Fedora 8 RC 3

fedora-logo-bubbleFedora 8 RC 3 was released three days ago. This RC shows what users can expect from the upcoming Fedora 8. It comes along with a huge list of new features and bug features. Among them are a KDE 3.5.8, a new NetworkManager core, PolicyKit, PulseAudio and RandR 1.2 support for the open ATI drivers.

The Fedora 8 Feature List was already known for several months, therefore this release does not come along with any surprising additions. Also, many of the feature are more or less designed for GNOME and do not directly apply to KDE users. Well, Fedora is a GNOME distribution through and through.
Nevertheless some of the features are cross-desktop features and are therefore usable for me as well.

KDE

First of all Fedora 8 ships with KDE 3.5.8. For me this means that I can again use Konqueror to edit my WordPress posts because a really annoying bug was finally fixed. Btw., it says a lot about Fedora and KDE when a bug report with patch isn’t even answered in 5 months.
And, of course, because this is real life, I cannot really enjoy WordPress at the moment because my personal bug #1 hits me hard right now. :/ I really, really hope that this bug will be fixes with KDE 4. It would also be wiling to offer solid money if that means the bug gets fixed.
Fedora’s KDE version now also ships with the Enterprise branch of the KDE PIM suite which is said to be more stable.

Konqueror now also works again with the newest Flash player. The bug was automatically resolved by the update of the GTK packages since this was a GTK bug.
It doesn’t, I mixed it up.

NetworkManager

Fedora 8 ships with a pre-release of NetworkManager 0.7 which introduces a wealth of new features. However, it also introduces new APIs so that client tools have to be rewritten. KNetworkManager isn’t available yet so even the KDE version of Fedora 8 ships with the GNOME applet. As soon as knetworkmanager works with the new NetworkManager again it will be shipped through an update.
But for me the GNOME applet didn’t work either, it is still beta software after all.

PolicyKit

PolicyKit is described as “a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by HAL.”. Fedora’s feature page has a list of use cases for PolicyKit which might give a better impression:

  1. David wants to format his USB stick. When he activates the corresponding item from the context menu, the system presents a dialog asking him for the root password.
  2. Matt needs to adjust the clock of his computer. The context menu of the panel clock lets him do this without asking for passwords. (Or, depending on the policy, allows him to authenticate with his own password like sudo or Mac OS X.)
  3. When Ray shuts down his system, gdm asks him if he really wants to shut down while his girlfriend has a session running on the system. When he is the only user on the system, gdm shuts down without further questions.
  4. David administrates his familys desktop system. He wants to allow every family member to format removable media without giving them the root password. He achieves this by editing the xml file that defines the policy for PolicyKit.

In short PolicyKit helps to set end establish certain rights in the time of HAL and other, system wide available services and possibilities used on a multi user computer. Currently there is work done to integrate PolicyKit with GNOME. I haven’t heard of any work currently done to integrate PolicyKit with KDE, but this might come in the future. There is also work underway to create a KDE GUI for PolicyKit.

PulseAudio

PulseAudio is a sound server which is shipped with Fedora 8 by default and will be shipped with other distributions ins the future. It is supposed to be a drop-in replacement for GNOME’s ESD but is at the moment still desktop neutral (so could be used by KDE as well).

The role PulseAudio plays in comparison for example to GStreamer is best explained with X and GUI toolkits like GTK and Qt: PulseAudio is X, GStreamer or Xine are GTK or Qt. PulseAudio therefore won’t replace current existing solutions like Gstreamer or Xine but will sit between these and ALSA to improve the handling of sound streams at that point.

PulseAudio will pave the way for intelligent audio hotplugging functionality—making it possible for the system to automatically redirect VoIP program audio streams when users plug in or remove USB headsets, for instance. PulseAudio’s support for network transparency will also facilitate some impressive functionality.
[…]
PulseAudio would make it possible for a VoIP program to automatically reduce the volume of music programs when a call starts. The software could also be used to automatically reduce the audio volume of all windows that aren’t in the foreground so that if you are playing two movies simultaneously, for instance, the movie in the active window would have higher volume

This however reminds me of some feature KDE’s Phonon is supposed to offer. I wonder how well it will work when two Audio related programs/layers will try to reduce the music audio output because a VoIP call is coming in.

But in case of KDE the discussion isn’t that interesting anyway: Phonon clears the way for every development which might come up. Even if PulseAudio suddenly is extended and tries to replace Gstreamer one day (which is unlikely) KDE 4 could still use it. Thanks, Phonon.

Nevertheless I still have problems with the word “Sound Server”. KDE once had a sound server and while it was a masterpiece at its time it was the source for multiple problems at the end of its lifetime. While there are lengthy mails about all possible problems of PulseAudio I’m still not convinced that the introduced latency will not have any impact on my experience watching Flash movies or talking via Skype. I would like to see some benchmarks or tests or something on standard hardware (!) in that regard.

RandR 1.2 and free ATI drivers

Fedora 8 finally ships with free ATI drives which support RandR 1.2. And it works indeed: the resolution and the ouput of the screens can be altered at the fly. A simple

xrandr --output LVDS --off --output VGA-0 --mode 1680x1050

turns off the Laptop screen and sets the external monitor to 1680×1050. There is no restart or additional xorg.conf configuration necessary. There is still a GUI missing thought, but I’m pretty sure that one will be shipped with Fedora 9.

So, finally I can use hotplug with my external monitor.

Other improvements

Fedora 8 comes along with various other improvements. There is for example a new firewall configuration application which is simple but covers the important parts. Also, the bootup is notably faster, and there is of course a new Kernel.

For KDE enthusiasts the next version of Fedora might be more interesting though because that one will most likely ship with KDE 4. Currently there are just the development libraries available in Fedora 8.

RandR 1.3 and other future X.Org development

cube-with-matrix
A month ago the X Developer Summit took place. Now notes about most of the talks are available and show where X development heads to. Among the information are a feature list for RandR 1.3, for the Intel driver and for X.Org 7.4/7.5.

The X Developer Summit took place from 10th to 12th September and got quite some attention when AMD used the Summit to announce their release of hardware SPECS without any NDA. But there were of course other talks dealing with other, not less interesting topics and the notes about these talks are now available.

RandR 1.3

RandR 1.2 is nowadays shipped with all recent distributions and is supported by most of the current drivers (it is really a twist of fate that my hardware is no yet supported…). It makes live much easier if you have a mobile system or need device hotplugging elsewhere.

The next version however will feature GPU object support. According to a discussion about that topic the GPU object support will enable RandR to combine different a set of X screens with a different number of hardware GPUs:

Right now, with RandR 1.2, you get multiple X screens, one per-GPU, each of which can have multiple monitors connected.

With this feature several GPUs could be merged into one X screen similar to the classical Xinerama setup.

Intel driver

Keith Packard reported about the Intel driver development. Intel graphics hardware still has the best graphics drivers for Linux, but that might change soon due to AMD’s new efforts.
Anyway, the Intel driver itself is in a pretty good state: all current X.Org features like RandR 1.2 and even TV out are fully supported. The next version will feature OpenGL 2.1 support, MPEG hardware decoding, HDMI, improved power savings and output scaling. The driver can be expected around January 2008.

Also, it is interesting to know that the Intel driver developers have a test environment containing at least one of each chipset – this should be normal for every hardware driver development group, but unfortunately isn’t yet for Linux driver developers. The support of hardware vendors still isn’t in such a state (yet) and sometimes the developers depend on donated hardware.

X.Org 7.4/7.5

The X Access Control Extension (XACE) will be ready for SELinux and Solaris Trusted Extensions with X.Org 7.4. This will improve the security model of the X.Org server.
Also, the Distributed Multihead X (DMX) feature which can combine several different backend X servers (think of separated hardware here) into a single virtual X server will be able to use Device Independent X (DIX) as an input module (but to be honest I’m not sure which direct effect this will have for average users).
The notes also say that we can expect Glucose in 7.4 or 7.5: it would fill the gap between Xgl (rendering everything but with a second X server) and AIGLX (rendering without a second server, but not rendering everything).

But there is also a feature delay: as it looks like the multi pointer support for X, MPX, will not be ready for X.Org 7.4. Instead it will be shipped with X.Org 7.5.

Other news

In other news Vedran Rodic made clear that OpenGL performance on Linux sucks and has to be improved – and he is right! He mentioned that regular tests should be done and should be compared to Windows results to determine what and where the problems are.
I hope that in one day there will be entire test labs dedicated to just testing drivers and driver performance on different machines and setups for Linux. But we might have to wait years for that to come true…

Also Michael Dales introduced the new driver “nivo”: network in, video out. The idea is to push VGA and input data through the network thus creating ultra thin clients. While this can be done already via Xvnc Dales is developing an extra driver for better performance. This driver is unique in the X.Org driver collection: all drivers are for output OR input, but “nivo” is for both. 🙂
While I do not have any personal need for nivo it could push the Linux adoption even further since it makes it even cheaper (and more power saving) to create thin clients. Nice.

Thoughts about Captchas: Today animated GIFs, tomorrow Flash videos?

Today I came across a new type of captcha: animated gifs. The animation makes it more difficult to read the characters, however this is just another level of spam-prevention. The next level could be flash-video streams.

Rant about today’s solutions

I hate captchas – I really do. On the one hand they only hinder Spammers, but they don’t block them totally. It is simply a war of steadily evolving technologies against each other. And the side which looses in the end are average humans because at some point the captcha will be to difficult to read for humans while the spam bots will still be able to read them. Btw., on average I need two attempts already to get a captcha right.

On the other hand this technology is something I never really got. Why use captchas? Why not use standard spam prevention software? It should be pretty easy to change spamassassin to work together with WordPress. Or Dspam or one of the other available spam filters. I mean the rules should be pretty easy: if it includes an URL it gets some minus points, if it has more than one URL and even clusters them it gets even more minus points. Akismet uses such filters and these filters are pretty good. Also, such a way of filtering comments would make it possible again for blind people to post comments to blogs.

Tomorrow’s solution (which will be crap as well)

Anyway, enough rant about current captchas, forward to the future. I’d like to predict that we will see pretty soon the first video-stream captchas. These flash-embedded video will make it even harder for bots to read the captchas but are still quite easy to generate and read for humans. The trick would be to have an animation which would show floating objects which would transform in to other objects all the time. At a random time the new objects would be readable characters for a short moment. This stream could be like 10 seconds and would be repeated all the time. The important parts are the fact that you cannot predict when it will exactly show the characters and that also there are information all the time. If you want to use a spam bot against such a stream you have to analyze its entire data stream which would result in quite some CPU load – and that would make it yet again a bit harder for the spam bots. Not impossible though, but maybe hard enough.

Still, this solution is not usable from a blind person’s point of view, and again the simple spam filter tool looks more effective to me.

Blogs about Spam tools and Bot nets: PandaLabs and F-Secure

software-management
I came across the blogs from PandaSoftware and F-Secure which both report about recent developments in the Spam and Bot net world. The blogs give a good insight into the world behind the daily Spam flood.

The blogs can be found at f-secure.com/weblog/ and blogs.pandasoftware.com/blogs/pandalabs/. Both cover in general the same topic (and I’m quite sure that other security companies have similar blogs, btw.) which is malware of any kind. If you want to get a feeling about how spammers and bot net controllers really work these are good sources for information.

As an example: while I knew that writing trojaners and viruses isn’t that difficult in these days due to build kits I wasn’t aware that controlling bot nets is maybe even easier: F-Secure’s article about the LDPinch trojan and PandaLabs’ a href=””>article about the Zunker Bot both show GUI’s which are plain and simple – and easy to use. Looks like even bot net controllers want to have user-friendly tools. This is impressive because it makes controlling bot nets even possible for people who are not that much into computers. And this is again frightening since it lowers the entry barrier pretty much. I mean, it even has a handy and easy to use update mechanism to update the bot on thousands of computers!
If you want to get into the topic more detailed you can also read the MPack uncovered (PDF) report. It covers the MPack tool which attacks web page visitors with a set of known vulnerabilities depending on the configuration of the visitor’s machine.

Another part I found quite interesting was a report about XRumer, a tool used to post stuff to forums – and to bypass captchas. I have to admit that I find it more and more difficult to read the today’s captchas and seeing that tools like XRumer can read them anyway makes me wonder why not everyone switch over to more Akismet-like mechanisms.

Anyway, both blogs are worth keeping an eye on if you want to follow the Bot net development – although I might even depress you to see how professional these people are today and how little can be done at the moment.