[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters
All in one big page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


Kernel changelogs to be censored? Alan Cox stirred things up this week with his announcement of the eleventh 2.2.20 prepatch. Along with the usual set of fixes and updates, the changelog included the following: 
o Security fixes
  Details censored in accordance with the US DMCA
When pressed for details, Alan responded that "file permissions and userids may constitute and be used for rights management" and that he wasn't willing to risk lawsuits and/or prison terms by releasing information that could be used for circumvention. When it comes to security problems, says Alan, "US kernel developers cannot be told. Period." He has not, as yet, responded to questions on how he can work with (US-based) Linus under such conditions.

The details, apparently, may appear on a web site that is inaccessible from the U.S. before the official 2.2.20 release happens.

Alan, of course, is trying to dramatize a point: U.S. laws on these issues are seriously messed up. It is also true that the U.S. has little reluctance to try to apply its laws to foreign nationals doing things that are legal at home. Even so, one might be forgiven for wondering if Alan is taking things a little too far here. Censored changelogs will attract a bit of attention, but are unlikely to really change much. Besides, as readers of NTK know, the U.K.'s laws are not much better than those in the U.S. with regard to things like "circumvention devices."

Also true is the fact that most of the vulnerabilities fixed have already been published: see this week's LWN security page. Even though, as Alan says "there are other security related changes" in this prepatch, the information is already out there.

Still, one can not make these points too often. That is especially true in times like these, where civil liberties are in increased danger, and proposed laws like the SSSCA could make Linux itself illegal in the U.S. The presence of the DeCSS code on the net has not shielded those who have republished it. There are dangers out there for those who work with or discuss security vulnerabilities.

There is an interesting question, here, though: if a description of a Linux kernel security vulnerability potentially violates the DMCA, what about the patch that fixes it? The patch doesn't just describe the problem, it does so in exact technical terms that will point a would-be exploiter in just the right direction.

So, for example, it is considered OK to publish a patch containing: 

    -#define MAX_QUOTA_MESSAGE 75
    +#define MAX_QUOTA_MESSAGE (PAGE_SIZE + 256)
but it is a violation to put "fix potential buffer overrun in the quota code" into a changelog. Even though this problem was publicly discussed on the linux-kernel list back in September. These are, shall we say, strange times. In the long run, if the Powers That Be are determined to prevent the discussion of security vulnerabilities, they will seek a way to block the exchange of the code as well.

Sooner or later, this situation has to resolve itself. The kinds of restrictions that corporations and governments wish to put into software (and discussions about software) are in conflict with free, source-available code. Historically, in the U.S., freedom has a reasonable chance - especially where freedom of speech is involved. But we live in interesting times, to say the least.

Emacs 21 is here. The Free Software Foundation this week announced the availability of version 21.1 of the famous emacs editor. The emacs development process has been, until now, relatively invisible to the free software community as a whole, so new releases tend to bring a number of surprises with them. Your reporter, being an emacs user, was naturally curious as to what was in the new release; being also a Debian user, he was able to satisfy his curiosity with a single apt-get command. If only more disk space could be had so easily.

So what's up with version 21? Richard Stallman is quoted as follows in the announcement:

Emacs 21 is a big step forward in our long-term plan to take Emacs from a programmable text editor to a programmable word processor.

FSF development plans do tend toward a long-term nature. Those wanting to [emacs splash screen] use emacs 21 as a true word processor will be disappointed, it's not there yet. It has, however, made some definite steps in that direction. The first signs can be seen in the initial splash screen, shown on the right (click the image for a full-size version). Emacs can now display images in buffers; it is also capable, finally, of using proportional fonts. There is little user-level support for either, but elisp programmers can now get at that functionality.

Also present in the new emacs is a toolbar that appears below the standard menubar. It is, of course, customizable for emacs's various modes. It is also easily dispensed with, happily, for those of us who prefer to use the screen space for editing. And, of course, what would a toolbar be without tooltips? Emacs will now happily pop up little help windows all over the place. Perhaps more interestingly, the tooltips mechanism can also be turned on in the GUD debugger mode: move the pointer over a variable name, and a little window with the variable's value pops up.

It wouldn't be an emacs release, of course, without a ton of new features. Here's a subset, with occasional screen shots:

  • How about an ASCII art mode, which allows mouse-based creation of ASCII diagrams?

  • Color fonts are now supported outside of window mode if the underlying terminal can do it.

  • Emacs can now play audio files, though the documentation does not say much about just why one might want to do that.

  • The modeline is now mouse-sensitive.

  • Emacs now features a blinking cursor in window mode. Happily, you can turn it off.

  • There is a new confirm-kill-emacs variable that will cause the editor to ask before shutting itself down. Users who have found, to their chagrin, that it doesn't take much fat-fingering to turn C-X into C-X C-C will be pleased.

  • Buffers can now have "header lines" that remain at the top of the window, independent of scrolling. Info mode uses this feature to present a navigation bar.

  • Emacs now has wheel mouse support.

  • There is, of course, a new, improved cc-mode with a lot of fancy features. Surprisingly, they appear to have managed not to break too many user configurations this time around. In general, elisp code from version 20 seems to work well in the new release.

  • There's a nice new "diff" mode, most useful for picking the security patches out of kernel updates.

  • The gnus newsreader now handles MIME postings. It also turns smileys into cute little images that are amusing for the first couple of messages.

  • A new highlight-regexp command can be used to mark all occurrences of a given string in a buffer.

  • Incremental search now highlights upcoming matches so you know where you're going next.

  • The "zone out" mode implements a sort of internal screen saver for emacs windows.

  • A new "woman" mode exists which can format up man pages without having to resort to external programs. There is also a new shell mode that has no need for an actual shell. A compile mode with its own built-in compiler has not yet been implemented, however.

  • Cool feature: the regular expression builder allows interactive creation of complicated search strings with immediate feedback on what is matched.

  • A "C warning mode" points out things it thinks are incorrect or dangerous in C code.

  • There is a new postscript mode for those who like to talk to their printers directly.
On the other hand, the rumor that one can now boot directly into emacs from LILO or GRUB, and thus avoid the need for an operating system entirely, proves to be unfounded.

The full list of new features is far more extensive than the above - and we have not even begun to talk about the elisp-level changes. Suffice to say that emacs 21 is a major release, with a lot of cool new stuff.

The best thing of all, however, may not be an editor feature at all. As of this release, it is now possible to get the development version of the code via a CVS server on savannah.gnu.org. Opening up the emacs development process can only be a good thing for both developers and users.

The latest word from Gartner. Those of us who have followed Linux for a while have grown accustomed to hostile opinions published by the Gartner Group. Recently, though, Gartner has shown signs of coming around. The latest pronouncement from that group, published in ZDNet as What's the future of Linux?, shows continued progress in this area. Consider this quote:

Linux is being viewed as an opportunity to enable users to get out from under the yoke of proprietary platforms and high software license fees and into a much more flexible and evenhanded negotiating position. But vendors will always seek new opportunities to wedge users into proprietary solutions, so users must remain vigilant to avoid past mistakes that led to lock-in.

Licensing fees and "negotiating positions" are only a small part of what make free software worthwhile. Nonetheless, it looks like Gartner is beginning to figure out what free software really means. There may yet be hope...

Inside this LWN.net weekly edition:

  • Security: Responses to Scott Culp; possible ssh exploit.
  • Kernel: A new driver model; looking for faster pipes.
  • Distributions: More from the CLIG; Melon: Japanese Linux for the iPAQ.
  • Development: Mozilla 1.0 Manifesto, Ogg Traffic, Parma Polyhedral Library, Simple Web Service API, Crystal Space 0.90 r001, GCC 3.02.
  • Commerce: MontaVista releases high availability framework; Red Hat adds Linux Desktop Productivity Essentials training course; The new 'Lindows' operating system.
  • History: OpenBSD project founded in 1995; Red Escolar project founded in 1998; Tcl/Tk looks for a new corporate home.
  • Letters: Project Liberty, free BIOS implementations, information anarchy.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


October 25, 2001

 

Next: Security

 
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds