|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 25 Oct 2001 16:45:15
To : All
Subject : URL: http://www.lwn.net/2001/1025/
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[3]Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
Other LWN stuff:
[13]Daily Updates
[14]Calendar
[15]Linux Stocks Page
[16]Book reviews
[17]Penguin Gallery
[18]Archives/search
[19]Use LWN headlines
[20]Contact us
TUCOWS.com:
[21]linux.tucows.com
[22]Ext2
[23]Themes
Recent features:
- [24]O'Reilly Open Source Conference
- [25]OLS 2001
- [26]Gael Duval
- [27]Kernel Summit
- [28]Singapore Linux Conference
- [29]djbdns
- [30]LinuxWorld NY
- [31]Jason Haas
- [32]Larry Wall
- [33]Bruce Momjian
- [34]2000 Timeline
Here is the [35]permanent site for this page.
See also: [36]last week's LWN.
Leading items and editorials
Kernel changelogs to be censored? Alan Cox stirred things up this week
with his [37]announcement of the eleventh 2.2.20 prepatch. Along with
the usual set of fixes and updates, the changelog included the
following:
o Security fixes
Details censored in accordance with the US DMCA
When pressed for details, Alan responded that "file permissions and
userids may constitute and be used for rights management" and that he
wasn't willing to risk lawsuits and/or prison terms by releasing
information that could be used for circumvention. When it comes to
security problems, [38]says Alan, "US kernel developers cannot be
told. Period." He has not, as yet, responded to questions on how he
can work with (US-based) Linus under such conditions.
The details, apparently, may appear on a web site that is inaccessible
from the U.S. before the official 2.2.20 release happens.
Alan, of course, is trying to dramatize a point: U.S. laws on these
issues are seriously messed up. It is also true that the U.S. has
little reluctance to try to apply its laws to foreign nationals doing
things that are legal at home. Even so, one might be forgiven for
wondering if Alan is taking things a little too far here. Censored
changelogs will attract a bit of attention, but are unlikely to really
change much. Besides, as readers of NTK know, [39]the U.K.'s laws are
not much better than those in the U.S. with regard to things like
"circumvention devices."
Also true is the fact that most of the vulnerabilities fixed have
already been published: see [40]this week's LWN security page. Even
though, as Alan says "there are other security related changes" in
this prepatch, the information is already out there.
Still, one can not make these points too often. That is especially
true in times like these, where civil liberties are in increased
danger, and proposed laws like the SSSCA could make Linux itself
illegal in the U.S. The presence of the DeCSS code on the net has not
shielded those who have republished it. There are dangers out there
for those who work with or discuss security vulnerabilities.
There is an interesting question, here, though: if a description of a
Linux kernel security vulnerability potentially violates the DMCA,
what about the patch that fixes it? The patch doesn't just describe
the problem, it does so in exact technical terms that will point a
would-be exploiter in just the right direction.
So, for example, it is considered OK to publish a patch containing:
-#define MAX_QUOTA_MESSAGE 75
+#define MAX_QUOTA_MESSAGE (PAGE_SIZE + 256)
but it is a violation to put "fix potential buffer overrun in the
quota code" into a changelog. Even though this problem was
[41]publicly discussed on the linux-kernel list back in September.
These are, shall we say, strange times. In the long run, if the Powers
That Be are determined to prevent the discussion of security
vulnerabilities, they will seek a way to block the exchange of the
code as well.
Sooner or later, this situation has to resolve itself. The kinds of
restrictions that corporations and governments wish to put into
software (and discussions about software) are in conflict with free,
source-available code. Historically, in the U.S., freedom has a
reasonable chance - especially where freedom of speech is involved.
But we live in interesting times, to say the least.
Emacs 21 is here. The Free Software Foundation this week [42]announced
the availability of version 21.1 of the famous emacs editor. The emacs
development process has been, until now, relatively invisible to the
free software community as a whole, so new releases tend to bring a
number of surprises with them. Your reporter, being an emacs user, was
naturally curious as to what was in the new release; being also a
Debian user, he was able to satisfy his curiosity with a single
apt-get command. If only more disk space could be had so easily.
So what's up with version 21? Richard Stallman is quoted as follows in
the announcement:
Emacs 21 is a big step forward in our long-term plan to take Emacs
from a programmable text editor to a programmable word processor.
FSF development plans do tend toward a long-term nature. Those wanting
to [43][emacs splash screen] use emacs 21 as a true word processor
will be disappointed, it's not there yet. It has, however, made some
definite steps in that direction. The first signs can be seen in the
initial splash screen, shown on the right (click the image for a
full-size version). Emacs can now display images in buffers; it is
also capable, finally, of using proportional fonts. There is little
user-level support for either, but elisp programmers can now get at
that functionality.
Also present in the new emacs is a toolbar that appears below the
standard menubar. It is, of course, customizable for emacs's various
modes. It is also easily dispensed with, happily, for those of us who
prefer to use the screen space for editing. And, of course, what would
a toolbar be without tooltips? Emacs will now happily pop up little
help windows all over the place. Perhaps more interestingly, the
tooltips mechanism can also be turned on in the GUD debugger mode:
move the pointer over a variable name, and a little window with the
variable's value pops up.
It wouldn't be an emacs release, of course, without a ton of new
features. Here's a subset, with occasional screen shots:
* How about [44]an ASCII art mode, which allows mouse-based creation
of ASCII diagrams?
* Color fonts are now supported outside of window mode if the
underlying terminal can do it.
* Emacs can now play audio files, though the documentation does not
say much about just why one might want to do that.
* The modeline is now mouse-sensitive.
* Emacs now features a blinking cursor in window mode. Happily, you
can turn it off.
* There is a new confirm-kill-emacs variable that will cause the
editor to ask before shutting itself down. Users who have found,
to their chagrin, that it doesn't take much fat-fingering to turn
C-X into C-X C-C will be pleased.
* Buffers can now have "header lines" that remain at the top of the
window, independent of scrolling. Info mode [45]uses this feature
to present a navigation bar.
* Emacs now has wheel mouse support.
* There is, of course, a new, improved cc-mode with a lot of fancy
features. Surprisingly, they appear to have managed not to break
too many user configurations this time around. In general, elisp
code from version 20 seems to work well in the new release.
* There's [46]a nice new "diff" mode, most useful for picking the
security patches out of kernel updates.
* The gnus newsreader now handles MIME postings. It also turns
smileys into cute little images that are amusing for the first
couple of messages.
* A new highlight-regexp command can be used to mark all occurrences
of a given string in a buffer.
* Incremental search now [47]highlights upcoming matches so you know
where you're going next.
* The "zone out" mode implements a sort of internal screen saver for
emacs windows.
* A new "woman" mode exists which can format up man pages without
having to resort to external programs. There is also a new shell
mode that has no need for an actual shell. A compile mode with its
own built-in compiler has not yet been implemented, however.
* Cool feature: the [48]regular expression builder allows
interactive creation of complicated search strings with immediate
feedback on what is matched.
* A "C warning mode" points out things it thinks are incorrect or
dangerous in C code.
* There is a new postscript mode for those who like to talk to their
printers directly.
On the other hand, the rumor that one can now boot directly into emacs
from LILO or GRUB, and thus avoid the need for an operating system
entirely, proves to be unfounded.
The full list of new features is far more extensive than the above -
and we have not even begun to talk about the elisp-level changes.
Suffice to say that emacs 21 is a major release, with a lot of cool
new stuff.
The best thing of all, however, may not be an editor feature at all.
As of this release, it is now possible to get the development version
of the code via a CVS server on savannah.gnu.org. Opening up the emacs
development process can only be a good thing for both developers and
users.
The latest word from Gartner. Those of us who have followed Linux for
a while have grown accustomed to hostile opinions published by the
Gartner Group. Recently, though, Gartner has shown signs of coming
around. The latest pronouncement from that group, published in ZDNet
as [49]What's the future of Linux?, shows continued progress in this
area. Consider this quote:
Linux is being viewed as an opportunity to enable users to get out
from under the yoke of proprietary platforms and high software
license fees and into a much more flexible and evenhanded
negotiating position. But vendors will always seek new
opportunities to wedge users into proprietary solutions, so users
must remain vigilant to avoid past mistakes that led to lock-in.
Licensing fees and "negotiating positions" are only a small part of
what make free software worthwhile. Nonetheless, it looks like Gartner
is beginning to figure out what free software really means. There may
yet be hope...
Inside this LWN.net weekly edition:
* [50]Security: Responses to Scott Culp; possible ssh exploit.
* [51]Kernel: A new driver model; looking for faster pipes.
* [52]Distributions: More from the CLIG; Melon: Japanese Linux for
the iPAQ.
* [53]Development: Mozilla 1.0 Manifesto, Ogg Traffic, Parma
Polyhedral Library, Simple Web Service API, Crystal Space 0.90
r001, GCC 3.02.
* [54]Commerce: MontaVista releases high availability framework; Red
Hat adds Linux Desktop Productivity Essentials training course;
The new 'Lindows' operating system.
* [55]History: OpenBSD project founded in 1995; Red Escolar project
founded in 1998; Tcl/Tk looks for a new corporate home.
* [56]Letters: Project Liberty, free BIOS implementations,
information anarchy.
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [57]Jonathan Corbet, Executive Editor
October 25, 2001
[58]Click Here
[59]Click Here
[60]Next: Security
[61]Eklektix, Inc. Linux powered! Copyright Л 2001 [62]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-001-000-000-012
3. http://lwn.net/2001/1025/security.php3
4. http://lwn.net/2001/1025/kernel.php3
5. http://lwn.net/2001/1025/dists.php3
6. http://lwn.net/2001/1025/devel.php3
7. http://lwn.net/2001/1025/commerce.php3
8. http://lwn.net/2001/1025/press.php3
9. http://lwn.net/2001/1025/announce.php3
10. http://lwn.net/2001/1025/history.php3
11. http://lwn.net/2001/1025/letters.php3
12. http://lwn.net//2001/1025/bigpage.php3
13. http://lwn.net/daily/
14. http://linuxcalendar.com/
15. http://lwn.net/stocks/
16. http://lwn.net/Reviews/
17. http://lwn.net/Gallery/
18. http://lwn.net/archives/
19. http://lwn.net/op/headlines.phtml
20. http://lwn.net/op/Contact.html
21. http://linux.tucows.com/
22. http://news.tucows.com/ext2/
23. http://unixthemes.tucows.com/
24. http://lwn.net/2001/features/oreilly2001/
25. http://lwn.net/2001/features/OLS/
26. http://lwn.net/2001/features/MandrakeSoft.php3
27. http://lwn.net/2001/features/KernelSummit/
28. http://lwn.net/2001/features/Singapore
29. http://lwn.net/2001/features/djbdns.php3
30. http://lwn.net/2001/features/linuxworldny/
31. http://lwn.net/2001/features/JHaas/
32. http://lwn.net/2001/features/LarryWall/
33. http://lwn.net/2001/features/Momjian/
34. http://lwn.net/2000/features/Timeline/
35. http://lwn.net/2001/1025/
36. http://lwn.net/2001/1018/
37. http://lwn.net/2001/1025/a/2.2.20-pre11.php3
38. http://lwn.net/2001/1025/a/ac-period.php3
39. http://www.ntk.net/index.cgi?back=2001/now1005.txt
40. http://lwn.net//2001/1025/security.php3
41. http://lwn.net/2001/1025/a/quota-overrun.php3
42. http://lwn.net/2001/1025/a/emacs-21.php3
43. http://lwn.net//2001/1025/splash.php3
44. http://lwn.net//2001/1025/artist.php3
45. http://lwn.net//2001/1025/info.php3
46. http://lwn.net//2001/1025/diff.php3
47. http://lwn.net//2001/1025/isearch.php3
48. http://lwn.net//2001/1025/re-builder.php3
49. http://www.zdnet.com/techupdate/stories/main/0,14179,2819787,00.html
50. http://lwn.net/2001/1025/security.php3
51. http://lwn.net/2001/1025/kernel.php3
52. http://lwn.net/2001/1025/dists.php3
53. http://lwn.net/2001/1025/devel.php3
54. http://lwn.net/2001/1025/commerce.php3
55. http://lwn.net/2001/1025/history.php3
56. http://lwn.net/2001/1025/letters.php3
57. mailto:lwn@lwn.net
58. http://ads.tucows.com/click.ng/buttonpos=lwnbutton125top
59. http://ads.tucows.com/click.ng/buttonpos=125-001-016
60. http://lwn.net/2001/1025/security.php3
61. http://www.eklektix.com/
62. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/1025/ |
Sergey Lentsov |
25 Oct 2001 16:45:15 |
|
|
