Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters All in one big page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page. See also: last week's LWN.
|
Leading items and editorialsKernel changelogs to be censored? Alan Cox stirred things up this week with his announcement of the eleventh 2.2.20 prepatch. Along with the usual set of fixes and updates, the changelog included the following: o Security fixes Details censored in accordance with the US DMCAWhen pressed for details, Alan responded that "file permissions and userids may constitute and be used for rights management" and that he wasn't willing to risk lawsuits and/or prison terms by releasing information that could be used for circumvention. When it comes to security problems, says Alan, "US kernel developers cannot be told. Period." He has not, as yet, responded to questions on how he can work with (US-based) Linus under such conditions. The details, apparently, may appear on a web site that is inaccessible from the U.S. before the official 2.2.20 release happens. Alan, of course, is trying to dramatize a point: U.S. laws on these issues are seriously messed up. It is also true that the U.S. has little reluctance to try to apply its laws to foreign nationals doing things that are legal at home. Even so, one might be forgiven for wondering if Alan is taking things a little too far here. Censored changelogs will attract a bit of attention, but are unlikely to really change much. Besides, as readers of NTK know, the U.K.'s laws are not much better than those in the U.S. with regard to things like "circumvention devices." Also true is the fact that most of the vulnerabilities fixed have already been published: see this week's LWN security page. Even though, as Alan says "there are other security related changes" in this prepatch, the information is already out there. Still, one can not make these points too often. That is especially true in times like these, where civil liberties are in increased danger, and proposed laws like the SSSCA could make Linux itself illegal in the U.S. The presence of the DeCSS code on the net has not shielded those who have republished it. There are dangers out there for those who work with or discuss security vulnerabilities. There is an interesting question, here, though: if a description of a Linux kernel security vulnerability potentially violates the DMCA, what about the patch that fixes it? The patch doesn't just describe the problem, it does so in exact technical terms that will point a would-be exploiter in just the right direction. So, for example, it is considered OK to publish a patch containing: -#define MAX_QUOTA_MESSAGE 75 +#define MAX_QUOTA_MESSAGE (PAGE_SIZE + 256)but it is a violation to put "fix potential buffer overrun in the quota code" into a changelog. Even though this problem was publicly discussed on the linux-kernel list back in September. These are, shall we say, strange times. In the long run, if the Powers That Be are determined to prevent the discussion of security vulnerabilities, they will seek a way to block the exchange of the code as well. Sooner or later, this situation has to resolve itself. The kinds of restrictions that corporations and governments wish to put into software (and discussions about software) are in conflict with free, source-available code. Historically, in the U.S., freedom has a reasonable chance - especially where freedom of speech is involved. But we live in interesting times, to say the least. Emacs 21 is here. The Free Software Foundation this week announced the availability of version 21.1 of the famous emacs editor. The emacs development process has been, until now, relatively invisible to the free software community as a whole, so new releases tend to bring a number of surprises with them. Your reporter, being an emacs user, was naturally curious as to what was in the new release; being also a Debian user, he was able to satisfy his curiosity with a single apt-get command. If only more disk space could be had so easily. So what's up with version 21? Richard Stallman is quoted as follows in the announcement: Emacs 21 is a big step forward in our long-term plan to take Emacs from a programmable text editor to a programmable word processor. FSF development plans do tend toward a long-term nature. Those wanting to use emacs 21 as a true word processor will be disappointed, it's not there yet. It has, however, made some definite steps in that direction. The first signs can be seen in the initial splash screen, shown on the right (click the image for a full-size version). Emacs can now display images in buffers; it is also capable, finally, of using proportional fonts. There is little user-level support for either, but elisp programmers can now get at that functionality. Also present in the new emacs is a toolbar that appears below the standard menubar. It is, of course, customizable for emacs's various modes. It is also easily dispensed with, happily, for those of us who prefer to use the screen space for editing. And, of course, what would a toolbar be without tooltips? Emacs will now happily pop up little help windows all over the place. Perhaps more interestingly, the tooltips mechanism can also be turned on in the GUD debugger mode: move the pointer over a variable name, and a little window with the variable's value pops up. It wouldn't be an emacs release, of course, without a ton of new features. Here's a subset, with occasional screen shots:
The full list of new features is far more extensive than the above - and we have not even begun to talk about the elisp-level changes. Suffice to say that emacs 21 is a major release, with a lot of cool new stuff. The best thing of all, however, may not be an editor feature at all. As of this release, it is now possible to get the development version of the code via a CVS server on savannah.gnu.org. Opening up the emacs development process can only be a good thing for both developers and users. The latest word from Gartner. Those of us who have followed Linux for a while have grown accustomed to hostile opinions published by the Gartner Group. Recently, though, Gartner has shown signs of coming around. The latest pronouncement from that group, published in ZDNet as What's the future of Linux?, shows continued progress in this area. Consider this quote: Linux is being viewed as an opportunity to enable users to get out from under the yoke of proprietary platforms and high software license fees and into a much more flexible and evenhanded negotiating position. But vendors will always seek new opportunities to wedge users into proprietary solutions, so users must remain vigilant to avoid past mistakes that led to lock-in.
Licensing fees and "negotiating positions" are only a small part of what make free software worthwhile. Nonetheless, it looks like Gartner is beginning to figure out what free software really means. There may yet be hope... Inside this LWN.net weekly edition:
This Week's LWN was brought to you by:
|
October 25, 2001
|