Tuesday, March 30, 2010

Iconoclast

Icons have been a part of modern computing since- well, I'm sure we've all used a Windows computer with too many icons littered over the desktop at some point.
Icons can of course be a short-cut to opening an application or document.
They can also show a running program or open documents, be a short-cut to system controls, show system alerts or information from the outside world- the weather, email messages etc.
They are found in menus, on the desktop, in taskbars, in the notification area, as discussed in my previous post.
In fact, they are found in many different places.
Let's have a look at an example in Ubuntu Linux: Opera web browser. Its icon can be found in the Applications>Internet menu




in the panel, if you chose to put it there




on the desktop, if you chose to put it there






in the notification area, if the program is running




and in the bottom panel, if the program is running.




That's five instances of an icon for one program. Of course it's possible to have fewer- at a bare minimum, two, as the panel, desktop and notification area icons are optional. But a quick-start icon is useful- one click to start a frequently-used program is a lot more convenient than three clicks through a menu, even if it does leave a panel littered with program start-up icons.
For other programs, being able to send the program to the notification area is useful- an icon there doesn't take up space or crowd and confuse the bottom panel where open files and documents sit. So for an application like Rhythmbox or Transmission, an icon might appear twice on the screen- a quick start icon and a notification icon.
Document applications like Open Office might also have two icons visible on the screen- a quick start icon and individual document icons.
Wouldn't it be far less cluttered just to have one icon? One icon to start an application, to give information about what an application is doing, to show open documents and to give information about the system or the world outside. Is that possible? Well, yes.
Here's a screen shot of Opera in an application launcher, in this case Docky.





(The icons do a Mexican wave as the mouse pointed moves over them. Individual icons hop to attract attention. The launcher panel hides itself as the mouse pointer moves away. Is Linux meant to be this sexy?)

I can pin the Opera icon to the launcher if I want, but in this case I opened Opera from the Applications>Internet menu. The icon is illuminated to show the program is open, so let's have a look at what's open with a right-click:












The menu tells me I have one page open in Opera. I can switch to that page from the menu, or just left-click to bring Opera into focus. If I select 'Pin to Dock', the Opera menu will appear on the launcher at start-up, and with one icon I'll be able to start the program and view open documents- no need for five icons!

Let's have a look at what else is running! The Gimp is on the launcher- a right-click shows me my open documents:













I can select an open document from the menu and bring it into focus.

I can also switch easily to a text file or a card game I have open- as well as check the time, see if I have email, browse a disk or switch off the computer. (I can't open an application which isn't pinned to the launcher- yet- but that is coming.)

If I open Rhythmbox and play an album, Docky shows me the track information and album cover. A left click brings Rhythmbox into focus and a right-click gives me menu options- pause, next etc. Pretty much ideal behaviour, if you ask me.








There's also an icon for Pidgin on the panel- so will the little bird hop up and tell me I have a new chat message? I'm not sure how well Docky integrates notifications like this. Docky clearly originated as an application launcher, but it's now moving towards being a panel replacement for Linux.

Another application launcher which already has the features to make it a complete panel replacement application is Avant Window Navigator. It has a notification area which can replace the panel notification area, and already has a Main Menu applet for launching applications. In terms of features, it is probably slightly ahead of Docky, if not quite as funky visually.





Both Docky and Avant are very nearly at the point where they can replace the conventional taskbar/panel. One big drawback is that they are one dimensional and can become very clutered and disorganised if too many applications are pinned to the dock. I'd like to see them become two-dimensional, with icons grouped an appearing in vertical columns above a group icon, perhaps. Although the forthcoming Docky Application Menu pretty much pre-empts my thinking.

Monday, March 29, 2010

Remove unwanted items from photos with GIMP

The day after I'd read this story in PCPro about how the new version of Photoshop can remove unwanted items from photos (and watched the admittedly low resolution and grainy but nonetheless impressive Youtube video), I came across this post on OMG! Ubuntu which describes how a plug-in for the GIMP (written by somebody as a Phd project, it seems) can do the same.

[Update: the OMG! Ubuntu post seems to have gone. The Resynthesizer page is still up. Debian users can install the plug-in from the repository.]

After installing the plug-in, make a selection and go to Filters> Map> Resynthesize.

Simple as that.

Now you see it...


Now you don't...


UPDATE: Tutorial here.

Ubuntu's notification area

Here's a quick comparison of the behaviour of Rhythmbox and Banshee when "closed" to the notification area. Rhythmbox adopts Ubuntu's new code of practice for how applications should behave, and Banshee doesn't.



























Action/Behaviour

Rhythmbox
Banshee


Hover

Nothing

Mini-player appears with album art, track and title information, play time, and play bar with manipulatable grabber.
Left-click

Show Rhythmbox menu, including current track and album, with option to display Rhythmbox full screen.Open Banshee.
Right-click

Show applet menu.Show Banshee menu- play, next,
shuffle etc.


I have to say I prefer Banshee's behaviour. I can get the information I want about the current track just by hovering. I can open Banshee with one click. And if I want the menu information, I can get it with a right-click.

With Rhythmbox, I've lost he ability to send the application to the notification area with one click and I've lost the ability to get information about the playing track by hovering .

The new specification for the Ubuntu notification area originally said that music players didn't belong there, and Rhythmbox simply quit on hitting the close button- the only option was to minimise it to the taskbar.

I like to keep the taskbar for documents I'm looking at as much as possible, so I didn't like Rhythmbox being there. If the taskbar is not to full, it's possible to see what's playing, but to control play maximising Rhythmbox was the only option- with the annoying risk of hitting the close button and quitting the program afterwards.

Fortunately Ubuntu seems to have relented and allowed music players back in the notification area.

(No such redemption for the update notification, which now appears- and gets lost- in the taskbar. It was a lot more noticeable in the notification area, and seemed to belong there more naturally.)

I like to send applications that run in the background to the notification area on hitting the close button- Transmission is another example, and again I preferred the behaviour of the icon before it adhered to the new code of practice.
























Action/Behaviour

New

Old

Hover

Nothing

Show transfer rates up and down.

Left-click

Open Transmission menu.Open Transmission.
Right-click

Show applet menu.Open Transmission menu.


Of course there are good reasons for these changes. Previously icons in the notification area were arbitrary interfaces used for arbitrary purposes, with different and confusing behaviour.

Having looked at all the good reasons for the changes, I much preferred my old icons with their arbitrary interfaces. I liked being able to restore applications with one click, and to hover with my mouse and get information I need.

Sadly these useful features seem to have gone out of the window in the name of progress.

I can only hope that when the transition to the new specification is complete, the advantages of consistency will shine through, and we'll look back at the previous notification area and see it as a dog's breakfast, rather than remember it with nostalgia.

Friday, March 12, 2010

Anti-virus in the cloud

My anti-virus solution has long been in the cloud. When I suspect I have found a virus, I upload it to Virustotal for analysis. For example, when I transferred a file from a colleague's laptop to my own at work, a quick look in the target directory revealed some files that were pretty obviously viruses. As my laptop was running Ubuntu, I wasn't concerned about infection. Later on, I checked out the files at Virustotal and they were indeed malware. There are anti-virus scanners for Linux, but Virustotal indicated that none of these (Antivir, avast!. AVG, Clam) would have picked up all the infected files- and of course, Linux can't be infected by Windows malware, so the best place for malware analysis for me is in the cloud.
But this is not really what anti-virus in the cloud means. In the cloud anti-virus model, files are analysed by multiple anti-virus engines at a remote location on a network (the "cloud"), but this is done without sending every file across the network. Computer files may be many megabytes in size, and sending each file across a network would be prohibitive in time and bandwidth. Instead the cloud anti-virus creates a hash of each file (just a few Kb in size) and sends that to the remote site. If the hash is recognised by the remote scanning system, it is reported as safe; if it is not recognised, the file is sent across the network and analysed. If it is found to be a virus, the hash is added to the database and any subsequent computer sending the same hash will know the file is malicious almost instantaneously.








(Image from usenix.com)

This method has the advantage that a large definition file does not have to be stored on the local computer, that new detections are added to the central virus definitions database instantly, and that any virus scanning is done on the remote system and does not use processing power on the local computer. In the original cloud anti-virus system, described in the paper CloudAV: N-Version Antivirus in the Network Cloud, unknown files were analysed on the remote system by multiple anti-virus engines: Avast, AVG, BitDefender, ClamAV, F-Prot, F-Secure, Kaspersky, McAfee, Symantec, and Trend Micro- as well as a couple of 'behavioural engines'.
This must be the ideal system for detecting viruses- utilising the power of the best anti-virus engines together- but of course there's a problem. This system was only built to test an academic model and was not a commercial anti-virus solution. Individual anti-virus companies would never licence their engine to work for a rival's cloud anti-virus.
A commercial cloud anti-virus would still have the advantage of not relying on a local virus definitions database which can take hours or days to update, but would have to rely on the virus detection rate of the anti-virus engine on the central system.
How to have the advantages of an anti-virus without local definitions and harness the power of multiple anti-virus engines?
Immunet has a clever answer: have your cloud anti-virus program sit alongside other anti-virus programs and report to you when they make a detection! That file is then available to you and can be added to your database of detections. This is not to say Immunet does not add its own detections- it claims to use web crawling, honeypots, generic and contextual detections, and has recently teamed up with Clam for Windows to add Clam's engine and detections database to its system. (More on Imuunet here.)
I have no information on detection rates yet, but Immunet/Clam for Windows seems to run well alongside other anti-virus products and may even be good enough to run alone- its small footprint will certainly appeal to users whose systems have been 'bogged down' by traditional anti-virus programs. I'm currently trialing it on my Windows partition (which admittedly doesn't get much use) as sole anti-virus protection. There seems to be some possibility that cloud technology may be added to the Linux version of Clam.
We are currently investigating the possibilities for using Immunet’s Cloud technology in the *nix version of ClamAV. Once ClamAV 0.96 releases and is integrated into the ClamAV for Windows distribution for offline scanning we will begin planning the next phase of integration. This will hopefully include some integration of the Cloud technologies in the *nix version of ClamAV.
Another cloud anti-virus product is available from Panda Security. It apparently has excellent detection rates, but I'm wary of trying it after hearing of alleged links between the company and the cult of Scientology.
More information about Immunet/ClamAV for Windows cloud anti-virus and links to comparisons with Panda CloudAV can be found on the avast! forum.
UPDATE: Panda has apparently distanced itself from Scientology.
Control of Panda Security was transferred to a group of investment funds led by Investindustrial in 2007, since when the firm has embarked on a plan of expanding its international footprint outside its traditional sales base in continental Europe. Panda's founder and former chief, Mikel Urizarbarrena, stepped down at that point and sold 75 per cent of the business, allowing the firm to distance itself from Urizarbarrena's controversial faith in Scientology.
UPDATE2: An interesting comment from a developer of a 'traditional' AV program:
My specific objection against these "new" in-the-cloud AV's is that they shamelessly parasite on the existing AV vendors who spent decades of R&D on getting where they are.

I mean, what most of these home-grown clouds do is basically run each of the files through a dozen of AV scanners (in the cloud) and if at least some of them detect something, report the file as infected.
UPDATE3: Brian Krebs writes on Immunet.

UPDATE4: Immunet no longer picks up the detections of anti-virus programs it runs alongside, according to a post on the avast! forum which purports to be from an Immunet representative.