![[image of the Head of a GNU]](/graphics/gnu-head-sm.jpg)
Welcome to Georg's Brave GNU World. From now on this column will be briefing you about events and developments within the GNU Project on a monthly basis.
The idea for this column was born last year on my way back from the GNU/Linux Cluster "CLOWN" in Paderborn (Germany) after receiving a lot of positive feedback on my speech [4]. My goal is to make the GNU Project [2] more transparent for the user and to give an introduction to the underlying philosophy. I am always open to questions and ideas - don't hesitate to contact me if you'd like to see something explained [1].
This first issue might also be called "Three Shades of Security" because it illuminates the issue of security from three directions. I'll start where most people won't have a problem following me, since it is what most of us would come up with immediately when asked about security.
GPKCS-11
The TrustCenter in Hamburg (Germany) [5] released its PKCS#11 implementation under the GPL and made it an official GNU Project [6].
PKCS#11 is the definition of an interface for so called "Cryptographic Tokens". These tokens are abstract entities that offer functionality for en- and decryption as well as signing and verifying of data. The PKCS#11 interface offers all programs a normalized way of accessing these tokens. Programs do not care whether the token is hardware based (smartcards and such) or solely software based.
Currently GPKCS-11 is still in development, but in the forseeable future we will be able to sign our emails with smartcards in all GNU/Linux systems.
Most people also won't have problems following on to the next topic, the security of data on magnetic media. To destroy such data reliably can be crucial, so that will become my second topic.
Shred
Thanks to Colin Plumb, the GNU Fileutils family has a new member that allows secure deletion of data - the "shred" program. It is no secret that deletion usually just frees the used blocks on the hard disk without actually touching the data. What most people are not aware of is that it is possible to restore even data that have been overwritten.
Due to the analog nature of the media, the magnetisation can never be perfect. This imperfection is exploited by the methods of restoring overwritten data. A method for secure deletion must ensure that all traces of the data are being eliminated. Unfortunately not all magnetic media are encoded in the same way: floppy disks are MFM encoded while hard disks utilize different forms of RLL encoding. The pattern for best deletion depends on the encoding, so, in order to achieve best encoding-independent results, all known patterns are sequentially written over the data.
If you are interested, you can read about the complete theoretical background and methods of restoring overwritten data on the web [7].
For the brave who are not afraid of development versions, shred is already available [8]. Everyone else will have to be a little patient.
The third party in my security triumvirate is the legal safety of programs guaranteed by licenses.
Renaming of the LGPL
Although it might take a little while, it is already official: the "GNU Library General Public License" will be renamed to "GNU Lesser General Public License". The old name suggested that the LGPL is the "GPL for libraries". This is wrong.
The LGPL is a compromise that is required sometimes but generally disliked. The GNU Project seeks to turn all software into Free Software without excluding anyone. At the same time, the freedom of the already existing Free Software needs to be protected. This was the reason for creating the GNU General Public License (GPL). The GPL forbids using the code in proprietary programs - this is the reason why, for instance, the GPL licensed Linux kernel code may not be used to create a proprietary Linux kernel.
The LGPL does not forbid this. Even though the code itself may not be separated from the LGPL, you may use it in proprietary programs. This is necessary in some areas where the standards are under control of proprietary software in a way that would prevent the establishment of GPL licensed software. Hence the new name "Lesser GPL" - it is the "little sister" of the GPL. The LGPL offers less freedom, is less desirable and should be used less often than the GPL. Authors should prefer the GPL whenever possible.
To quote some British comedians: And now for something completely different.
Autoconf
The autoconf package - originally written by David MacKenzie - has found a new maintainer in Ben Elliston. After the development had been dormant for the last two years, this seems to have served as a signal for a lot of people who are interested in working on autoconf. As Ben Elliston told me, the main goal is to create a central archive for useful (optional) autoconf macros; and we can be sure to see a 2.14 release this year. If you have always been thinking about doing work on autoconf it seems that now's the right time. The autoconf mailinglist [9] is open to all interested people.
That's it for this month. I would like to encourage everyone to take part in the column by sending me ideas, suggestions and questions; the address can be found in the info box [1].
| Info |
|
[1] Send ideas, comments and questions to Brave GNU World <column@gnu.org>
|
Return to Brave GNU World home page
Return to GNU's home page.
Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.
Please send comments on the Brave GNU World column to column@gnu.org, send comments on these web pages to webmasters@www.gnu.org, send other questions to gnu@gnu.org.
Copyright (C) 1999 Georg C. F. Greve, German version published in the Linux-Magazin
Permission is granted to make and distribute verbatim copies of this transcript as long as the copyright and this permission notice appear.
Updated: 21 May 1999 ost