
changing the operating system. Unless you’re keen on
setting up Crossover Office and moving all the compati¬
ble applications across (a problematic enterprise), you’re
going to have to learn a few new programs that do the
same jobs on which you depend. But, before you learn
those programs, you need to know what they are.
Based on a thoroughly informal and unscientific sur¬
vey of those who tolerate me best, I’ve drawn up a list of
the things most people do or need access to on their
computers every day. It turns out that most people, at
least in my demented little corner of the universe, still use
their computers for a fairly narrow range of tasks—cer¬
tainly more tasks than ten years ago, but not many more.
Those tasks fall broadly into four categories: Office,
Graphics, Internet and Entertainment.
52 | march 2008 www.linuxjournal.com
Figure 1. OpenOffice.org Writer
OFFICE
Believe it or not, even though it's not
how people spend most of their com¬
puter time, office software is the corner
of the computer market of which peo¬
ple are most aware. And, why wouldn't
they be? Office software is what we use
to manage finances and priorities, cre¬
ate presentations, keep schedules and
write letters, papers, diaries and books.
Of course, what you're going to
need on your desktop usually is not the
same as what you'd need on a work
machine. Nevertheless, being a small-
business owner, I tend to pick my soft¬
ware with an eye toward openness of
data, migratability, interoperability and
room for growth. In other words, I want
to be able to get at my data from a
number of programs, not only the one
with which I created it. I want to be
able to migrate painlessly to another
software package should my require¬
ments grow or change enough that I
need to change my applications of
choice. I want the programs I use to be
able to talk to each other and to other
programs out in the broader world. For
example, if I write a short story and
send it to a friend to proofread and
mark up, I want her to be able to read
what I send, and I want to be able to
read her annotations in red text when
she sends it back. I also want my soft¬
ware to be able to do more than I need
right now, because if my needs grow,
it's less bothersome to learn a new
aspect of an existing program than to
bring in a support application to supple¬
ment it or to migrate to a whole new
backbone. Because I have to deal with
this stuff every day, I tend to take it into
account when recommending software.
So, to start off with our office
software, it's best to kill four (well,
three and a half) birds with one
stone. Most people need to write
and edit documents, track numeric
data on a spreadsheet and create
Power Point-style presentations for work,
church or underground revolutionary
cult meetings (you know, like Linux user
groups). Sometimes, people also might
want to create a database in an
Access-style graphical environment
to keep tabs on cult membership or
lists of evangelism projects.
Evaluating office software in Linux,
when coming from Windows, can be
quite dizzying. With KOffice, GNOME
Office, OpenOffice.org and a whole raft
of word processors and spreadsheets,
it's easy to become overwhelmed.
But, for my money, the
OpenOffice.org suite stands head and
shoulders above the rest. It reads and
writes more formats better, and it's less
crash-prone and more versatile than
most of the alternatives (KWord from
the KOffice suite being a notable excep¬
tion, as it can double as a layout pro¬
gram in a pinch). OpenOffice.org is
more resource-hungry though—its only
major drawback. High-end spreadsheet
users who require complicated scripted
math also may want to check out
Gnumeric (from GNOME Office) to
supplement their office software, as
its functions are more powerful.
Aside from the traditional office
suite, good bookkeeping software prob¬
ably is the single-most basic function
people require of their computers when
the computers are employed as tools.
Let's face it, of all the sticking points
for Windows-to-Linux migration, this
ranks right up there with "my games
won't run" and "I can't do without
Photoshop" as one of the biggest
complaints. Nobody wants to give up
Quicken, and less than nobody wants to
re-enter years of checkbook, credit and
tax records from scratch.
Two good candidates exist in this
arena—good meaning, works well,
reads and writes Quicken files painlessly
and doesn't require special skills to set
up and administer. Of the two options,
KMyMoney and GnuCash, the former is
better-suited for home finances and the
latter is better-suited to small business.
Both are easy to use and easy to set
up, although I prefer GnuCash both
for its accounts payable/receivable and
invoicing capabilities, and for its exten¬
sive and far-above-par documentation.
It also interfaces nicely with on-line
banking standards.
Although not something that
generally is at the top of anyone's list,
everyone needs a good PDF reader.
Fortunately, not only is Adobe Acrobat
Reader available for 32-bit Linux, but
also two excellent PDF/PostScript view¬
ers are available in the open-source
realm with very comparable feature
sets: KPDF (bundled with KDE) and
Evince (bundled with GNOME). Neither
rises quite to the level of Acrobat
Reader—support for locked e-books
is missing, for example—but both
have one key edge on Adobe's cur¬
rent offering. Because they're open
source, they are available for 64-bit
systems as well as 32-bit systems,
without having to mess with goofy
workarounds and wrappers.
Time and communications manage¬
ment are the final stone in our office
software rampart. Again, the Open
Source world provides an embarrassment
of riches: Sunbird and Thunderbird from
www.linuxjournal.com march 2008 | 53
FEATURE Desktop Must-Haves
Figure 3. Evolution’s integrated calendar which interfaces tightly with the e-mail client, gives easy
control over schedule keeping.
Figure 2. Checking E-Mail with Evolution
the Mozilla Project, Kontact (which
includes KMail and comes bundled with
KDE), Evolution, Pine, J-Pilot—the list
seems endless. It's possible to lose entire
weeks evaluating the finer points of
each (and each has many fine points).
However, most people need a good task
manager, a good calender, a good
e-mail client with great spam filtering,
and a way for all of them to talk to
each other while being fairly worm-
impervious. Of all the above, only two
packages put this all together: Kontact
and Evolution. Kontact is more heavily
integrated in KDE, and Evolution has
good integration with GNOME. But
on balance, Evolution is more spry,
has a better interface design and is
easier for the average end user to
administer without sacrificing quality
and sophistication. Kontact is well on
its way to this point, as is the Mozilla
Sunbird/Thunderbird combination, but
neither has risen to Evolution's level yet.
Evolution offers a further advantage to
small business users in that it interfaces
with popular groupware applications
such as Outlook and WebDAV. Granted,
most people don't need groupware, but
they do need a way to keep track of
what's going on in their lives, and
Evolution does the job swimmingly.
INTERNET
Bar none, the one thing that people
do most with their computers is live
on-line. Web browsing, social networking,
instant messaging and e-mail are the
most vital ways the postmodern
Webizen stays in touch with the rest of
the world. We've already touched on
e-mail. The other non-browser-centric
way people keep in contact is via instant
messaging. There are a number of IM
clients on Linux; some of them are
protocol-specific (such as Amsn, which
also supports audio/video conferencing
for the Microsoft Messenger Network),
and some of them are universal. The
best of breed for the universally com¬
patible ones is Pidgin.
Once known as Gaim, but forced to
change its name due to a trademark
dispute, Pidgin is a multiprotocol
instant-messenger client with tabbed
message windows and an impressive
array of plugins, including support for
two very powerful encryption schemes
to keep conversations private. The inter¬
face is simple, the program is easy to
use, and it doesn't get in the way—all
must-haves in an IM program. Pidgin
doesn't support audio or video chat
(few clients for Linux do), but all the
other great peer-to-peer conference
features to which users are accustomed
are readily available.
Of course, when talking about
Internet software, one must discuss the
granddaddy of all Net software, the
54 | march 2008 www.linuxjournal.com
Figure 4. Pidgin sports a multiprotocol buddy list and a tabbed message interface to keep your
chats well organized.
Pidgin doesn’t support
audio or video chat
(few clients for Linux
do), but all the other
great peer-to-peer
conference features
to which users are
accustomed are
readily available.
embedded Flash and JVM players, and
give you good, intuitive privacy man¬
agement with a reasonable level of
security, there is only one choice,
Mozilla Firefox.
V * Hgfrlight
W M arsonalftp disorder
l J http;yrfrfw.hnu.si-ourrial.corny
r i'T ■
attempt
Subscribe now
FdBianiM! FTewViM Frr# Ihua Ciiawm an
Home Topics flings Hcmldlm I'luriniiinrly Rncimcrj Fations Shc|i Utgd/iH!
Powerful Multimedia Command-Line
Tools, Part I - SoX
SciX, tfie SwisF. Army knifa nr .ludra processing
Read fnore »
Powern."! tie di a Data 'IP* Reilly Seme Liiujx Uudm Dor Seafls aiya.
: eiwund-Lmr Wean? UpditeiAna "Sluwuii'our
LinuxJourFTal.com Survey
BteeembiF Jih 3007 by Wabmutw
Whaf s New Down Here?
3Lnrf. 3007 by Fyl
in biLwnalinnuJ
EtmAtak'B onfy H minulBB b ggiticI^b YYb
ap^eciaia sfflur time and value you£ opinion Many ytan age. Kama said b nr-a ’V'ou w
VYa n iiu yeuc op .mom to taka' stock ol cnir niYsr ralse-iutl, somada), you will die'
Appro Servers and W<
Industry Leading M 3 kB 6 C
featuring up no ol
IF Find
IhPttwWnrig cLiL
Figure 5. Firefox, the Best-of-Breed Browser
Web browser. Although there are a lot
of viable options for simple Web brows¬
ing, if you're looking for something that
will give you tabbed browsing and RSS
feeds, support Flash videos and games,
let you watch audio and video in
GRAPHICS
A few years back, this wouldn't have
been a relevant category, but between
the ubiquity of digital cameras and the
glut of presentation software, every¬
body needs a graphics package—two
of them, actually: one to organize the
photos (otherwise, how are you going
to find that perfect shot among the
thousands you rattle off each year?)
and the other to edit them.
Organizing photos is a tricky job,
though it's one that people are a lot
more familiar with in these days of Flickr
than they were ten years ago, when the
shoebox at the back of the closet over¬
flowed with pictures to sort and put in
albums...someday. In the Mac world,
everyone uses iPhoto. It's ubiquitous, it
makes slideshows, and it does rudimen¬
tary adjustments in the program. On
Windows, there's Picasa, which is
focused more on printing than indexing.
On Linux, there's F-Spot and digiKam.
F-Spot is a rudimentary, but user-friendly,
indexing system. digiKam, on the other
hand, is far more sophisticated, with
integrated color management, gallery
creation, iPod interface, slideshow and
calendar creation, and RAW format
handling, all underneath a well-laid-
out interface. In this game, it's the
clear winner.
www.linuxjournal.com march 2008 | 55
FEATURE Desktop Must-Haves
fljbum Trig Im^ Lrh! Vmw foak Cim?r. S-ntirujii (Mu
" '■ ✓ n ~
Hj AlhumiL
■Itummsiw
My Albumv'tn
Dw*«1bt* 2M1'40 Ittmi-
BQB
n™^ W* nwstah^l 7VX.
BBQB
BBBB
Figure 6. Browsing through Albums with digiKam
Figure 7. Krita’s interface with photo loaded—notice the color management system is open by
default in the upper right.
For graphics editing, there isn't such
a clear winner. The field is dominated by
two very robust contenders: Krita and
The GIMP. I published an in-depth article
in the July 2007 issue of LJ reviewing
Krita and its advantages over The GIMP.
The philosophies of the two programs
are very different, as are the interfaces.
The GIMP has a broader user base at the
moment and more available plugins, and
Krita offers more professional color
management and a broader array of
basic editing tools. Currently, they're very
different programs, and from the point
of view of the lay user, a lot is going to
boil down to personal taste in interface.
Either will serve very well.
ENTERTAINMENT
Between Google video, podcasting, video
podcasting, integrated DVD players
and USB-powered...well, let's call them
"personal exhilaration devices", the com¬
puter now is an entertainment center.
Projects like MythTV let you literally build
an entertainment appliance out of your
PC, but even your desktop has to have a
good multimedia backbone in it, or you
might get frustrated and bored. We can't
have that, now, can we?
So, let's start with home videos. You
shoot them, and then what? Are you
really going to spend months of your
twilight years rewatching ancient DV
tapes in real time? Of course not. But,
you can edit them and export them to
DVD or YouTube to share with your
family if you install Kino on your system.
Small, fast, feature-loaded and stable,
it's the Linux answer to Windows Movie
Maker and iMovie.
Of course, playing those movies
you make and the DVDs already on
your shelf, is another matter. You
need a good, all-purpose media
player. In Windows-land, you need
QuickTime, RealPlayer, Windows
Media Player, Flash Player and
WinDVD to cover everything. In Linux,
you need only one program, though
you have a choice of three that are
quite excellent: MPlayer, Xine and
VLC. They all use FFmpeg as a back
end, which is both highly robust and
versatile. All three also can call upon
Windows-native codecs to decode
proprietary file formats. The choice
between them primarily is one of
taste. MPlayer can be run from the
command line as well as with a GUI,
it has a very stable Firefox plugin,
and it contains an excellent set of
command-line encoding and stream¬
ripping tools. Xine (and its front
ends, like Kaffeine) tends to have the
friendliest interface. VLC is equipped
56 | march 2008 www.linuxjournal.com
Figure 9. Kaffeine plays a video.
to broadcast Net streams as well as
rip them and transcode them natively
in the GUI. I personally keep all three
around, but any one of them will do
you well, depending on what you're
looking for. In practice, you'll wind up
using one for your viewing pleasure.
You'll also need a podcatcher and
media library organizer and player
similar to iTunes. In this field, Amarok
stands alone. It also allows you to
select the back-end engine you prefer
(GStreamer, Xine and so on) and will
play pretty much any audio format
under the sun. It includes integrated id3
tag editing, a very intuitive database
index, a MusicBrains store interface and
lots of fun little extras for dealing with
iPods and other portable media devices.
Finally, you're going to need something
to burn all the CD compilations, DVDs
from videos you've edited, and backups of
your data. The best and most fully featured
solution you can get for this is K3b. It sup¬
ports data CDs and DVDs to a variety of
formats and standards, rewritable media,
video CDs and DVDs, burning from a
variety of ISO types, and even self-booting
media CDs and DVDs with micro-operating
systems (eMovix discs).
WRAP-UP
The good news about Desktop Linux
isn't merely limited to the fact that you
can do everything—or nearly everything—
Dan Sawyer is the founder of ArtisticWhispers Productions
(www.artisticwhispers.com), a small audio/video studio in the
San Francisco Bay Area. He has been an enthusiastic advocate
for free and open-source software since the late 1990s,
when he founded the Blenderwars filmmaking community
(www.blenderwars.com). He currently is the host of “The
Polyschizmatic Reprobates Hour”, a cultural commentary
podcast, and “Sculpting God”, a science-fiction anthology pod¬
cast. Author contact information is available at www.jdsawyer.net.
on Linux that you need to do on a
desktop system. The really good news
is that most of these programs—
Pidgin, OpenOffice.org, Evolution,
MPlayer, THE GIMP, Firefox, GnuCash
and VLC—work on Windows, so you
can ease yourself into the Linux/Open
Source world in stages.
Is this the Year of the Desktop for
Linux? That's something history will decide,
if it even cares. But, one thing is without
doubt: Desktop Linux has arrived. ■
Figure 10. Kaffeine’s playlist building interface, with a file browser on the left, a preview window
under it, and the playlist on the right. Kaffeine is a Xine front-end.
Figure 11. Amarok is the ultimate podcatcher/portable media player/sync manager/music library
manager/player.
www.linuxjournal.com march 2008 | 57
BEHIND THE
LOW-END
LINUX BOX
THAT
SOLD OUT
AT WAL-MART
Dave Liu of gOS and the $199 gPC.
DOC SEARLS
In June 1996, PC Week ran a piece
titled "Andreessen Eyes Internet OS".
Marc Andreessen was famously the
prime author of the Mosaic and
Netscape browsers, and a cofounder of
Netscape as well. The money quote
from that piece was, "The only differ¬
ence technically between Netscape's
Navigator browser and a traditional
operating system is that Navigator will
not include device drivers."
Needless to say, this and other
remarks along the same lines did not
please Microsoft. A great deal of history
followed, including the "browser wars",
the sale of Netscape to AOL, the federal
lawsuit against Microsoft, the dot-com
crash, Y2K and much more. Forgotten
in the shuffle was Marc's original
ambition, which was to establish the
browser as a platform, and in the
process, to commoditize operating
systems to the "bags of device
drivers" they had long been called.
Now it's 2008, and Google is busy
treating the browser as a platform and
is generally agnostic toward operating
systems. (Its own services are mostly
deployed on Linux-based systems, but
its applications are either browser-based
or made to run on multiple platforms.
Google Earth is the ideal example.
Picasa is not.)
But, the browser is mostly where
Google likes to run user-side apps as
Web services. In fact, Google now
provides most or all of your basic desk¬
top application suite—mail, office
(documents, spreadsheets, presentations),
calendar and instant messaging—inside
your browser. It's up to the user which
bag of device drivers runs between
browser and iron. May the best bag win.
Thus, it was perhaps inevitable
that somebody would come along
and make a bare-bones—or bare-
browser—box that's optimized to run
Google's browser-based apps on the
best-commoditized platform, fulfilling
the Andreessen Prophesy.
That somebody is Dave Liu, the
21-year-old CEO of Good OS LLC. The
company's main product is gOS, an
Ubuntu-based distro tweaked to run
Web apps as if they were desktop ones.
gOS might have been Yet Another Linux
Distro had it not made news last
58 | march 2008 www.linuxjournal.com
FEATURE Behind the Low-End Linux Box that Sold Out at Wal-Mart
November when the $199 Everex gPC 7
running gOS, sold out in two days
at WalMart.com.
Though the price is low-end, the
gPC doesn't hurt for features. Here
are the hardware specs, according to
Everex: "1.5GHz, VIA C7-D Processor,
512MB DDRII 533MHz, SDRAM, 80GB
HD Drive, DVD-ROM/CD-RW Optical
Drive, VIA UniChrome Pro IGP Graphics,
Realtek 6-Channel Audio, (1) 10/100
Ethernet Port, (1) DB 15-Pin VGA Port,
(6) USB 2.0 Ports, (1) RJ-11 Port,
(1) Headphone/Line-Out Port, (2)
Microphone/Line-ln Ports, (1) Serial
Port, (1) Parallel Port, (1) Keyboard,
(1) Mouse, (1) Set of Amplified
Stereo Speakers".
Could this be the long-awaited start¬
ing point for Linux in the mass market?
We thought it would be fun to catch up
with Dave Liu in the midst of the buzz
that followed the news. Here's the
dialogue that followed.
Doc: So, what possessed you to create
yet another Linux distribution?
DL: I'm actually fairly new to open
source. Most of my work and studies
at UCLA had been centered on Web
2.0. I saw a lot of great Web 2.0
applications that weren't taken seriously.
You had to be the type of person to
read TechCrunch, Mashable or other
Web 2.0 blogs just to know they existed.
Like open source, I felt we were devel¬
oping Web 2.0 just for each other and
not for the mainstream.
When I met the Enlightenment and
open-source folks, I realized how we
needed to work together. Together, I
envisioned taking Linux and Web 2.0
mainstream. With Google backing both
of these communities, I felt the best
thing to do was to create a Linux distri¬
bution that made it easy for people to
access Google and other Web 2.0 appli¬
cations. This was how our communities
could converge and help each other
affect the mainstream.
We hope we will bring existing
communities together, rather than sim¬
ply start a new one. In fact, shortly after
I met Enlightenment, we recruited some
of its core developers to form our entire
developer team.
Doc: Tell us more about Enlightenment.
What does it do?
DL: Enlightenment is an X Window
System window manager. Like Compiz
Fusion and other window managers,
it's a graphical layer that sits on top of
the Linux kernel. In the case of gOS,
Enlightenment sits on top of a modified
Ubuntu. Enlightenment was the ideal
choice for gOS for a lot of reasons.
Different from other window managers,
Enlightenment enables gOS to run even
better on the lowest-end hardware con¬
figurations. On the lowest-end hard¬
ware, the difference begins to show.
That's where we see our advantage in
today's market of expensive, high-end
operating systems...Vista, Leopard.
Enlightenment enables us to think about
simplicity and affordability in a PC.
“THERE REALLY IS A
GROWING SUBSET OF
PEOPLE IN THE OPEN
SOURCE COMMUNITY
WHO CARE ABOUT
CONSUMERS-PEOPLE
WHO WANT TO MAKE
THE LINUX EXPERIENCE
PALATABLE FOR
AVERAGE JOES.”
Doc: How about licensing? What
are the licenses involved for gOS,
for Enlightenment?
DL: gOS is free for personal use and
noncommercial distribution. Specifically,
we're under the Creative Commons
Attribution-Noncommercial-Share-Alike
3.0 Unported license. The majority
of software we've aggregated in gOS
is under the GPL license—such as
Enlightenment, Ubuntu, OpenOffice.org
and other open-source software.
Doc: Is Compiz in your plans for gOS?
If so, how?
DL: At the moment, we have no
plans to use Compiz Fusion. We'd
like to establish our difference with
Enlightenment. With the next revision,
we'd like to ask the community for even
more support in helping us develop EFL
(Enlightenment Foundation Libraries)
applications that run in the Enlightenment
environment. As of now, we're using
a hybrid of EFL and non-EFL apps
because our customers need a stable
and full set of applications. For exam¬
ple, since we're launching gOS note¬
books in Q1, we decided we had to
tentatively replace our EFL-based Wi-Fi
manager Exalt with Network Manager,
because we were still seeing some
problems with Exalt. In the future
revisions, we hope to shift to all
EFL-based apps so as to complement
and make full use of Enlightenment.
Doc: Tell us about Faqly, and how
you're going to interact with cus¬
tomers and users, as well as the dev
communities.
DL: Faqly is people-powered tech sup¬
port. It's a Web application that helps end
users and developers help one another.
It's been interesting to see our end users
and developers interact and exchange
tech support for user feedback.
Doc: We've read that you're offering
a full year of 24/7 support. Is that
true? What is the support policy
overall, and how does it differ from
competing offerings?
DL: It's true! Well, it's true for cus¬
tomers who purchase the Everex gPC.
Wal-Mart requires PC companies to
include toll-free tech support. Working
with Everex and Wal-Mart enabled us to
offer a full year of 24/7 toll-free sup¬
port. That Everex supports open source
with a toll-free support number is quite
different from most other OEMs and
their Linux products. Dell, for example,
provides no support on its Ubuntu
notebook. Initially, someone will pay
the bill for getting open source to the
mainstream users; we're glad that a
smaller PC company like Everex is
willing to lead the way.
Doc: Is this something for the low end,
for the geeks or for geeks' moms?
DL: It's all those things—an ideal alterna¬
tive, especially for a simple PC, something
that works out of the box with the
help of "the cloud" or Internet. We've
also had a lot of people tell us they're
excited about it, because they want to
buy it for their moms or their dads,
who don't need too much power and
just want something simple, affordable
and familiar.
60 | march 2008 www.linuxjournal.com
Doc: But, it's still a Linux box, so the
geek who's giving the gift can still ssh
into it and help out if need be, right?
DL: It's definitely hackable. It's also
good for someone who knows how to
do customizing in general, or to work
as-is. And yes, you can wipe it clean
and install Windows if you like, but why
would anyone want to do that? The
gPC, in terms of components, assembly
and the software combination alone is
quite a deal.
The more important thing is where
this is headed. I think we will soon see
more companies invest their future in
Web applications or "cloud comput¬
ing". What we're trying to do is jump
the curve and help make a way for
others to do the same.
Doc: Where do you fit in the midst of
these other distros?
DL: I'd see our role as something like
Kubuntu's has been. Derivative, but
taking some new directions to be more
consumer-friendly.
Doc: What direction, for example?
DL: There really is a growing subset of
people in the Open Source community
who care about consumers—people
who want to make the Linux experience
palatable for average Joes. That's a big
shift. And, that's whom we're appealing
to. We felt that Linux as a native OS
project is a great platform, but it still
hasn't gone that final step to really con¬
nect it to consumers and to differentiate
it from everyone else in the consumer
space. To do that, you really have to
bring a consumer aspect, and we saw
that in Web 2.0—in Google apps and
YouTube.
Doc: When you talk about Web 2.0
apps, you mean ones that work in a
browser as a kind of Web service?
DL: Pretty much. We're basically talking
about software that runs in a browser
and is based on Linux. It's a paradigm
shift away from the way you would typ¬
ically use software. Instead of compiling
and selling it, and having it run in the
system, you're running everything in the
browser. And, there's a lot of Web 2.0
software out there that hasn't gotten
into the eyes of the public.
Doc: Examples?
DL: Even with the Google Docs—
spreadsheet, calendar—we were sur¬
prised at how people either had never
heard of these things or had never tried
them. We were among the first to put
all the Google applications into one
coherent package. So people could real¬
ize, going from one icon to another, that
Google and Web 2.0 really are their
computer. Not only that, but by comput¬
ing in the cloud, users really are able to
take their computer with them without
taking their computer. As long as they
can log on at a cafe or a friend's house,
they have a computer of their own.
Doc: You don't generally think of
desktops as being things that live in a
browser. Are you abstracting the apps
Linux Laptops: The New LC2000 Series
*High Performance
• Amazing ROI
• Robust
•Fully Compatible
•Cost Effective
Open Source Training, Services and Products 1-077*800 - 087; www,linuxcertified,com
www.linuxjournal.com march 2008 | 61
FEATURE Behind the Low-End Linux Box that Sold Out at Wal-Mart
and their icons out of the browser and
putting them on the desktop?
DL: Yes. That's the idea. Users are
accustomed to seeing applications in a
dock or in a start menu. We want to
stick with the easiest and most-familiar
models for desktop computing, even if
the programs are executed elsewhere.
So yes, we're using a lot of Firefox
shortcuts. From a tech view, it's a lot of
browser shortcuts on a dock. All the
main ones are in a dock, and a few
more are in the start menu.
Doc: How about for documents you
want to keep on your own machine to
work on when you're off-line?
Calendars, for example.
DL: We're still waiting for Gmail and
Google Calendar to work off-line with
Google Gears. In the meantime, we
packaged off-line applications, such as
OpenOffice.org, Mozilla Firefox and
Thunderbird as well.
Doc: So you can do POP mail if you like.
DL: Exactly.
Doc: Or presentations that people
might create on-line and then save
to give off-line on their machine or
transport by thumbdrive to another
machine.
DL: Yes. Google has done a good job of
balancing its products with open source.
It just packaged OpenOffice.org into the
Google Pack. With Google Gears, I
think it's just a matter of time before we
see every major Web application be
capable of syncing and working off-line.
Doc: Are you in touch with the Google
people on this?
DL: Yes. To be clear, the gOS is not the
Google Operating System, although it is
my idea of what one should be like.
Even before we closed a hardware deal,
I had used an obscure form on Google's
Web site to apply for permission to use
trademarks. I said, "Hey, we're an open-
source OS project, and we want to make
it easier for people to use Google apps,
mind letting us use your icons and
trademarks"? Two or three weeks later,
we got a letter back, saying, "Yeah, go
ahead, as long as you have a disclaimer
saying this is not a Google product..."
So we did it. We just didn't know we
were going to get so much attention for
it. When we started working with
Everex, we found that it had its own
standard toolbar deal with Google. Then
Everex also showed Google a preview of
our screenshots. In that sense, there was
"approval" from Google, but no official
endorsement. We have friends at Google
and keep in touch with them on both
the gPC and the gOS.
Doc: The g in gOS stands for...?
DL: The g stands for good. Our mission
is to make a good OS. Good for every¬
one. For example, we knew Microsoft
to be a big, mean Goliath to work with
for OEMs. We wanted to make an OS
that could be a good friend to both
consumers and OEMs.
Doc: What is your dev community like?
Have you grown your own, in addition
to the Enlightenment folks?
DL: Our core dev team is about seven
people. We've added one or two in the
last month. Once we got in the news,
people starting hearing about us, and
we have developers coming in from
different communities. Some Ubuntu
developers are helping out too. So we
have a nice, little community going and
growing. It's still early and what we call
"controlled chaos". We're still trying to
create a good structure so people who
want to help can get started easily.
Doc: What's different about the
community you see growing here?
DL: I think the younger generation of
developers will include more Mac fans
or Mac types. They're a bit more aes¬
thetically inclined, more interested in
the end-user experience. I see a future
Open Source community that can take
Linux further mainstream. Look at
things like Compiz Fusion, Beryl—all
that stuff. I had a chance to talk to
Quinn Storm, the lead developer on
Compiz and Beryl. She wanted people
in the Linux community to make
something end users could enjoy.
After that conversation with her, I
realized this was a growing community
with a lot of promise.
Doc: Well, from an easy-to-use Ul per¬
spective, Apple has left the low end open.
Do you see Linux making a move there?
DL: Yes. There are quite a few Linux
themes that adopt some of the good
things Apple has done on the UL One
remark I'd like to make on the low
end—I think Linux also got a fighting
chance when Microsoft launched
Windows Vista. Vista pretty much oblit¬
erated the low-end hardware experience
for Windows. I've tried it, and it's a terrible
experience. So, there's an opportunity at
the low end in general, because Apple
continues to be a luxury product and
now, possibly to compete with Mac OS X,
Microsoft vacated the low-end space as
well. We're happy about that.
Doc: So what are your ambitions here?
How do you plan to grow?
DL: We plan to expand our list of hard¬
ware partners in the US and abroad.
One of our long-term ambitions is to be
a real friend to OEMs and the hardware
industry as a whole. We all know it's
been tough to work with Microsoft, and
we thought there was a business oppor¬
tunity to serve OEMs as a "Good OS"
company. We'll always continue to
improve gOS in terms of design and
performance, and we'll also continue to
package new Google and open-source
software that we think are relevant to
people buying a computer. We intend
to keep gOS extremely lightweight, so
as to keep the overall hardware costs
down. With all this coming together,
another one of our ambitions is to help
close the digital divide with affordable
computing. There are many people in
the world, some even in the US, who
don't have access to a computer and
Internet. We think gOS needs to work
with Google, Web 2.0, open source and
others to tackle this important problem.
Doc: How about laptops? Generic
desktops are all the same. But laptops
are all different, by design, through
OEM partnerships with Microsoft.
What are your plans there?
DL: One of the things that will make
our laptops viable is software that offers
seamless syncing on-line and off. You
are going to see gOS on laptops very
soon, if not by the time you read this.
Doc: Are you partnered with other
hardware companies?
DL: Right now, we're working with
Everex, a single hardware partner, but
the goal is to expand to working with
other companies as well. As a software
company, we really appreciate Everex
and expect we'll be working with it
exclusively in the short term since this
62 | march 2008 www.linuxjournal.com
launch. We are talking to a few hard¬
ware companies and are growing
our team so we can work with more
hardware partners.
Doc: I would think that Dell, Lenovo,
HP and others would be looking at a
Linux offering in the cost range that
you're working in, at some point. Does
that concern you?
DL: I think Dell was one of the big
brands to launch a product, which is
good, but among the smaller PC com¬
panies, Everex is still one of the top
companies. It sells at Best Buy, Circuit
City and Wal-Mart, yet it's small enough
to be motivated to experiment and take
chances with a company like ours. The
larger hardware companies, such as Dell
and HP, have a lot at stake with Vista,
and with the Microsoft relationship. It
seems to us that a company like Everex
is less locked-down that way. So, we
see companies like Everex taking the
first steps that need to be made to take
Linux mainstream.
Doc: You were just in China. What
were you working on there?
DL: I went to an O'Reilly Foo Camp—a
gathering of techies.
Doc: What was your takeaway from the
Foo Camp there?
DL: We talked about Web 2.0 and open
source in China. Things are exciting
Resources
gOS: thinkgos.com
g PC: www.everex.com/prod ucts/
gpc/gpc.htm
gPC WalMart.com Listing:
www. wa I ma rt.com/cata log/
product.do?product_id=7754614
David Liu's Blog: compiz.org
Compiz: compiz.org
Enlightenment:
www.en I ig hten ment.org
EFL: www.enlightenment.org/
p.php?p=about/efl&l=en
because we're seeing the same kind of
Web 2.0 and Linux projects successfully
launch in China. It's exciting because
China is in the very early stages. Only
a small minority of its population is
on-line, and that is already more than
110 million people. I think it's the
second-largest on-line population to the
US. There are huge opportunities there
with Linux and cloud computing.
Doc: People have been waiting for this
segment to open up for a long time,
and I'm not just talking about the low
end of the PC marketplace. I'm talking
about the browser as the environment
for all kinds of applications. Because,
this is exactly what Netscape talked
about doing way back in 1995. One
of the reasons Microsoft came after
Netscape was because Netscape had
the audacity to say the real desktop on
the Net will be the browser.
DL: The Netscape folks were super-
advanced thinkers. I think it's going to be
really exciting to see things unfold here.
A lot of people have been saying Web
2.0 is a bubble, but I don't think so.
Doc: I've said it's what we're going to
call the next crash.
DL: Yeah, I think it definitely would be
without cooperation from hardware.
But, what if hardware cooperates? It
always takes hardware some time to
catch up to software. Hardware compa¬
nies soon will need to give Web 2.0 a
serious look.
Doc: What's the next big thing?
DL: I think it's Linux finally rising up,
up into the cloud with Google and
Web 2.0. Then, a lot of these startups
that we laughed at will find them¬
selves front and center for what's
next in computing.
Addendum
As this goes to press, the gOS-powered
gPC sells at Newegg.com, Wal-Mart
stores and ZaReason.com, in addition
to WalMart.com.H
Doc Searls is Senior Editor of Linux Journal. He is also a
Visiting Scholar at the University of California at Santa Barbara
and a Fellow with the Berkman Center for Internet and Society
at Harvard University.
PEG'
the leading GUI for
Embedded Systems
PEG Pro - For Advanced GUI Applications
PEG+ - Full Featured Windowing in C++
C/PEG - Smallest Footprint in ANSI C
Royalty Free
Fast execution speed
Completely ROM-able
Delivered with Full Source Code
Development Tools including; FontCapture,
PEG WindowBuilder, and ImageConvert
Supported screen drivers available
Completely customizable
Industry leading RTOS Support
Supports all popular target processors,
video controllers and I/O devices
Multi-lingual support - 2-byte character sets
& UNICODE string encoding
Event-driven programming model
Application Design Services
Knowledgeable and timely support to users
around the globe
Now includes a fully licensed version of
Paint Shop Pro
(sf)
SWELL
softwa re
a
Praivuro LnvuE
1 91
--vW-- mi
WWW.SWELLSOFTWARE.COM
DDED SYSTEMS
810 - 385-2893
www.linuxjournal.com march 2008 | 63
KDE 4, first announced two years ago, is
the next step for the popular UNIX desktop
environment. With the shift to a new major
version of the toolkit used to build KDE,
developers are able to break free of
requirements for compatibility and make
radical changes to the codebase.
KDE 4 PREVIEW
Introducing KDE 4—the desktop
revolution is coming, jeshall
64 | march 2008 www.linuxjournal.com
Qt 4
Qt 4 is a library for building user interfaces in C++. It provides most of the
graphical elements of KDE applications.
Qt 4 heralds vastly better memory efficiency and a new painting system that is
able to leverage new advances in X.org for previously unseen levels of eye
candy. It also provides, for the first time, a GPL’d version of the library on
Apple’s OS X and Microsoft’s Windows, making porting KDE applications to
other platforms a possibility.
Plasma
The default desktop infrastructure, well
remembered as operating on similar
lines since KDE 2, is being completely
redesigned. The new desktop shell,
Plasma, promises to re-invent the
desktop paradigm. Headed by Aaron
Siego, Plasma's team of developers has
been working on a complete replace¬
ment for the previous infrastructure of
the KDE panel and desktop, and the
results are breathtaking.
Plasma incorporates most of what is
seen on screen at first login. It is a flexi¬
ble, fully scalable and rotatable desktop
shell with the ability to embed mini¬
applications and media as applets or
widgets known as plasmoids. The
concept of applets is not a new one
to desktop design, but Plasma brings
a few innovations to the table.
Plasma divorces the data engine
from the presentation, allowing devel¬
opers to write a data engine once and
then present this in an arbitrary number
of ways in an applet. For example, once
an engine to extract system perfor¬
mance state has been written, multiple
plasmoids can present this information
in different ways. A desktop plasmoid
might have a large, detail-rich display,
but the same data displayed on the
panel might recognise its spatial
constraints and display a simpler view.
Native Plasma applets can be imple¬
mented as containments, which are
simply applets that can contain another
applet. The panel is a containment, as
is the desktop itself, and an applet con¬
tained within the panel can be dragged
to the desktop or another panel, and
vice versa, reforming and reflowing
itself to fit its physical constraints.
This flexibility opens up, among
other possibilities, the ability for scalable
displays to enable a content-rich desktop
on a PC or a display that's more suited
to low-screen resolutions on an
embedded device. KDE 4.1 plans to
support OS X dashboard widgets,
hinging on new features in a release
of WebKit scheduled for early 2008.
Oxygen
Oxygen is the name chosen for the cohe¬
sive look and feel for the new KDE
desktop. As well as creating beauty, the
Oxygen team of artists is working with
Figure 1. Plasma, Showing Some of the Included Plasmoids
www.linuxjournal.com march 2008 | 65
FEATURE KDE 4 Preview
user interface guidelines to ensure that
identification of elements is a priority.
The result is a clean break from the previ¬
ous KDE style, obviously inspired in part
by already-existing artwork, but bringing
it together with something fresh that is
distinctly Oxygen's own. Oxygen also
incorporates the system sound package,
combining with the rest of the artwork
to create something that is uniquely KDE.
With a team of three core icon
designers, Oxygen relies on a set of
strict style guidelines and an official
colour palette to ensure a consistent
result. The colours chosen are rich with¬
out being overpowering, and the icon
design is modern and appealing.
An advantage of the new Oxygen
icon theme is that it will be the first
truly open KDE icon theme. The previ¬
ous default for the long-running KDE 3
series, Crystal, never had its sources
made available. The Oxygen team has
been working exclusively in SVG,
ensuring the set remains open.
The Oxygen style and window deco¬
ration is a large-scale departure from the
Plastik style that became default in the
late 3.x series. The muted pale gray and
blue colours have made way for a brilliant
off-white for both window decoration
and controls. Green, orange and blue
highlights are used sparingly with pleas¬
ing effect. The result looks extremely
clean and modern, although such a large
departure no doubt will draw some
criticism. A wide range of colour schemes
are available to suit almost every taste.
One minor concern about the new
style is how much screen real estate it
seems to use. We looked at KDE 4 on a
Lenovo ThinkPad at 1400x1050 pixels,
which seemed adequate for the task
but by no means overgenerous. People
still using 1024x768 or lower resolutions
may struggle with the defaults.
A new wallpaper set has been collated,
with the Oxygen artists acting as judges
to select community submissions. The
team chose 15 wallpapers, and the results
are breathtaking. This kind of community
involvement is unquestionably one
of the strengths of the open-source
development model.
Unfortunately, we were unable to
preview the Oxygen sound theme prop¬
erly—at the time of this writing, KDE 4
had not yet been released, and some¬
thing about our sound card was causing
the KDE sound system, Phonon, to crash.
§&E f
audio-card, png audio-heads... audio-in put-... audio-in put-...
battery, png camera-phot... camera-web... computer-la...
computer, png cpu.png drive-harddi... drive-optical...
drive-remot... drive-remov... drive-remov... drive-remov...
Figure 2. The Oxygen Icon Set
Figure 3. Oxygen uses bold highlights with low-contrast widgets to achieve a clean and modern look.
Figure 4. A Small Selection of the KDE 4 Default Wallpapers
66 | march 2008 www.linuxjournal.com
Solid
Another core KDE 4 technology is the
introduction of Solid. Solid is a library for
hardware discovery, network and power
management. It's an attempt to deal
better with the ever-changing devices
and connections of portable systems in
our increasingly wireless world. Solid will
integrate with popular frameworks, such
as freedesktop.org's HAL and Novell's
Network Manager, to leverage their
features on supported platforms.
Solid implements graceful handling
of off-line/on-line state for applications
that use it. A Solid-aware e-mail client
would, for example, know that you
were off-line and not attempt to
connect to your mail server if you opened
it to check an older e-mail message or
look up a contact while off-line.
Solid also includes a command-line
utility called solidshell to manipulate its
API for scripting purposes.
Phonon
Phonon is a sound framework that was
Figure 5. Phonon Settings Dialog
created to supply a stable and consis¬
tent API for KDE applications. It's capa¬
ble of using a variety of engines as its
back end and can switch between those
engines on the fly. Phonon integrates
closely with Solid to maintain awareness
of sound-capable hardware attached to
the system. It's capable of per-application
volume settings, grouped by category,
and also is able to route different cate¬
gories through different devices—for
example, selecting to deliver a VoIP
PRESENTING:
ASTERISK &
OPEN TELEPHONY
CONFERENCE
SPRING
CONFERENCE
2008
MEDIA
PARTNER:
IDG CANADA
IN
COOPERATION
WITH:
CIO Executive Counci l
m“ computerworld*
SPONSORS:
World
■Direction
INFORMttlQUi
CDN>
BRONZE
SPONSORS:
D-Liiik Canon shaw
')
FOR BUSINESS
ASTERISK & @ PLATINUM
open telephony digiurri | Asterisk ASSOCIATION
SPONSOR: SPONSOR:
CAFM/liance
CONFERENCE
SPONSORS:
1 # IDC IT GREEN
| Analyze the Future SPONSOR:
itlMMim CERTIFICATION
SPONSOR:
©
► Unified Communications
► Open Source
► Database Management
► Security
► Information Architecture
► Smalltalk
• m
► Virtualization
► SaaS
► Web 2.0
www.1t360.ca
► Microsoft Technology
► SOA
► IT Green djjP'
► Service Management
► Storage
C/ 9
FEATURE KDE 4 Preview
conversation only through the headset
and leaving the other system sounds to
play through the sound card.
Phonon is written to be cross-platform,
needing only a platform-specific engine as
a back end to it. Along with the Xine
back end that the KDE Project developed,
the maker of Qt (Trolltech) has released
Phonon back ends for GStreamer
(Linux), DirectShow (Windows) and
Core Audio/QuickTime (OS X) to be
developed in KDE's source repository.
Trolltech has stated its intention to include
Phonon itself in Qt from version 4.4.
This is excellent news for the future
of Phonon, signaling significant amounts
of funded development time, as Trolltech
will be maintaining the engines and
contributing to Phonon.
KDE has long had a policy of leaving
hardware support to the distribution.
Although KDE 3.x has very basic sup¬
port for removable storage devices with
support for freedesktop.org's hardware
abstraction layer, HAL, in the 3.5 series,
many KDE installations have less than
stellar hardware management due to
the limitations of the distribution imple¬
mentation. Whether it's correct or not,
to many users, the desktop is the com¬
puter and their expectation is that it
should handle their hardware well.
Solid and Phonon look to overcome
these issues, leveraging what user-space
support they find into as consistent an
experience as possible for KDE users,
regardless of platform. Although the pro¬
ject has come under some criticism for cre¬
ating Yet Another Abstraction Layer, Solid
and Phonon make porting KDE to other
platforms just a little bit easier. They also
remove a lot of the complexity in dealing
with hardware from most basic individual
applications and keep it in a single place.
Phonon isn't considered to be a one-size-
fits-all solution, however; it's recognised
that some applications may require more
than Phonon's simplistic view of the world,
like professional music editing applications.
Dolphin
Another major change for KDE 4 is the
inclusion of Dolphin as the default file
manager. Konqueror's file management
abilities still will be available for the nos¬
talgic or power user. Some of Dolphin's
features include a "breadcrumb" style
location bar and side panes for informa¬
tion and tree or bookmark views.
Dolphin as a project focuses on
usability and simplicity. One of the larger
benefits of including Dolphin is a long-
sought-after separation of configuration
between the Web browser and the file
manager. A standing complaint among
KDE users is the way that Konqueror's
profiles mechanism doesn't achieve
adequate separation between roles.
Rearranging the toolbars in one profile
would affect another, and bookmarks
were the same between the browser
and the file manager. Possibly even
more confusing, clicking the Home
button on the browser toolbar took
one to the file management view of
the user's home directory.
Although Konqueror is an exception¬
ally powerful and flexible tool, these
configuration quirks were extremely
frustrating to users who expected their
file manager and Web browser to
behave as separate applications. Not all
flexibility is lost in the name of usability,
however; Dolphin fully supports KDE's
Kioslaves and Konqueror service menus.
There are myriad other changes to
look forward to in the 4.x development
cycle, but it would require far more
space than is available here to detail
them all. At the time of researching this
article, KDE 4 was in a release-candidate
state, with features still in a state of flux.
KDE 4 has been promising a desktop
revolution, and it really looks as though
it just might deliver. The first generation
of new KDE technologies is shaping up
to transform our expectations of what
the Linux desktop should bring. When
one considers that this is the state of the
4.0 release, and then looks at the length
of the 3.x development cycle, the path
that the evolution of the 4.x series will
take stimulates the imagination. ■
Jes Hall is a Linux Technical Specialist and KDE developer
from New Zealand. She’s passionate about helping open-
source software bring life-changing information and tools to
those who would otherwise not have them.
Use Screen to Avoid Losing Remote Work
TECH TIP
If you do much work on remote servers and have ever lost
your connection at an inconvenient moment, using screen can
help avoid losing work. Screen is, according to the man page,
"a full-screen window manager that multiplexes a physical
terminal between several processes (typically interactive shells)".
Window manager may be a bit misleading, as it's not a
window manager in the GUI sense, but rather it manages
a number of full-screen console/shell sessions within a
single console/shell.
Screen is simple to use; after you connect to the remote
server, type:
$ screen -D -RR
This creates a new screen session if there isn't one or
attaches to a previously created one if one exists. Now if your
connection drops, you simply reconnect and enter the above
command to reconnect and return to the exact point you were
at when your connection was lost.
Screen has many keyboard commands for starting and
controlling additional sessions; see the man page for more info.
Screen also is useful when you want to execute a long-
running process and don't want to stay connected while it
runs. Simply start the command, and then switch to a different
session and type to disconnect your SSH connection. When
you return later, you can reconnect to the screen session and
see the output.
You even may want to put the screen command in your
.profile file so that it is started automatically when you log in.
I like to have the option of not starting screen, so I have
my .profile ask whether I want to start it:
read -p "Start screen? " ans
ans=$(echo $ans | tr A-Z a-z)
if [[ "$ans" = y || "Sans" = yes ]]; then
screen -D -RR
fi
— MITCH FRAZIER
68 | march 2008 www.linuxjournal.com
"AffoFdableVnfiniBandiSolutiol is
4 Great Reasons to Call Microway NOW!
ServaStor ™
Extensible IB based storage
building blocks
Redundant and scalable
Parallel file systems
Open source software
On-line capacity expansion
RAID 0,1,1E, 3, 5, 6, 10, 50
TriCom ™
DDR/SDR InfiniBand HCA
"Switchless" serial console
NodeWatch web enabled
remote monitor and control
Mellanox™ InfiniHost III
InfiniBand HCA
^TM
DDR InfiniBand switches
Low latency, modular design
24, 36 and 48 port building blocks
8051 BMC interface and
serial console switch
InfiniBand
connector
InfiniScope
TM
COM2
Internal connector
Headers to fan tach lines,
voltages, temperature probes
PS On/Off and MB reset
Monitors ports on HCA’s and switches
rovides real time BW diagnostics
Finds switch and cable faults
Lane 15 interface
Logs all IB errors
n * iW.» f ,
,, I. h I ji, i jj l j| l~*
1 .■ *■
, ■ * # » si^rii
Upgrade your current cluster, or let us design your
next one using Microway InfiniBand Solutions -
To speak to an HPC expert
call 508 746-7341 and ask
for technical sales or email
sales@microway.com
www.microway. com
: 5Microway
Technology you can count on m
TAKE THE KILLER WHALE FOR A RIDE
70 | march 2008 www.linuxjournal.com
Orca is a free, open-source, extensible screen reader that
provides access to the graphical desktop via user-customizable
combinations of speech, Braille and/or magnification. In this
article, I briefly discuss how to set up and use Orca on the
GNOME desktop. This article's intended audience includes not
only users with visual impairments, but also developers inter¬
ested in improving the accessibility of their applications.
Figure 1. Orca Swimming in the AT-SPI Sea
Orca works with applications and toolkits that support the
assistive technology service provider interface (AT-SPI), which is
the primary assistive technology infrastructure for Linux and
the Solaris operating environment. Applications and toolkits
supporting the AT-SPI include the GNOME GTK+ toolkit, the
Java platform's Swing toolkit, OpenOffice.org and Mozilla
(KDE/Qt support for AT-SPI remains under investigation). As a
result, Orca can provide access to applications, such as Firefox
3, Thunderbird 3, OpenOffice.org, most GNOME applications
and a wide variety of multimedia applications.
Via the AT-SPI, Orca connects to applications and commu¬
nicates with their graphical components, such as push but¬
tons, text areas, menus and so forth. As you interact with an
application, the AT-SPI notifies Orca. In response, Orca presents
appropriate information to the user via speech synthesis (the
machine talks to you), refreshable Braille (an external hardware
device) and/or magnification (an enlarged view of the graphi¬
cal display). Orca also provides mechanisms for you to explore
the entire contents of windows presented by the application.
Orca is known as a scriptable screen reader, meaning it can
provide customized behavior based on the application with
which it is working. With Orca, custom scripts written in the
Python programming language can be used to provide more
compelling access to the unique interaction models of
applications. For example, Orca provides a script for the
Pidgin instant-messaging application to give you additional
features, such as quickly reviewing the last few messages
that have arrived.
Note to application developers: Orca provides a default
script that gives access to the majority of applications. As a
result, a custom script is not required for each application.
The Orca team encourages you to test your applications
using Orca, however, and to create a custom Orca script if
it is needed. The Orca team is happy to help you!
Prerequisites
In order to use Orca, you need a desktop environment that
supports the AT-SPI, such as GNOME. Fortunately, GNOME is
widely available on many operating system distributions,
including Ubuntu, Fedora, Debian, OpenSUSE, Solaris Express
and so on. Although Orca works on GNOME 2.18 and better,
GNOME 2.20 or better are the versions in which Orca works
best. Because Orca also is under constant development, the
brave are encouraged to use the latest sources. See the
"Downloading and Installing Orca" page of the Orca Wiki for
more information on working with Orca sources.
To use speech, Orca currently uses gnome-speech to
communicate with speech synthesis engines on the machine.
On Linux systems, there are a variety of free, open-source
engines available, including eSpeak and Festival. Most oper¬
ating system distributions typically provide gnome-speech
and at least one speech synthesis engine. To determine
whether Orca can use speech on your machine, run the
test-speech application provided by gnome-speech. If you
can get your machine to speak using test-speech, it should
work with Orca. See the "Speech" page on the Orca Wiki
for more information on setting up speech on your system.
A typical Braille user will have purchased an external hard¬
ware device called a refreshable Braille display. These devices
provide a number of Braille cells—typically 40 or so—where
each cell comprises eight dots that a software application
can pop up or down to create a Braille character. Orca uses a
separate software application, called BrITTY, to communicate
with refreshable Braille displays. Like gnome-speech, many
operating system distributions install BrITTY by default. The
configuration of BrITTY is outside the scope of this article,
but more information can be found at the BrITTY site and on
the "Braille" page of the Orca Wiki.
Figure 2. Refreshable Braille Display
www.linuxjournal.com march 2008 | 71
FEATURE Orca
f o o
c a
11
p /
Figure 3. Orca’s Braille Monitor
Figure 4. Magnifier in Action
For application developers without a refreshable Braille
display, Orca provides a graphical Braille monitor to present
what would be sent to the Braille display. The Braille monitor
is independent of BrITTY and also is useful for demonstrating
Orca to other people.
Orca currently uses gnome-mag for magnification. As with
gnome-speech and BrITTY, the operating system distribution
includes gnome-mag by default. You can tell whether your
machine has gnome-mag installed if the gnome-mag magni¬
fier application is on your machine.
Setting Up Orca
When you log in to your GNOME desktop for the first time,
the AT-SPI infrastructure typically is not enabled. As a result,
Orca isn't able to provide access to your desktop. You can
enable accessibility in a number of ways, one being the
Assistive Technology Preferences dialog available from the
GNOME Preferences menu. Assuming you can't see the
display, however, this dialog is useless to you if accessibility
has not yet been enabled.
To get started quickly with Orca, you can use the talking
text-based setup utility: orca --text-setup. BrITTY users
typically will run this from a virtual console. Below is an
example of using orca --text-setup to set up Orca for
use with speech and the Braille monitor:
bash-3.2$ orca --text-setup
Welcome to Orca setup.
Select desired voice:
1. kevin (en_US)
2. kevinl6 (en_US)
Enter choice: 2
Enable echo by word? Enter y or n: n
Enable key echo? Enter y or n: n
Select desired keyboard layout.
1. Desktop
2. Laptop
Enter choice: 1
Enable Braille? Enter y or n: n
Enable Braille Monitor? Enter y or n: y
Setup complete. Press Return to continue.
If you have never done anything with accessibility on
your desktop before, you typically will need to log out of
your desktop session after running orca --text-setup.
The desktop needs to be restarted with accessibility enabled.
Once you have run orca --text-setup, accessibility is
enabled for future logins to your desktop.
After you have logged out and logged back in, you can
perform finer-grained customization of Orca's features using
the Orca configuration GUI. The Orca configuration GUI is
available any time Orca is running by pressing Insert-spacebar
(desktop keyboard layout) or Caps Lock-spacebar (laptop
keyboard layout) at the same time. You also can start Orca
with the Preferences dialog by running orca --setup. More
information on the Orca's configurable options can be found
on the "Configuring and Using Orca" page of the Orca Wiki.
If you want Orca to start automatically when you log in,
use the Assistive Technology Preferences dialog available
from the GNOME Preferences menu. Press the Preferred
Applications button in this dialog and navigate to the
Accessibility tab. On the Accessibility tab, you can select
Orca and also check the Run at start check box. Many
users, however, merely run the orca command by using the
Run Application dialog available via the Alt-F2 key binding
on many distributions.
Using Orca
The Orca team refers to Orca's default operating mode as
focus tracking mode. In focus tracking mode, you interact with
any application (as any user would) using the built-in keyboard
navigation mechanisms of GNOME. As you tab around the
interface or interact with objects, such as pressing the space¬
bar to toggle check boxes or typing text into text areas, Orca
presents the information to you via the combinations of
speech, Braille and/or magnification that you have specified.
That is, you merely interact with applications without needing
to know any extra Orca keyboard commands.
Note to application developers: a quick sanity check for
testing your application is to run Orca with speech and the
braille monitor enabled. Then, interact with your application
using the keyboard alone. If speech and the Braille monitor
seem to be updating with appropriate output as you interact
with your application, you are doing a great job so far. If
speech and/or the Braille monitor are doing unexpected
things, such as talking too much or not presenting anything
at all, you have some work to do. Fear not, the Orca team is
willing to help you!
When you use an application for the first time, or if you
just want to get a better idea of what is on the screen, you
often may want to explore a window without changing
anything inside it. This includes not even tabbing around the
interface. As such, focus tracking mode may not always be
useful, and you will need to use other features of Orca, such
as flat review and where am I, that are controlled by key
72 | march 2008 www.linuxjournal.com
bindings specific to Orca. When you press these key bindings,
nothing happens in the application. Instead, Orca just presents
the information you have requested.
For example, you might want to read the contents of a
window line by line, word by word, character by character and
so on. The flat review feature takes over the desktop keypad
keys to perform these functions. For example, keypad 7 reads
the previous line and keypad 9 reads the next line. The remain¬
ing numerical keys on the keypad perform similar functions for
reviewing by word and character.
You also may want to know more detail about the object
that currently has focus, the title of the current window, the
contents of the status bar (if it exists) and so on. The where
am I feature provides key bindings to obtain this information.
For example, use the keypad Enter key to obtain information
about the current object. When you press Insert at the same
time as the Enter key, Orca presents information about the
window title and status bar, if one exists.
Note on Orca key bindings: although the keypad keys are
an exception, most of Orca's key bindings require you to press
the Orca key at the same time as another key. This is much like
how the Ctrl, Alt and Shift modifiers are used. The Orca key is
a made-up modifier that can be bound to any key on the key¬
board. By default, the Insert key is used as the Orca key for the
desktop layout, and the Caps Lock key is used as the Orca key
for the laptop layout. When Orca is used, the Orca key is
owned by Orca and no longer behaves as a normal key.
The flat review and where am I features are only a few
of the operations you can access via Orca's key bindings.
For a complete list of Orca's key bindings, browse the Key
Bindings tab of the Orca configuration GUI. In this page
tab, you also can redefine the Orca key bindings to suit
your specific needs.
Example: Accessing gedit’s Open Files Dialog
Let's take Orca for a test ride and try a dialog containing
components you might encounter in a traditional window:
gedit's Open Files dialog. First, run the gedit application,
which typically is found as the Text Editor menu item under
Want your business to be more productive?
Tlio ASA Sorvors paworod by I ho Intel XooiT Processor provide iho
quality and dependability lo koop up with your growing business
Hardware Systems for the Open Source
Community-Since 1989
{I mux. OpmBSD* Solaris, Hit:
1 U Wood crest/Ci overt own Storage Server Starts at - $1,741
vv - f
ITB 3lcrflt|q inilaUml. Max,- 3TB
ItJ Dual Era ■ it MIHO tIKL J 1). Mni - ? Gf
1 QB 667MQZ FBDIMM: Installed.
- Bupp&ft* IflQO FBDIMM.
- 4X25GDB SATA-II Drives installed,
4 part H AT A 13 hAIII |:»nt r * tl n r „
aXIO/lOQ/IO&O LAN onboard
2U Woodcrest/CJovertown Storage Server Starts at - $3,771
- 4TB Otorafl* inst ailed. Max - 1 2TD .
3U Dual »r« 5060 CPU.
- 1QD 007MQZ TDDIMM: Installed
- G up-ports 1 SO D rO DIMM.
- 1 6 poit jflTA-l I RAID controller.
- 1 CX230Q B hluwaii 3ATA-I I D r iva s iris
- 2XID/1DD/I ODD LA 14 A nboard.
- *NJCtw HniJ PH
3U WcOderest/Clovertown Storage Server Starts at - $3,??!
■ 4TD Storage irtstalled Max - 12TB
- 3U Dual uuia SOSO CPU.
- I Ci □ &67MG Z rODI MMs I ns I -ailed .
- 1 If-M H I-HIIIMM
l«X7a[KiH hlswnn SAIA II innlnllnd
ICi | ■ in I WA1A [| K Al [} ■ : a rl| r c Klin r
3X1 0/10 0^1 OOO LAN onboard.
HdUw Hftri HK
SU Woodcrest/Crovertown Storage Server Starts af- $4 r 6fl
6TB GI or ageinrl ailed. Max — I STB.
5U Dual core SOSO CPU,
4GB 807MGZ FSD I MMs Installed
$MEin nrla 1 H Ci K I-H13 IIVHV1
/flXViiimH I .1 r: win (-■ HA I A II l3.. V rr = ■■
/4 purl SAIA-II K AI [ J ttAHO/HHU
2X10/1 00/1000 LAN onboard.
OJOwRtd PS.
HI!
&U W oodcresVCIovertown Storage server Starts at ■ $ 11,191
- IOTB :■ I ur l) uu irrclallad. Max — 30TTB
- BU Dual core SOSO CPU.
yxjvtlfto inttmifld
K1H FSOIMMt
- 3?(1H hMDIMM
- 1DX25DOB litcwap 3AtA-ll Diivos inslallaU.
- 2X1 2 Port &ATA-II Multilane RAI D coni roller.
- 1X1 S Pori SATA-11 Mult ilnne RAI D controller
. 2K1 0/1 00/1000 LAN onboard.
- IHbO W Hod Hs.
All systems Installed and tested with user's choice ef llnux
distribution flree). ASA Collocation—$75 per meniii
2354 CiiHe Del IVtundo,
Santa Clara, CA 95054 —
www-asacomputers-com
Ema il . sd l es@d!>diompuiml flm
P; 1-800-REAL-PCS | FAX: 408-654-2910
Intel®, Mri® Xeon 1M . Intel Inside® 1 , IntaKE 1 ttomum®
and Cha Intel Insido® logo ora (NKteciuirks or regifllerad
IracSemadiB o! Intel Corporalier* or Kb subsidiaries in
(he United Staten and olher countries.
Prkei and availability subject lo change without notice,
Nat responsible fur typographical errors.
Figure 5. gedit’s Open Files Dialog
FEATURE Orca
Note to application developers:
one of the main trouble areas
for accessibility is forgetting
to bind labels to the things they
are labeling.
the Accessories menu. Then, press Ctrl-0 to open the Open
Files dialog.
When the Open Files dialog first appears, focus is on the
text area labeled Location:. Orca automatically should present
this information to you. With speech, you will hear "Location:
text", which is Orca telling you the name, contents and role of
the text area. As you type in this area, speech and Braille auto¬
matically should update.
Note to application developers: one of the main trouble
areas for accessibility is forgetting to bind labels to the things
they are labeling. The reason Orca knew to present the
Location: label for the text area is that the gedit developers
took care to set the L of Location as a mnemonic to get to
the text area via Alt-L. Using mnemonics is not just useful for
keyboard-only users, it also lets the accessibility infrastructure
know there is a binding between the label and the text area.
In the event a mnemonic is not something you can use, you
can set the Label For and Labeled By properties on associated
components using the accessibility properties tab in Glade.
As you arrow down through the file list, Orca presents
each line to you. To get out of the file list, press Tab to navi¬
gate to the other objects on the page. As you do so, Orca
Resources
Orca Wiki: live.gnome.org/Orca
Downloading and Installing Orca:
live.gnome.org/Orca/Downloadlnstall
eSpeak Speech Synthesizer: espeak.sourceforge.net
Festival Speech Synthesis System: www.cstr.ed.ac.uk/
projects/festival
BrITTY: mielke.cc/brltty
Configuring and Using Orca: live.gnome.org/Orca/
ConfigurationGui
GNOME Keyboard Navigation: www.gnome.org/learn/
access-guide/latest/keynav-l.html
GLADE: glade.gnome.org
Orca and Firefox 3: live.gnome.org/Orca/Firefox
Orca Users' List: mail.gnome.org/mailman/listinfo/orca-list
presents information about where you are. Notice how the
Character Coding label is presented when you tab to that
combo box. Mnemonics and quality keyboard traversal are
good friends to a screen reader.
Example: Accessing LinuxJournal.com Using
Firefox 3
Now, let's try accessing the relatively rich Web page at
linuxjournal.com. This will not only provide you with an
example of accessing rich content with Orca, but it also will
give you an idea of the power of scripting with Orca. The
Orca team has worked closely with the Mozilla team to
provide much better accessibility for Firefox 3. Orca's script
for Firefox 3 also provides a number of custom mechanisms
for accessing Web content. In this example, we'll demonstrate
how a typical user might browse Web content.
Note: you must use the latest Firefox 3 nightly builds. See
the "Firefox" page of the Orca Wiki for more information on
obtaining the latest Firefox 3 nightly builds.
When you run Firefox 3, go to linuxjournal.com by
pressing Ctrl-L and then typing the URL. Once Firefox loads
the page, Orca should start reading it automatically. You
can stop the automatic reading at any time by pressing any
key on the keyboard.
At this point, you can tab around to focusable items on the
page, such as links. There is much more important information
on the page than links, however, and Orca's script for Firefox
provides convenience mechanisms to get to the information.
Pressing the arrow keys gives you traditional caret navi¬
gation, but the Orca script for Firefox also provides more
sophisticated structural navigation. Press 0 and Shift-0 to
jump to the next and previous "large objects" on the
page. On linuxjournal.com, these happen to be the arti¬
cle summaries. You also can press H and Shift-H to move
by header and L and Shift-L to move by list. The "Firefox"
page of the Orca Wiki has more complete documentation
on accessing Web content via Firefox and Orca.
Conclusion
This introduction should give you enough information to begin
experimenting with the Orca screen reader, both as an end
user or as a developer wishing to make your application more
accessible. The Orca help facility, available via the Help button
on the Orca main window, and the Orca Wiki provide much
more information than can be covered here.
We also encourage users and application developers to
join the Orca users' list. It is a list with a culture geared toward
constructive and helpful comments. Much of the Orca user
community hangs out and participates on this list.a
Willie Walker is the lead of the Orca screen-reader Project and has been working in the X
Window System accessibility space for nearly two decades. He is grateful to his employer. Sun
Microsystems. Inc., for taking a leadership role in accessibility, and he also is grateful to the
Mozilla Foundation for its continued support. Oh yeah, he loves his team and the Orca community
too. Orca wouldn’t be what it is today without all the people and organizations involved.
LJ pays $100 for tech tips we publish. Send your tip and contact
information to techtips@linuxjournal.com.
74 | march 2008 www.linuxjournal.com
Harness the
Power of MySQL
The 2008 MySQL Conference & Expo brings over 1,600 open source and database enthusiasts,
developers, gurus, experts and users together to harness the power of MySQL and celebrate the huge
MySQL ecosystem:
■ Big ideas, know-how, and connections packed into four concentrated days and nights
■ More than 100 sessions encompassing a wide range of skill levels
■ In-depth tutorials to help develop technical skills and learn new tricks
■ Inspirational keynotes explore open source in the enterprise and beyond
■ An Expo Hall featuring dozens of the latest tools and products from cutting edge vendors
■ Opportunity to become MySQL Certified
■ A DotOrg pavilion showcasing community projects at the forefront of MySQL innovation
Join us at the 2008 MySQL Conference & Expo —you'll benefit not just from gathering with your peers
and experts from a wide variety of companies and countries, but also by learning from some of the
leading visionaries in the open source world.
MySQL®
Conference & Expo
Register and save 10% when you use discount code: mys08ljr
©2007 O'Reilly Media, Inc. O'Reilly logo is a registered trademark of O'Reilly Media, Inc. All other trademarks are the property of their respective owners. 70660
MAKE YOUR APPLICATION
ACCESSIBLE WITH
Accerciser
Take your application out for spin with Accerciser, and see whether it’s accessible.
EITAN ISAACSON
You might think you need to be
familiar with assistive technologies like
the Orca screen reader to determine
whether your application is accessible.
The truth is that with just a couple
simple rules and an open-source tool
called Accerciser, the task at hand is
fairly simple.
Before you start diagnosing your
application with specialized tools like
Accerciser, you should ask yourself a
few straightforward questions about
your application.
1) Does my application's function¬
ality depend on colors, icons or audi¬
ble feedback?
Sometimes an application uses a cer¬
tain color, graphical icon or sound as an
indicator of its status or as a notification
for users. A simple example is a battery-
status panel applet; the applet warns
users that their laptop battery is low by
changing the battery icon from green to
red. Of course, if users are blind, neither
the green nor the red icon will be help¬
ful if a textual description is not provided.
Color-blind users also will be unable
to decrypt such a status indicator. As
another example, a calendar application
may have an audible alert with no visual
indication when an appointment time is
approaching. This, of course, would be
a useless feature to people who are
hard of hearing, or even to those who
simply have their audio muted.
Such applications should offer alter¬
native means of access to their features.
Maybe a tooltip or label for the CPU
monitor? Maybe an optional alert
pop-up for the calendar program?
These kinds of changes might not
always be the perfect and most elegant
solution, but remember, the line sepa¬
rating accessibility from usability is blurry
and often nonexistent. The colored dot
76 | march 2008 www.linuxjournal.com
on the CPU monitor might look nice by
itself, but give users options as to how
they can use your application.
2) Can users adjust the font size and
interface color scheme in my application?
If your application utilizes a stan¬
dard widget library like GTK+, the
answer to the question above is yes.
GTK+ is fully themeable. In fact, most
Linux distributions provide a set of
large-print and high-contrast themes
to enable greater accessibility.
The question above should be
examined seriously by ambitious devel¬
opers who create a custom widget
that is not provided by the toolkit. A
good way to test a new widget is by
applying an inverted high-contrast
widget theme. Does the interface
show up well? Is it conforming to the
user-set widget theme?
Just like themes, most modern
desktop environments provide a
central place where the default font
style and size can be defined. If your
application is rendering text through
the standard code path, chances are
high that the font style and size the
user defined globally will be applied
to your application. But, what if your
application explicitly defines font style
and size? Or, maybe your application
does specialized text rendering? In
these cases, it is important to give
the option for tweaking the font in
your application.
3) Can my application be used with¬
out a pointer device?
Many conditions inhibit the use of
pointer devices, for example, muscle
weakness, hand tremors, involuntary
movement or difficulty in seeing the
mouse pointer on the screen due to
visual impairment. For these reasons,
it is important to enable nonpointer
interaction with your application's
features. This, of course, is easy to
test. Disconnect your mouse and hide
it where you won't find it. Use your
application to ensure that you could
reach and use all of your program's
functionality. This also is a good time
to think about useful keyboard short¬
cuts and mnemonics. Users will thank
you when you make certain functions
easy to reach without strenuous inter¬
face navigation.
4) Does the focus order in my
application make sense?
Because you can't assume that users
Figure 1. Desktop Accessibility Components
will be using a mouse, tabbing focus
order should be considered. Remember
the last time you bought something on¬
line? Most users fill out the order form
by tabbing to the fields and typing: first
name, tab, last name, tab, street
address, tab and so forth. Wouldn't it
be aggravating if, after you tabbed out
of the name field, the Submit button
got focus? Although sighted users
might find this to be an inconvenience,
screen-reader users will get a larger
dose of confusion, because the work
flow, when using a screen reader, is
dictated by the focus order.
The visual appearance of your
application does not need to change
in order for it to have a good tabbing
order. GTK+'s API has functions for
defining the focus order of a parent
widget's children.
The Plumbing
After you have asked yourself all of the
above questions and provided satisfac¬
tory answers, it's time to see whether
your application provides the proper
instrumentation to assistive technolo¬
gies, such as Orca. The functionality and
state of your application are provided to
the assistive technology through a
CORBA-based framework called AT-SPI
(Assistive Technology Service Provider
Interface). From your application's
side, the communication with assistive
technologies is done with a library
called ATK (Accessibility Toolkit),
which allows you to create Accessible
objects that are synonymous with
your graphical widgets.
In most instances, when you use
GTK+, the accessibility internals
should not concern you, because
GTK+ has a module called GAIL (GNOME
Accessibility Implementation Library) that
does most of the heavy lifting for you.
GAIL takes all of GTK+'s stock widgets
and provides proper Accessible objects
for them using ATK.
Accerciser, the Accessibility
Exerciser
Accerciser gives a top-down view of
what your application is providing
regarding assistive technologies. It does
this by tapping in to the same interface
that an assistive technology would use,
AT-SPI. Accerciser fits the needs of many
different audiences. It is a tool used by
assistive technology developers to see
what AT-SPI is providing their applica¬
tions, and it is used by automated Ul
test developers by exposing the differ¬
ent methods and events that could be
expected from their target application
when they author test scripts. And, in
our case, it allows user interface devel¬
opers to ensure that their application is
providing all of its functionality through
AT-SPI. In short, it allows us to exercise
the accessibility of our application.
You can obtain Accerciser by
www.linuxjournal.com march 2008 | 77
FEATURE Accerciser
Figure 2. Accerciser’s Main Window
Title Cest Merveilleux
Artist Edith Piaf
Album Chansons Des Cinema Et Theatre 1941-
1962
KKI Previous
□0 Pause
| [> Play]
H>D N ext
Figure 3. Limelite Screenshot
downloading it from Accerciser's Web
site, or check your distribution to see if
it is already packaged.
Accerciser consists of a fairly small
core. Most of Accerciser's features are in
its bundled plugins. Accerciser's main
window has three major areas: a tree
view of the entire desktop accessible
hierarchy as exposed by AT-SPI's registry,
and two tabbed plugin areas.
Accerciser's plugins can be toggled and
rearranged simply by dragging the plug¬
in tabs: drag a tab to another plugin
area to move the plugin to that view, or
drag the tab over the desktop to create
a new window with a plugin view in it.
An easy way of diagnosing our
application is with the Interface
Viewer plugin. Accessible objects
could expose a wide range of func¬
tionality by providing more than one
interface type simultaneously.
The interface viewer plugin allows
users to explore the functions a
selected Accessible object provides.
We use this plugin below to examine
a fictional application.
Limelite, an Imaginary
Application
So far, it seems that we get everything
we need for our application's accessibili¬
ty for free just by choosing GTK+, right?
We have theme compliance, we have
keyboard navigation, we even have
AT-SPI support. So, where could we be
falling short of full accessibility?
First, let's create a fantasy applica¬
tion called Limelite. Limelite is a simple
song-playing program with one killer
feature: by pressing a toggle button
in the GUI, the vocals are magically
removed from the sound output, and
the user, for a few minutes, could be
a rock star.
Limelite's main window is divided in
two. The top shows data about the cur¬
rently playing song, and the bottom has
common media controls (play, pause,
next and so on) and a toggle button
that enables or disables karaoke mode.
To examine Limelite through
Accerciser, all we need to do is run both
programs. Limelite's top accessible node
will appear in Accerciser's tree view. As
we traverse down through this node's
descendants and select child nodes, we
will get a flashing rectangle around
the equivalent widget of the selected
accessible node. When a node is
selected, the plugins will update and
show information about the currently
selected Accessible object.
Labels
When you spend time designing an
application's interface in a visual man¬
ner, issues like proper labeling often are
overlooked. We use Accerciser to find
such instances quickly.
Accerciser comes with a plugin
called Quick Select. Put the pointer over
the widget you want to examine, say
the Play button, and press Ctrl-Alt-/, the
button is highlighted, and Accerciser's
tree view shows the Play push button as
selected. Because the Accessible's name
is Play, we can be certain that an assis¬
tive technology will not have trouble
conveying the function of that button.
Limelite's multimedia keys are all
GTK+ "stock" labels. Stock labels are a
pool of commonly used labels that
GTK+ provides. It is always a good idea
to use these labels when possible, as
they will provide a localized string and a
themeable icon in most cases. For this
reason, stock labels usually are safe
from an accessibility standpoint.
The one key that should concern us
here is the karaoke toggle mode but¬
ton. This button contains nothing but a
microphone graphic. If you select it in
Accerciser, you will notice there is no
string representation present. A good
place to double-check is in the Interface
Viewer, under the Accessible section.
Here, you can see there is no descrip¬
tion for the Accessible either.
This situation easily can be ratified
78 | march 2008 www.linuxjournal.com
General
Packing
Common
Signals
Click:
Press:
Release:
Accessible Name:
Karaoke mode
...
Figure 4. Glade-3’s Accessibility Tab
by directly naming the Accessible object
through ATK's atk_object_set_name()
function. If your Ul is defined with
Glade or GtkBuilder, you should be able
to set the Accessible's object name in
the Accessibility tab.
Of course, the above solution will
not make your interface any more clear
to a user without an assistive technolo¬
gy. A tooltip would be a good choice in
this case, both for general usability and
accessibility. When a tooltip is set for a
widget, GAIL automatically uses the
tooltip's text as the Accessible object's
description string. Assistive technologies
could utilize this description string.
Relationships
When sighted users see Limelite's Ul, it is
obvious to them what the relationship is
between the labels. For example, it is
clear that the Artist label denotes the
fact that Edith Piaf is the performing
artist of the current track. This is clear
because of the table-like spatial layout of
the labels: on the left are the field names
and on the right are the field contents.
A screen reader will have trouble con¬
veying this relationship between the two
labels to blind users. AT-SPI exposes all of
these labels as a flat collection, and GAIL
has no way of automatically determining
the labels' relationship to each other.
For this reason, such relationships
need to be defined explicitly by the
application author. If the application's Ul
was defined via Glade or GtkBuilder, we
could easily declare the proper relation¬
ships in the Accessibility tab in each
label's properties. If our user interface is
written pragmatically, we will have to
use ATK's API.
With Limelite as an example, the
label containing the Artist string needs
to have a "label-for" relationship with
the label holding Edith Piaf, and the
Edith Piaf label in turn needs to have a
"labeled-by" relationship with the label
holding Artist. Similar reciprocal rela¬
tionships need to be defined for the
Title and Album fields.
Finally, in the Accessible section in
Accerciser's Interface Viewer plugin, we
Label for
1 11
Artist
i u iei veil
Edith Piaf
Labeled by
Figure 5. Label Relationships
Linux Laptops
Starting at $7S9
Linux Desktops
Starting at $375
Linux Servers
Starting at $899
DON’T BE SQUARE!
GET CUBED!
C_ Toch
Technologies
JU?.O^UDLU
shoprcubedxom
Do you take
"the computer doesn f t do that"
as a personal challenge?
So do we.
LINUX
JOURNAL
Since 1994:The Original Monthly Magazine of the Linux Community
Subscribe today at www.linuxjournal.com
FEATURE Accerciser
Figure 6. Relations as Seen in Accerciser
could verify that the defined relationships are conning down the
wire and are provided to the assistive technology.
Conclusion
It is hard to separate usability from accessibility; more often
than not, the two terms are synonymous and require your
sound judgment. But, if you keep a few simple principles in
mind, developing an accessible application is an easy and
straightforward task. Tools such as Accerciser allow you to
review your program's interface from the assistive technology
side and make informed choices in interface design. ■
Eitan Isaacson currently lives in Seattle. Washington. Eitan is a regular contributor to Orca and is
the developer and maintainer of Accerciser. Eitan’s passions include sipping high-mountain
oolong tea and talking politics.
Resources
Accerciser's Web Site: live.gnome.org/Accerciser
GNOME Accessibility QA: developer.gnome.org/projects/
gap/testing/index.html
Keyboard Navigation for GNOME:
developer.gnome.org/projects/gap/keyboardnav.html
ATK API Documentation:
library.gnome.org/devel/atk/unstable/index.html
Advertiser Index
Did you know Linux Journal maintains a mailing list where list
members discuss all things Linux? Join LJ’s linux-list today:
http://lists2.linuxjournal.com/mailman/listinfo/linux-list
www.linuxjournal.com march 2008 | 81
INDEPTH
Multitrack Video Editor
Roundup
Video editing in Linux can be hell, but a handful of programs are showing the way
forward to a better world, dan sawyer
In the January 2006 issue of U, I
wrote an extensive article surveying the
state of the art in video production soft¬
ware on Linux. At the time, there were
a lot of new players, some brought into
the field from the first Google Summer
of Code, and very few of them were
serviceable all the way around.
The intervening years have done
their Darwinian work, with some pro¬
jects maturing rapidly, others stagnating
and others being abandoned or disap¬
pearing off the Net altogether. But, as
Nietzsche noted (or would have if he
were as interested in software as he
was in philosophy), "What doesn't kill a
project, makes it stronger." This article
is about the survivors. Few though they
are, some have managed to thrive.
Video editing on Linux always has
been curiously bifurcated. On the one
hand, there are glorious high-end finish¬
ing packages, such as Discreet Smoke,
that are used routinely on big-budget
productions, but the price tag for a
single Smoke system runs into the tens
of thousands of dollars, so it's not par¬
ticularly budget-friendly. On the other
hand, there are excellent low-end pack¬
ages, such as Kino, which handles DV
with grace, speed and polish. The mid¬
dle ground between them is littered
with half-finished projects, failed projects
and Cinelerra, a behemoth that is both
finished and polished but can be said to
"work" only in the sense that a horse
with five legs might learn how to walk.
That is changing.
There is nothing, in theory, stopping
an open-source video editor from offer¬
ing the basic functionality of a Premier
or a Final Cut Pro, together with the
switching ability of a product like
Casablanca to produce very quick
edits of multicamera shoots. Cuisine,
in fact, was developed with this ability
in mind, and even though it got only
halfway there before it was abandoned,
several of the innovations it used
toward that end could be instructive.
Some of the projects here already are
well on that road.
The Main Contenders
The Linux multitrack field is now domi¬
nated by three programs that have been
going gangbusters on development. All
of them are not only still standing but
also are proceeding at a meteoric
pace—and in a promising direction:
Jason Wood's KDENLIVE, Richard
Spindler's OpenMovieEditor and The
Blender Foundation's Blender.
KDENLIVE
KDENLIVE (the KDE Non-Linear Video
Editor) is the project that has garnered
the bulk of my ink thus far (I reviewed it
in-depth in the September 2007 issue
of LJ), mostly because it has been a
clear leader for quite a long time. It
was the first multitrack in the current
crop to attain usability.
Pioneered by Jason Wood and now
maintained by a team of developers,
KDENLIVE is a Qt-based editor that uses
FFmpeg as its decoding engine and Dan
Dennedy's MLT as its frameserver and
EDL backbone. It's a powerful combina¬
tion, putting it into a position to handle
HD as easily as garden-variety DV, and
opening up its importable profile to
include pretty much any video format
you can watch on a Linux box.
The interface is laid out much like
that of the late MainActor. It's familiar
and easy to pick up, and if you're like
me and really hate this paradigm, you
can undock the interface components
and reconfigure them until your picky
Figure 1. KDENLIVE’s default interface resembles early versions of Premier or MainActor.
82 | march 2008 www.linuxjournal.com
your Seatbelts!
206505
little heart is content.
The underlying MLT framework
supports infinite audio and video
tracks, and there are a healthy number
of built-in video and audio effects
(although extensive keyframing remains
problematic at the time of this writing).
Its interface sluggishness mentioned in
my prior review largely has been solved,
as have the difficulties working with
interlaced footage when scaling. The
titler subsystem now works and is
very nicely compatible with installed
TrueType fonts and a wide variety of
raster graphics formats.
All of this is great, but it doesn't
amount to a hill of beans in this crazy
world if it can't perform. That's where
the drawbacks show up. It's still fairly
crash-prone, and the current migration
from FFmpeg as the frameserver to MLT
has broken a few things relating to a/v
synchronization with NTSC footage.
These are known issues due to MLT
bugs, which are, at the time of this
writing, being fixed (and hopefully will
be fixed by the time you read this).
There is still a way to go in a couple
of areas. Its audio toolkit is rudimentary,
but its easy exporting dialogue-splitting
means you can split the audio and push
it over to Audacity or Ardour for sweet¬
ening once your edit is done.
The export GUI also presents a prob¬
lem. As extensive as it is, it isn't friendly
for creating new profiles, which means
that you have to hand-tweak scripts or
wait for new profiles if you want one
that doesn't happen to come prepack¬
aged. Fortunately, the plethora of
profiles is quite staggering, including
a wide range conforming to all the
current FID broadcast standards.
The final weakness—and the
most annoying to me personally—is
KDENLIVE's lack of support for import¬
ing image sequences. It's something
that should be axiomatic in a system
using FFmpeg as a back end, as FFmpeg
is an excellent manipulator of image
sequences and Bash has wild cards for
such things built in. This alone bumps
KDENLIVE out of the professional space,
but with this exception, it is a highly
promising work in progress, stable
enough to use so long as you don't
mind pressing Ctrl-S fairly frequently.
Its most irritating issues are pretty much
solved, and I've used it to complete
several short and long-form projects.
It's perfectly serviceable for day-to-day
use if you know your way around
your footage.
KDENLIVE is the only product in this
roundup that supports video capture.
Here's hoping the development team
keeps up the excellent work!
OpenMovieEditor
OpenMovieEditor is the brainchild and
personal hobby of Richard Spindler, and
it's generally stable, fast and usable. It
supports the full range of framerates
and allows for the creation of pretty
much any working profile, and it sits
partly—though by no means exclusive¬
ly—on FFmpeg with all the glorious
format compatibility that this implies.
The work flow is pretty much what
you'd expect, with the interface closely
mirroring what we've come to expect
from KDENLIVE and similar projects.
Unlike KDENLIVE, the interface is not
easily reconfigurable. However, because
it's built on FLTK, it's fairly rock-solid. It
doesn't crash, it's fast and light and
doesn't bog down due to fancy widget
rendering. The resulting look is fairly
inhospitable cosmetically, but you don't
need rounded corners and crystalline
widgets when you have a program that
stays up like a truck and speeds along
like a Trans Am.
HD compatibility is no problem;
OpenMovieEditor is profile-agnostic.
If FFmpeg or libquicktime can read it,
you can use it, and it's always obvious
what's compatible because it shows
up with a thumbnail in the media
browser tab.
The development philosophy under
which Spindler has proceeded leverages
the power of the Open Source world to
Feel the speed of
'rue tower
Qua d Core Quad Core Qua d Cote
Kemtsneld Clove rtown Govertown
Xecn 5 J 00 Xeo* 5300
$100 $140 $180
1GB RAM
500/250 GB SATA 2
1300 GB/mo Included
100 Mbps Dedicated Port
cartnet
CARt.NET/LJ
888 . 221.5902
www.linuxjournal.com march 2008 | 83
INDEPTH
1
editing tools are all embedded right in the interface next to the tracks, and the nodes editor for the
Figure 2. OpenMovieEditor’s FLTK interface: the
compositing subsystem is visible at bottom left.
his project's advantage. When I inter¬
viewed him for background for this arti¬
cle, he told me that, behind the scenes,
he is involved in several external video
projects that he uses to advance
OpenMovieEditor, building on a suite of
highly stable external libraries: gavl,
libquicktime, the FreiOr plugin API, JACK
and several others. All of these things
extend the package considerably, with
FreiOr being of special note as the
primary source for the video effects.
Spindler himself is involved in FreiOr,
libquicktime and Cinelerra development
in varying degrees, which gives him the
familiarity he uses to integrate their best
tricks into his own project.
He has used it to stunning effect.
The audio and video effects in
OpenMovieEditor work splendidly,
although many of them could use more
settings controls to move them into a
more professional realm. The latest
addition to his bag of tricks though is a
major step in the right direction and
something hereto unheard-of in the
realm of open-source video editing
packages: nodes-based compositing,
which can use all the installed video
effects (although Blender also has a
nodes-based compositor, its interface
with the video editor is oblique and
patterned more after the fashion of a
finishing system than a video editor).
OpenMovieEditor is unique among
Linux multitrack editors in that it is
capable of running its audio through
the JACK Audio Connection Kit (JACK).
This gives it access to all the excellent,
readily available Linux pro-audio tools,
and with proper kernel patching it
works in real time. The upshot is that
you can use OpenMovieEditor as part
of a sync chain that will allow you to
create, compose and tweak your sound¬
track while always seeing the video and
hearing the audio as it's mixed. It's hard
to overstate the power of this; it is
unambiguously a professional feature,
and it's a great benefit to independent
filmmakers and small studios who need
the performance it offers and aren't
able to buy the higher-end turnkey
systems on offer for the film industry.
But Spindler isn't done—he and his
community members are working on
integrating the system with Inkscape
and with Blender for generating new
transitions and other effects. The
future on this seems bright!
When it comes to asset manage¬
ment, the program seems, at first
glance, not much different from
KDENLIVE. Looks are deceiving
though—it's much more flexible.
When it comes to open-source projects,
OpenMovieEditor's asset management
system, which allows clips to be stored
in a bin off the timeline for grabbing
and inserting, is a work-flow tweak that
makes shot selection independent of
the status of the edit, and also makes
84 | march 2008 www.linuxjournal.com
assembling the selected shots far quicker.
With its ability to set clips in the use bin
rather than whole files, its ability to use
image sequences and its thumbnail
filesystem browsing, it is far above par,
and much more sensible than what's
available for asset management in
KDENLIVE or Blender.
One caveat that Spindler gave me
when I interviewed him via e-mail:
OpenMovieEditor is very much a
work in progress; this means that
it is not yet feature-complete,
but that it has a rapid pace of
changes; development is hap¬
pening rather fast, and not in a
very "controlled" fashion. So, it
might happen that stuff that
worked once can break, or that
new features are not as well
tested as they should be.
So, it's a wise procedure, when
upgrading OpenMovieEditor, to test
fresh compiles thoroughly before
installing them, or at least to keep
around an older package you know
to be working to revert to should
there be problems.
In sum, OpenMovieEditor is an
excellent package all around and well
worth the time investment in learning
it. It lacks the plethora of export profiles
offered by KDENLIVE, but it makes up
for this with a well-appointed, intuitive
GUI that allows experienced editors to
specify their own export settings for
pretty much any destination or master¬
ing format supported anywhere under
Linux. It goes further, supporting high
bit-depth editing, effects and export
with integrated (though still primitive)
nodes-based compositing. This is a
project with nowhere to go but up.
Blender
Blender is justly and primarily famous
for its standing as the premier
free/open-source 3-D graphics pack¬
age, but that's not all it can do. Because
it is intended as an end-to-end finishing
system for animation, it has integrat¬
ed a full-featured, OpenGL-driven
video editor called the VSE (Video
Sequence Editor).
The VSE is, to say the least, pretty
strange. Like all things in Blender, the
interface is built for efficiency and
speed of use over user-friendliness,
so the learning curve is a bit steep,
although knowing a good bit about
how the rest of Blender works will
help out handsomely.
Blender's major shortcomings to
this point, as a video editor, have
been threefold:
■ As it started life as an animation
editor, it hasn't had support for frac¬
tional framerates such as are found
in NTSC (29.97), which causes sound
sync problems when editing NTSC
footage with sound. This is now fixed
in CVS, and with any luck, it will be
in the next main release before this
article goes to press.
■ Its export paradigm is obtuse and
hard to cope with, setting an entry
bar too high for most editors to be
willing to consider. A bit of practice
makes this a non-issue.
■ It also has no asset management
system—all that work has to be done
outside the program by editors care¬
fully structuring their directories and
assets if they care to keep track of
everything. This probably never will
be addressed—thus far, there isn't a
significant cry from within the user
community to change it, and I sus¬
pect it would take some nontrivial
code refactoring to pull it off.
However, despite these initial
weirdnesses, Blender's VSE has a lot
to recommend it, not the least of
which is its easy integration with the
other parts of Blender. It can accept as
inputs both rendered and unrendered
strips from the animation subsystem
and the compositing subsystem—a very
powerful bonus. The compositing sys¬
tem itself (reviewed in the November
2007 issue of LJ) is a full-fledged profes¬
sional nodes-based system that goes
far beyond the video effects available
in any other Linux editor. Additionally,
Blender's VSE is itself a layers-based
compositor, with quite a few native and
community-generated plugins for color
correction, greenscreen compositing, PIP
TS-7800 High-End Performance
with Embedded Ruggedness
5»269 qty1 $229 qty
100
500 MHz ARM9
New unbrickable design- 3x faster
Backward compatible w/TS-72xx
Low power - 4W at 5V
128MB DDR RAM
512MB high-speed onboard Flash
12K LUT user-programmable FPGA
Internal PCI Bus, PC/104 connector
2 USB 2.0 480 Mbps
Gigabit ethernet » 2 SD sockets
10 serial ports * 110GPIO
5 10-bit ADC » 2 SATA ports
Sleep mode uses 200 microamps
Boots Linux in < 2 seconds
Linux 2.6 and Debian by default
Design your solution with
one of our engineers
» Over 20 years in business
* Never discontinued a product
* Engineers on Tech Support
* Open Source Vision
* Custom configurations and designs w/
excellent pricing and turn-around time
* Most products stocked and available
for next day shipping
See our website for options,
peripherals and x86 SBCs
Technologic
SYSTEMS **
We use our stuff.
visit ourTS-7200 powered website at
www.embeddedARlvl.com
INDEPTH
1
work and so on.
In practice, this means that, when
properly used, Blender's VSE has, by one
path or another, all the power of After
Effects (sans easily usable rotosplines),
particularly for plane-based animation, a
trick I use regularly to design animated
DVD menus. It also has a professional
color-correction tool that is totally
absent from the other editors in this
article, a vectorscope.
For format compatibility, Blender shares
the FFmpeg backbone with KDENLIVE
and OpenMovieEditor (initially integrated
into Blender by Ian Gowen as a Google
Figure 3. Blender comes preconfigured with a video editing screen setup. Video files are in cyan, sound in blue, and image sequences are in purple,
so you can tell at a glance what you’re working with.
TECH TIP
Getting X Window System Information
are supported by the X server:
You may have wondered how to determine certain X attributes
using simple shell commands, such as the refresh rate and display
resolution. You can use xrandr for that purpose:
$ xrandr --verbose
You also can get a great deal of information with the
xdpyinfo command, such as finding out what extensions
$ xdpyinfo | less
One very useful extension for video is the Xvideo extension,
known as xv. The xvinfo command can give you information
SZ: Pixels
Physical
Refresh
on this extension:
*0 1024 x 768
(
333mm x
241mm
)
*85
1 800 x 600
(
333mm x
241mm
)
85
$
xvinfo
2 640 x 480
(
333mm x
241mm
)
85
Current rotation -
normal
For 3-D, use the
Current reflection
-
none
Rotations possible
-
normal
$
glxinfo
Reflections possible
- none
For more information about these commands see the
respective man pages.
— GIRISH VENKATACHALAM
86 | march 2008 www.linuxjournal.com
SoC project), and it deals excellently with
image sequences (which is only natural,
as it was originally an animation editor).
Its audio compatibility also is FFmpeg-
based, and although Blender's audio tools
are paltry to the point of vanishing, it is
quite suitable for video editing where a
separately mixed soundtrack is conformed
to the video in the VSE.
Like OpenMovieEditor and unlike
KDENLIVE, Blender's VSE is format-
agnostic—the final output profile being
controlled by the output settings in the
RenderButtons window.
Alas, Blender VSE has one more
shortcoming: unlike KDENLIVE or
OpenMovieEditor, it has no option for
direct stream copy to prevent generation
loss when rendering out to the same
format you are using for your source
footage. If you're using Blender as a fin¬
ishing system, this isn't an issue; most of
your footage will have effects applied and
thus be recompressed on export anyway.
I personally don't use Blender as my
primary video editor, though I have
found myself using it more and more
as a finishing system and may give it
a go doing a full project on it some¬
time in the not-too-distant future. It's
an odd mix of best-of-bunch and
worst-of-bunch, which might not
seem like a glowing recommendation,
but it is an indispensable tool for a
Linux production pipeline.
Detritus
Of course, there are a number of pro¬
jects I haven't mentioned here. Without
exception, they are all unusable. They
either haven't achieved usability yet
(Pitivi and Jahshaka), they are poorly
designed, unstable and resource-hungry
(Cinelerra), or they are dead on the vine
(MainActor and Diva).
Conclusion
One of the great weaknesses in open-
source software in the video domain
thus far has been a lack of imagination.
In the commercial world, because of the
way the industry has developed, there
long have been a handful of sharply
divided paradigms for editing. Market
strategy being what it is, it's in the inter¬
est of commercial developers to keep
their products for the various paradigms
in separate tracks: more programs
equals more redundant software sales,
and the ability to set high prices for
some markets while giving away the
software for other markets (usually
bundled with hardware). So far, open-
source developers have been content to
emulate it, and it's a philosophy that has
hobbled the development of a killer app
for video editing on Linux. All three of
the projects covered here would do well
to take a look at the asset management,
footage commenting and multicamera
switching strategies innovated by Drew
Pertulla and implemented in his now-
fallow multitrack editor Cuisine and at
other innovations among the also-rans.
Fortunately, OpenMovieEditor and
Blender are starting to break the mold,
and I have high hopes that KDENLIVE
will follow suit.
However, what's left is quite usable
and in some cases bordering on down¬
right impressive. So, grab your cameras,
get a script, and dive on in !■
LINUX
JOURNAL
Since 1994: The Original Magazine of the Linux Community
Digital Edition
Now Available!
Read it first
Get the latest issue before it
hits the newsstand
Keyword searchable
Find a topic or name
in seconds
Paperless archives
Download to your computer for
convenient offline reading
Same great magazine
Read each issue in
high-quality PDF
Dan Sawyer is the founder of ArtisticWhispers Productions
(www.artisticwhispers.com), a small audio/video studio in the
San Francisco Bay Area. He has been an enthusiastic advo¬
cate for free and open-source software since the late 1990s,
when he founded the Blenderwars filmmaking community
(www.blenderwars.com). He currently is the host of “The
Polyschizmatic Reprobates Hour”, a cultural commentary pod¬
cast, and “Sculpting God”, a science-fiction anthology podcast.
Author contact information is available atwww.jdsawyer.net.
Resources
KDENLIVE: www.kdenlive.org
OpenMovieEditor:
openmovieeditor.sourceforge.net
Blender: www.blender.org
"Linux Video Production: the State of
the Art": www.linuxjournal.com/
article/8589
"KDENLIVE Is a Promising Work in
Progress": www.linuxjournal.com/
article/9777
"Open-Source Compositing in
Blender": www.linuxjournal.com/
article/9831
INDEPTH
J
Maximize Desktop Speed
Are you a speed junkie who wants the fastest, most responsive machine? Try
these changes and get even more speed out of your Linux box. federico kereki
One of the best things about Linux is that you can get much
more performance out of the same computer than with other
operating systems. However, there always is room for improve¬
ment, and you should be able to get a bit more speed out of
your box by applying some specific enhancements.
Don't expect miracles, however. No amount of tweaking
can turn a Pentium II into a Quad Core monster (remember
the old saying about silk purses and sow's ears?), but you can
expect to get a more responsive machine that "handles"
better. Although some of the changes are internal and hard
to see, you will find that your system feels livelier, your clicks
produce answers faster, you can switch between applications
more quickly and programs run in less time.
Let's be practical. If you get a better CPU, there's probably
nothing in this article that will match your results, and the
same goes for a better graphics card or speedier disks. But,
you expected that, didn't you? (Making such hardware
upgrades would benefit not only Linux, but also every other
operating system out there.) However, making such changes
are practically the equivalent to getting a whole new machine,
so you wouldn't be really enhancing the performance of your
old box, but starting anew.
That said, this article discusses configuration changes with
the aim to leave everything (well, almost everything) as it was
but make it perform better. Of course, these changes aren't all
equal; some are more difficult (and riskier), some require
rebooting or other procedures, and some even require delving
into the command line and editing configuration files. But,
don't give up. The results are worth it.
As a final note, I use OpenSUSE (version 10.3) and KDE for
the examples in this article. If you are using other distributions
or desktop environments, you will find small differences in file
locations or procedures. Currently, because most distributions
offer exactly the same packages and drivers, one of the largest
remaining differences between them is precisely in the config¬
uration tools, so you may need to do some searching on your
own. In any case, it's a safe bet you will find a way to manage
anything described here, only in a different way.
RAM, RAM, RAM
Similar to the old real-estate adage "Location, location, loca¬
tion", getting more RAM, RAM, RAM will provide a great
improvement. All processes need memory, and whenever the
kernel runs out of RAM, it starts swapping to disk, but as this
is orders of magnitude slower, your performance takes a hit. If
you are willing to spend something, don't hesitate. Go out
and get some extra RAM sticks for your machine. As soon as
you plug them in, you will notice better performance.
Getting more RAM isn't very costly, and it doesn't require
any configuration or re-installation.
Even if you don't want to spend the money for more RAM,
you can make Linux manage the available RAM in a more
efficient way. Here are some simple changes to consider:
■ Change from KDE or GNOME to a lighter desktop environment.
GNOME is about the worst in terms of RAM requirements
(although it's far below that of Windows Vista), and KDE is a
close second. Try using a less-demanding environment, such as
Xfce or Enlightenment, which is used in gOS, the operating
system pre-installed in the Everex Green gPCs sold at Wal-Mart
[see Doc Searls' interview with David Liu on page 58 for
more on the gOS]. Other possibilities include IceWM,
Blackbox, Fluxbox, Fvwm, JWM or (the now seemingly
defunct) Window Maker. Note that these window managers
are not exactly equivalent to having a full desktop environ¬
ment, so you will have to adapt a bit. Plenty popular distribu¬
tions, such as DSL (Damn Small Linux) or Puppy Linux use
these lightweight window managers, and many are available
as optional packages for Red Hat or SUSE.
■ Get rid of fonts you never use. I was once a fonts junkie
and loaded my box with several hundred fonts (I'm not
exaggerating) just in case I might use them some day. Each
font requires memory, and the fewer fonts you have, the
more RAM you will free. And, some programs will run
faster, because they will have shorter lists of fonts to load.
■ Reduce the number of virtual desktops. Windows users
work with only one desktop, but do you really need 16 virtual
desktops in Linux? Experiment a bit with this. I wouldn't go
down to one desktop, but most of the time, having two or
three virtual desktops is more than enough.
Getting Too Swappy?
Linux (as most other, if not all, modern operating systems) uses
a technique called Virtual Memory to give programs the
impression that they have plenty of memory available, even
more than the actual RAM size of the machine. This technique
implies using disk memory (the /swap partition) to simulate
actual RAM, swapping pieces back and forth. Of course,
whenever this swapping process runs, you will experience
longer response times and slower performance.
The kernel tries to prevent future swapping by doing
some of it in advance, and you can alter the degree to
which this is done by changing a parameter from 0 (minimum
swapping, done only if needed) to 100 (try to free as much
RAM as possible).
There are two ways to change this. The standard value is
88 | march 2008 www.linuxjournal.com
Linux - FreeBSD - x86 Solaris - MS etc.
set at 60. To lower it, as root, do something like:
sysctl -w vm.swappiness=25
or:
echo 25 > /proc/sys/vm/swappiness
Note that this change will last only until the next time you
restart your box. If you want to make the change permanent,
edit/etc/sysctl.conf, and add a line like the following:
vm.swappiness=25
Now, it will be loaded every time you boot. If you want to test
the changes, make the edit to /etc/sysctl.conf and then reload
it with /sbin/sysctl -p.
Is it better to have lower values (down to 5 or 10) or higher
values (up to 100)? Personally, I use 5, and I like the way my
machines (desktop and laptop) work. If you notch it up, the
kernel will use more CPU time to free RAM in advance; if you
turn it down, the CPU will be freer, but there will be more I/O.
For CPU-intensive programs, if you have fast disks, I'd go
with lower values, as I did myself. This will produce improve¬
ments, such as when switching between applications, because
it's more likely that they reside in physical RAM instead of on the
swap partition. Even if you set swappiness to zero, if needed,
the kernel will do its swapping, so once again, you would
benefit from getting more RAM if possible.
However, Linux kernel developer Andrew Morton sug¬
gests using 100, and author Mladen Gogale observes he
found no difference, so you may want to try different val¬
ues and see what you prefer (see Resources for links to
articles on this topic).
Make Applications Load Faster
Under Linux, most applications are in a special Executable and
Linkable Format (ELF) that allows them to be smaller. Instead
of including all needed libraries, the program file has refer¬
ences to them, which are resolved (or linked) when the code is
loaded for execution. You might recognize here a classic time
vs. space compromise: a smaller file size, but a higher loading
time. If your program requires only a few libraries, the linking
process is quick, but for larger programs that use several
libraries, the linking process gets noticeably longer.
If you are game to using a bit more disk space (and
spending some time preparing all files), you can use the
prelink command to do the linking phase in advance and
store the needed libraries within the program file itself, so
it will be ready to execute as soon as it is loaded. (Actually,
I fudged a bit here. When the program is loaded, the
libraries are checked to verify they haven't changed since
the prelinking, but that check is much speedier than doing
the linking itself.) Using prelink in this way obviously requires
more disk space (for there will be a copy of every prelinked
library within each executable file), but with the current
large disks, this won't even be noticed.
Linux Server
FreeBSD Server
Microsoft Server
Solaris Server
GENSTOR STORAGE SOLUTIONS:
- Storage options - FC to SATA/SAS, FC to FC
SAS to SAS/SATA, SCSI to SATA, SCSI to SCSI
Exceptional Performance with Proven Reliability
- 24 TB in 4U with easy upgrade path
- Host Servers and Storage comes Pre-Configured
with heterogeneous OS- Linux, * BSD, Solaris
Microsoft etc.
- Fully redundant Storage solutions
Proven technology. Proven reliability
When you can’t afford to take chances with your business
data or productivity, rely on a GS-1245 Server powered by
the Intel® Xeon® Processors.
Quad Core Woodcrest
Intel®, Intel® Xeon® Inside are trademarks or registered trademarks of
Intel Corporation or its subsidiaries in the United States and other countries
INDEPTH
1
In order to prelink your programs, you need to set up a
configuration file (/etc/prelink.conf), so prelink knows where
to search for shared libraries and what programs to work
with should you opt for the -a option and prelink everything
possible. The format of this file is simple: blank lines don't
matter, comments start with a # character, and the rest of
the lines should be something like the following:
-1 aDirectoryToBeProcessed
-h anotherDirectoryButAllowingForSymlinks
-b fileToSkip
The -I lines specify directories that should be processed.
The -h lines are pretty much the same, but allow for symlinks,
which will be followed, so the prelink process might end up
working with files actually residing in other directories than
the ones you originally specified. Finally, the -b lines show
blacklisted programs (patterns also can be used) that should
be skipped by the prelinking process. I recommend leaving
these lines alone. If your prelink experiments show that
certain programs cannot be prelinked (you'll get an error
message if you try), you should add an appropriate -b line to
avoid future unnecessary warnings. As an example, Listing 1
shows some portions of my (already provided in OpenSUSE)
/etc/prelink.conf file.
If you want to prelink a single program, just do prelink
theProgramPathAndName, and if the program can be relinked
successfully (remember my comment—this just isn't feasible
for some programs), the original binary ELF file will be
overwritten with the new, larger, all-including version.
You could start a massive prelinking session by executing
prelink -a, which will go through all the -I and -h directories
in /etc/prelink.conf and prelink everything it finds. Here are a
No Prelink Needed in
Ubuntu or Debian?
Recent Ubuntu and Debian distributions include a different
mechanism for speeding application loading and a new
linking mechanism that speeds up the linking process
without using prelink.
To enable the faster startup times, do sudo apt-get i ns tall
preload, and from that moment on, Linux monitors which
applications you run and fetches those binaries and libraries
into memory.
For example, if you use Firefox and OpenOffice.org every
day, preload will determine that those two are common
applications and will keep the needed libraries in RAM. Of
course, should you change to Seamonkey and KOffice,
preload eventually will detect your change of habits and do
the appropriate thing.
few more options to note:
■ Do a dry run by including the -n option. This generates a
report of all results, but no changes will be committed
to disk. Use this to see whether there are unexpected
problems or files to be excluded.
■ Include the -m option so prelink will try to conserve memory,
if you have many libraries in your system (highly likely) and
not a very large memory. On my own machine, if I omit
this option, prelink fails to work, so my usual command
to prelink everything possible is prelink -m -a.
■ If you dislike the prelinked files, or if you get tired of
prelinking everything every time you get updated
libraries, use the -u parameter to undo the changes.
Executing preli nk -u aPreli nkedProgramName will
Listing 1. Portions of the Provided OpenSUSE /etc/prelink.conf File
# Acrobat Reader
-b /usr/XllR6/lib/Acrobat5/Reader/intellinux/bin/acroread
-b /usr/XllR6/lib/Acrobat7/Reader/intel1inux/bin/aeroread
# RealPlayer
-b /usr/lib/Real Player8/realpi ay
[...some snipped lines...]
# Files to skip
-b *.la
-b *.png
-b *.py
-b *.pl
-b *.pm
-b *.sh
-b *.xml
-b *.xslt
-b *.a
-b *.js
# kernel modules
-b /lib/modules
[...more snipped lines...]
-1 /lib
-1 /1ib64
-1 /usr/lib
-1 /usr/lib64
-1 /usr/XllR6/lib
-1 /usr/XllR6/lib64
-1 /usr/kerberos/li b
-1 /usr/kerberos/lib64
-1 /opt/kde3/lib
-1 /opt/kde3/lib64
90 | march 2008 www.linuxjournal.com
restore the program to its previous, unlinked format,
with no fuss. Of course, for a radical throwback to the
original situation, do prelink -a -u.
The prelinked versions of all programs are executed just like
the normal ones, but will load a bit faster, thus providing a
snappier feel. I have found conflicting opinions as to actual,
measured results, but most references point to real speedups.
Speed Up the Filesystem
Every time you create, modify or simply access a file, Linux
dutifully records the current timestamp in its directory struc¬
tures. In particular, the latter update obviously implies a
penalty on file access time. Even if you merely read a file
(without changing anything), Linux updates the file's inode
(see Resources for more on inodes) with the current timestamp.
Because writes obviously require some time, doing away with
these updates results in performance gains.
In order to achieve this enhancement, you need to change
the way the filesystem is mounted. Working as root, do cat
/etc/fstab to get the following:
/dev/hdal
/boot
ext2
acl,user_xattr
1 2
/dev/hda2
swap
swap
defaults
0 0
/dev/hda3
/
reiserfs
acl,user_xattr
1 1
/dev/hddl
/media/disk2
reiserfs
defaults
1 2
/dev/hdc
/media/cdrom
udf,iso9660
ro,user.noauto
0 0
proc
/proc
proc
defaults
0 0
sysfs
/sys
sysfs
noauto
0 0
debugfs
/sys/kernel/debug
debugfs
noauto
0 0
usbfs
/proc/bus/usb
usbfs
noauto
0 0
devpts
/dev/pts
devpts
mode=0620,gid=5
0 0
Given this output, the best candidates for the optimization
are / and /dev/hddl; /boot is used only when booting, /swap is
out of bounds for you, and the others are not hard disks.
Making the change is simple. With your favorite text editor,
add ,noatime to the options in the fourth column. When
you are done, issue the mount -a command to remount all
partitions, and then issue a plain mount to check whether
the changes were done (Listing 2).
Notice the noatime parameters in the /dev/hda3 and
Listing 2. Checking the New Parameters with mount
$ mount -a
$ mount
/dev/hda3 on / type reiserfs (rw,noatime,act,user_xattr)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/hdal on /boot type ext2 (rw,act,user_xattr)
/dev/hddl on /media/disk2 type reiserfs (rw,noatime)
Data Integrity
vs. Speed?
Googling for filesystem performance enhancements, you
might come upon a suggestion for ext3 and ReiserFS,
involving another mounting option: data=wri teback.
This option effectively undoes the advantage of those two
filesystems by partially disabling their journaling. (Journaling
is what ensures that your data won't be lost, even after a
system crash.) If you include data=wri teback, you'll gain
an increase in speed at the cost of having old data show
up after a crash. I don't like this kind of risk, so I don't
use that option.
/dev/hddl lines. Those mean you did everything right, and
access times are no longer being recorded.
By the way, if you research this on the Web, you may find
a reference to another option, nodiratime, which has to do
with directories. Do not bother setting this option, because
noatime implies nodiratime.
I ran some tests (creating lots of files, and copying them to
SUBSCRIBE TODAY!
www.linuxjournal.com march 2008 | 91
INDEPTH
1
/dev/null) and tinned the results both with and without the
noatime option and found some small performance enhance¬
ments—every little bit helps.
Now, if you gotten this far, you're ready for the big one:
enhancing your kernel.
Get an Optimal Kernel
All the tweaks we have done so far are just part of the job,
and you even can get a bit more speed if you recompile your
kernel and adjust it optimally for your specific hardware and
needs. Note that even though compiling a full kernel isn't the
challenge it used to be (mainly you just have to make a few
choices and key in some commands), there still is room for
botching things up. Don't try this unless you feel comfortable.
Most distributions usually provide a one-size-fits-all kernel
compiled with the most generic options, which should work
for everybody. Of course, this won't necessarily fit your specific
case. If your box has an Athlon XP CPU (as my laptop does), or
many processors, or a certain graphics card, the generic kernel
won't take advantage of them. What to do? You can tweak
some kernel options and recompile it for optimal performance.
Here, I pay specific attention to the options that enhance speed
and responsiveness.
Compiling your kernel isn't that difficult, but remember
there's a distinct probability of hosing your machine and turn¬
ing it into a paperweight. (Okay, that may be a bit of an exag¬
geration. In the worst case, you simply would have to re-install
Linux, and you wouldn't lose your data.) In my case, I used the
YaST administration tool and installed two kernels, so I could
choose either of them at boot time, and if I destroyed one, I
could reboot with the other one, re-install the broken kernel
and keep trying.
You need some specific packages to do this: kernel-source
(the source files for the actual kernel), gcc (the compiler), ncurses
(for the menus) and bzip2 (used internally to create boot
images). You also need to know a bit about your hardware. Use
cat /proc/cpui nfo to see how many CPUs you have and their
brands, and cat /proc/meminfo for RAM information (Listing 3).
Start with a dry run and recompile the kernel without any
changes, just to see if everything is set up okay. Working as
root, do what's shown in Listing 4.
The make processes will run for a while, and although they
might produce some warnings, there shouldn't be any errors.
If everything still is running okay after you reboot, it means
you can start experimenting; you already did a kernel build. (If
things did go seriously wrong, reboot with the other kernel,
re-install the thrashed kernel, fix the problem, and try a dry
run again.)
Note:
The specific commands used in this article are appropriate for
the OpenSUSE distribution, but do vary from one distribution
to another. Check your documentation for the specific com¬
mands you will need before trying to recompile your kernel.
Listing 3. You will need information about your CPU and RAM
before recompiling your kernel.
$ cat /proc/cpuinfo
processor
0
vendor_id
AuthenticAMD
cpu family
6
model
8
model name
Mobile AMD Athlon(tm) XP 2200+
[...some lines snipped..
, •]
$ cat /proc/meminfo
MemTotal: 483488
kB
MemFree:
11560
kB
Buffers:
19888
kB
Cached:
323408
kB
SwapCached:
2768
kB
Active:
166432
kB
Inactive:
230396
kB
[...more lines snipped..
Listing 4. Do a dry run to ensure that you have everything you need
for compiling the kernel.
cd /usr/src/linux
make clean
make
make modules_install
make install
Tweaking the kernel is simply a matter of choosing the appro¬
priate options from a (large) menu. As root, do the following:
cd /usr/src/linux
make clean
make menuconfig
and you will see a screen (Figure 1) with a menu full of hun¬
dreds of options, although luckily, you will have to change
only a few of them.
If graphical interfaces are more your style, change the last
command to make xconf i g for a friendlier way of working
(Figure 2).
The following are some of the options to change:
■ Under General Setup, uncheck Cpuset support.
■ Under Processor Type and Features, check Tickless System and
High Resolution Timer Support. Select the right CPU type under
Processor Family, so the compiled kernel code will be optimized
for it, and uncheck Generic x86 Support, which is needed only
for generic kernels. Choose the amount of RAM you have
92 | march 2008 www.linuxjournal.com
Figure 1. make menuconf ig provides a console-like way to select kernel options.
under High Memory Support. Check
Preempt the Big Kernel Lock, and
under Preemption Model, choose
Preemptible Kernel (Low-Latency
Desktop). Note that for a server
machine, you should select the No
forced preemption option. Under
Timer Frequency, choose 1000 (stand¬
ing for 1000H). Finally, if you have a
machine with only one CPU, uncheck
Symmetric multi-processing support.
If you have two or more CPUs, check
that box, and under Maximum num¬
ber of CPUs, enter the correct
number. (All this data comes from
doing cat /proc/cpuinfo, as
discussed previously.)
■ Under Block Layer, uncheck every¬
thing, unless you have disks larger
than 2Tb.
■ Under Kernel Hacking, uncheck Figure 2. make xconf i g produces a friendlier graphical way to choose kernel options.
Kernel Debugging, Collect kernel
timer statistics. Debug preemptible kernel and Write protect program (say "yes" to save the new kernel configuration) and
kernel read-only data structures. then do the following:
After you are done selecting options, exit the configuration make
www.linuxjournal.com march 2008 | 93
release date: february aooa
ARCHIVE 1994-2007
Indudes issues-t“!64 of Linux Journal
mmrnm
www.LinuxJournal.com/ArchiveCD
The 1994-2007 Archive CD,
back issues, and more!
\
INDEPTH
make modules_install
make install
Watch for unexpected error messages; there should be
none. You will need to wait, as when you did with the dry
run. On my laptop, the complete process requires more than
30 minutes. If you get an error message, either go back to the
menu to try to fix whatever was wrong, or reboot with your
backup kernel, re-install the broken kernel, and try again. If
everything is okay, simply reboot, and try out your new kernel.
Conclusion
By applying just a few changes to your Linux box, you can get
a faster response and greater speed, and you will be able to
show off your machine to everybody. Then, after following the
suggestions in this article, look around the Internet on your
own, and you will be able to pick up more speed, but be care¬
ful, making these enhancements can become addictive !■
Federico Kereki is an Uruguayan Systems Engineer, with more than 20 years’ experience teaching
at universities, doing development and consulting work, and writing articles and course material.
He has been using Linux for many years, having installed it at several different companies. He is
particularly interested in the better security and performance of Linux boxes.
Resources
"The ELF Object File Format by Dissection" by Eric Youngdale:
www.linuxjournal.com/article/1060
"Making inodes behave" by Clay J. Claiborne, Jr.:
www.linuxjournal.com/article/4404
"Wikipedia: Inode": en.wikipedia.org/wiki/lnode
"Linux: Tuning swappiness": kerneltrap.org/node/3000
Wikipedia: Virtual Memory:
en.wikipedia.org/wiki/Virtual_memory
"Tuning Linux VM on Kernel 2.6" by Mladen Gogala:
www.dba-oracle.com/t_tuning_linux_kernel_2_6_oracle.htm
"...and especially for your laptop": beranger.org/
index.php?article=1547&page=3k
gOS Features: www.thinkgos.com/technology.html
gOS, Wikipedia: en.wikipedia.org/wiki/GOS_(Linux_distribution)
Xfce: www.xfce.org
USENIX DA 2008 USENIX ANNUAL
June2 Iost 7 ofM°A TECHNICAL CONFERENCE
Join us in Boston, MA, June 22-27,2008, for the 2008 USENIX Annual Technical Conference.
USENIX Annual Tech has always been the place to present groundbreaking research and cutting-edge
practices in a wide variety of technologies and environments. USENIX '08 will be no exception.
USENIX '08 will feature:
• Sunday-Tuesday, June 22-24,2008
An extensive Training Program, covering crucial topics and led by highly respected instructors
• Wednesday-Friday, June 25-27,2008
Technical Sessions, featuring the Refereed Papers Track, Invited Talks, Guru Is In Sessions, and a Poster Session
• Plus workshops, BoFs, and more!
Join the community of programmers, developers, and systems professionals in sharing solutions and fresh ideas.
http://www.usenix.org/usenix08/lj
EOF
A
Driving Markets from
Our Own Kernels
Only personal power will obsolete the walled garden.
DOC SEARLS
At the Internet Identity Workshop (IIW) a
couple months ago, I sat at a table where a
couple guys discussed whether certain code
belonged in kernel space or user space. I
missed the details, but it seemed meaningful
to me that the IIW is a workshop for devel¬
opers of user-centric identity management
systems. All the IDM (identity management)
communities represented at IIW—OpenID,
Higgins, CardSpace, OSIS, Oauth, ClaimID,
Bandit, Liberty and so on—grew out of
the need for users to be in control of their
identity-based relationships, rather than to
be controlled within the walls of "relation¬
ships" defined by the kind of "identity
providers" whose cards fill our wallets.
Later it occurred to me that there's a
similar distinction between our own kernel
and user spaces—that is, between the core
capabilities we bring to the world and
the way those capabilities are put to use,
especially in the marketplace.
Think for a minute about how clothing
works in a society. In a way, it drives how we
work in the world. Whether practical or
merely symbolic, our clothing qualifies us to
fly a commercial airplane, argue a case
before a judge, rivet girders in a high-rise,
look presentable in a business meeting or
geek-out amongst fellow engineers.
Now, think about how wallets work.
They not only carry currency, but various
forms of identification as well. These, how¬
ever, differ from clothing in one important
way: nearly all forms of identification are
provided for us by outside organizations.
This goes for our driver's licenses, our credit
and debit cards, our membership cards and
insurance cards. In terms of clothing, these
cards are little rectangular uniforms. So, even
if they have our names on them, they are
not ours. They are issued, and belong to,
entities outside ourselves—entities that
enable but also control and restrict how we
deal with a range of uses.
Except for sole-proprietor business
cards, none of the rectangles in our wal¬
lets are ours. Yet, they contain the means
by which we perform in the marketplace.
Here's another way of looking at it: the
cards in our wallets are like proprietary
drivers in our kernels.
What would happen if we had our own
relationship drivers inside our own kernels?
These drivers would not be written and pro¬
vided by outsiders as ways of driving us as
customers and citizens, but rather written
for us (and by us) as ways we can drive rela¬
tionships with governments, retailers, health¬
care providers, service organizations and
other entities that could actually benefit by
not having to control everything.
For example, we could have "preference
drivers" that express market logic, such as,
"If I'm calling for tech support, then you
can't give me a promotional message." We
might even add an incentive, such as, "And
I'll pay you $.50 for getting me to a human
being in less than a minute."
We could have "request drivers" that
support the expression of demand for goods
and services, such as, "We need a stroller for
twins, sometime in the next five hours, from
any retailer within five miles of Highway 70
between Salina and Kansas City."
We could have "trust drivers" that
support the expression of our own usage
and license agreements. These could say,
"Here's all you need to know to trust me,
with automated links to one or more veri¬
fying trust-assurance organizations, so we
can both be spared any wasted effort."
These could selectively disclose relevant
memberships, credit worthiness, past deal¬
ings and so on—all on a need-to-know
basis, without requiring us to fill out forms
or even reveal our names.
These kinds of blue-sky scenarios are
prevented only by business defaults set to
regard the customer as a dependent and
subordinate entity rather than an indepen¬
dent and equal one. Preserving this kind
of caste system traditionally has been seen
as a business requirement, but it's not.
Free customers can be a lot more valuable
than enslaved ones.
So, why aren't we free? Why are we
dependent variables instead of indepen¬
dent ones? Because markets are pro¬
grammed and driven by vendors and
other large organizations that treat us
as devices to be driven, rather than the
drivers in our own right. Or, in tech terms,
they pack us full of proprietary drivers that
enforce dependency and wear blinders to
the benefits of customer independence.
Customers need to drive and not just be
driven. We don't yet know what forms the
driving code will take, but there's a hole
where it should go, and it's in ourselves—or
in the layer of code and protocols by which
we address the connected world. This is a
huge frontier, and so is the huge new mar¬
ket that will open for commercial facilitators
of customer independence.
The need for a self-hack was highlighted
nicely by Facebook when it launched its
"Beacon" advertising system last November.
As I write this, Facebook has attracted more
than 55 million users (not customers, or the
company might be more accountable to
them) into its walled garden. Everything
went fine until Facebook found ways to
track, expose and monetize users' relation¬
ships, by following and in some cases expos¬
ing the crumb trails they leave on the Web.
A great cry went up, much news was made,
and Facebook made adjustments that I'm
sure it's still tweaking as you read this.
But, nothing it does will change the
basic problem, which is a lack of native
power on the users' side. So, in that
absence, all the rules for relating to,
and within, Facebook are controlled by
the company. This is the way things have
been for every B2C company, since the
dawn of the Required Agreement.
Does it have to be this way? No. We
don't need Required Agreements any more
than we need proprietary operating systems
and software. Relationships should be mutu¬
ally respectful and agreeable. Much more will
get done that way, more cheaply, with much
better code and much less wasted effort.
So, to sum up, we won't have market
relationships worthy of the label until market
space becomes user space. Until then, the
markets we call "free" will still too often
consist of "your choice of walled garden".
We've broken out of that conceptual
trap before. We can do it again. ■
Doc Searls is Senior Editor of Linux Journal. He is also a
Visiting Scholar at the University of California at Santa
Barbara and a Fellow with the Berkman Center for Internet
and Society at Harvard University.
96 | march 2008 www.linuxjournal.com
NEW LOOK. More IT HOSTING.
All the FANATICAL SUPPORT 9
You'll Ever Need.
rackspace.
experience
fanatical
support
WWW. RAC KS PAC E .COM
WhisperStation
Cool... Fast... Silent!
Hear Yourself Think Again!
For 64-bit UPC, Gaming and Graphic Design Applications
Originally designed for a group of power hungry, demanding engineers in the automotive industry,
WhisperStation™ incorporates two dual core AMD Opteron™ or Intel® EM64T™ processors, ultra-quiet
fans and power supplies, plus internal sound-proofing that produce a powerful, but silent, computational
platform. The WhisperStation™ comes standard with 2 GB high speed memory, an NVIDIA e-GeForce
or Quadra PCI Express graphics adapter, and 20" LCD display. It can be configured to your exact
hardware specification with any Linux distribution. RAID is also available. WhisperStation™ will also
make a system administrator very happy, when used as a master node for a Microway cluster!
Visit www.microway.com for more technical information.
Experience the “Sound of Silence”.
Call our technical sales team at 508-746-7341 and design your personalized WhisperStation ™ today.
SMicrowav
Technology you can count on " M