No(vell) sticky questions

In a recent live episode of Novell OpenAudio, Nat Friedman was interviewed and got posed some questions from the floor. One question highlighted that Novell had chosen AppArmour over SELinux and developed XGL in secret.

Nat highlighted two advantages of AppArmour over SELinux. 1) It was written by people who worked on the Linux kernel security structure. 2) It’s easier to configure than SELinux. What the presenters didn’t counter with was why Novell didn’t choose to put their efforts into making SELinux better, rather than spending millions on purchasing a company that owned an alternative product. And given that SELinux is developed by the NSA, it’s probably safe to assume they have a resonable grasp of the security issues…

On the XGL question, Nat’s response was that XGL development started a year or so before AIGLX. I’d have like to see the presenters take him up on that too. The project may have existed, but early development was kept secret and the project was not developed in the normal Open Source manner – a publicly available source code repository and patches submitted by the community. Because Novell didn’t develop XGL using the Open Source model, people were denied the opportunity to get involved and contribute code. That’s hardly a great way to build relationships with the community. Some people who would have contributed to XGL went off and started AIGLX, a project that does much the same thing (albeit in a different way) and that uses the traditional Open Source development model.

Nat’s second point was that AIGLX only works with Open Source drivers, as opposed to XGL which works with all graphics cards. Yeah, there’s an ambiguity there. XGL doesn’t work with the Open Source drivers. So if you want to use it, you have to use the propriatory drivers. So even if you’ve gone out of your way to ensure you have a graphics card supported by the Open Source 3D drivers, you can’t use XGL. From a company that has done so much to free the propriatory software that they have bought, that’s a bit sad.

But being a corporate show, the presenters are never going to be tough on guests from within the same company. At least the questions got asked, I suppose.

Be Sociable, Share!
    Pin It

    4 Responses to No(vell) sticky questions

    1. Ted Haeger says:

      Thanks for the comments. The reason why we did not ask some of the questions you might have asked were in partly Nat’s answer. Chock it up to the issues being familiar to us.

      SE Linux was started after AppArmor. It uses LSM interfaces that were actually created and contributed by the AppArmor team. Perhaps the real question is: why did Novell chose to acquire a proprietary tool (AppArmor) rather than an open one (SE Linux). I think the answer is that AppArmor is in better alignment an important security principle: if the basic enforcement capabilities are similar, then the security tool that is more simple to configure will be likely more effective than tools that are complex to configure. Novell liked AppArmor’s simplicity over SE Linux, so we bought Immunix, and open sourced AppArmor. As a result, Linux now provides more choice for strong security.

      Regarding Xgl, Nat pointed out that Xgl merely enables the windowing and compositing manager (Compiz).If I remember correctly, Nat mentioned that we may even look to switching over to AIGLX when it makes sense to do so. However, the most common PC graphics hardware today includes a lot of Nvidia and ATI. So, perhaps a good question we could have asked is, “What is Novell doing to get ATI and Nvidia to open their 3D drivers?” which still remains an unsolved mystery.

      Finally, the “not developed in the normal Open Source manner” might be better said “not developed with the community.” A recent comment left on my blog examines this pretty well. At the end of the day, it’s a matter of opinion, and not everyone will agree with our execution on Xgl. The final result is that the single engineer on Xgl (David Reveman) took it behind closed doors for a few months in order to get it working well enough for it to be a usable proof of concept before releasing it. When he did, he provided a working foundation for hackers to experiment with.


    2. Tony says:

      As ever Ted, you are hot off the mark on any blog that mentions NOA. 🙂 Perhaps “not developed in the normal Open Source manner” might be better said “not developed in the normal Free Software manner.” Hey, if Novell could get ATI and Nvidia to open their 3D drivers, that would be great. Personally, I made sure I purchased cards that supported 3D using the open drivers, and as a result can’t use XGL. This isn’t a great loss, but it irritates me that people who strive to use Free Software wherever possible are excluded from cool new technology. It also worries me that cool new technology relies so heavily on propriatory components.

    3. Charles Hughes says:

      It is not that XGL requires use of propriatory drivers. It requires hardware 3D acceleration, which the open source drivers for nVidia and ATI cards do not support.

    4. Tony says:

      Umm. yes they do. Not for every card. But, as I mention in my post, if you’ve gone out of the way to purchase graphics cards that can provide 3D using the Open Source drivers, you still can’t use XGL. For example, I have a Radeon Mobility 9000 in my laptop, which supports 3D using the “ati” driver. My desktop has an ATI Radeon 9200 SE card that supports 3D using the “ati” driver, even under dual head.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This blog is kept spam free by WP-SpamFree.