No one can tell software developer Kamila Szewczyk that newer is better: She just fixed a 20-year-old bug in Enlightenment E16, the old-school Linux window manager she favors partly because, she tells us, it is actually finished software.
For those unfamiliar, E16 is the long-lived DR16 branch of Enlightenment, a still-developing Linux window manager that first hit the FOSS space in 1997. E16 was introduced in 1999 and is still maintained to this day by a dedicated band of devs like Szewczyk, who noted in her writeup on the bug she discovered that she is one of a small community of "hardcore enthusiasts" who still use and maintain the aged window manager.
Szewczyk, 21, explained in her blog that she found the bug while doing some last-minute work on a slide deck to be used in a course she's teaching as a graduate student at Saarland University in Germany.
"I had a couple of PDFs with lecture slides and an exercise sheet typeset in LaTeX. At some point, I opened one of them in Atril, and the entire desktop froze," Szewczyk wrote. It happened repeatedly until she sussed out the root cause: E16 was hanging whenever it tried to truncate the overly long name of the file she was working with.
After a bit of digging, Szewczyk determined that E16 had implemented its window-title truncation algorithm without an iteration limit. Without that limit, the middle-ellipsis search could bounce endlessly between truncation points, freezing the desktop while it tried to settle on a title.
"Any window whose WM_NAME is long enough that the middle-ellipsis search falls into the overshoot regime reproduces this," Szewczyk explained.
The fix, which she published as a patch against E16 1.0.30, the version released in August 2024, makes three changes to prevent the issue from happening again: She capped iterations at 32, prevented negative corrections from producing a degenerate overlap, and guarded against a divide-by-zero error.
This is a bug that, if it were to be found in a modern window manager or desktop environment, could be a denial of service route that, while it might not destroy data or lock down a server, could still be highly inconvenient.
"No doubt similar bugs are lurking in the millions of lines of code that power modern desktop environments and window managers," Szewczyk told The Register in an email.
She has a bit of a bias against those modern desktop environments and window managers, though. She believes the modern software development philosophy those products adhere to is one that is ultimately counterproductive and less safe for users.
"I feel like we've lost the plot a bit," Szewczyk told us. "We are not nearly eager enough to acknowledge that software can be more or less finished at some point."
Like E16: Sure, it's had new versions released in its decades of life, but those are mostly bug fixes and a few basic changes, not a glut of new, unnecessary features.
"We keep shipping instability we don't need to ship," Szewczyk opined. For users or administrators caught chasing every new thing that ships, she says stop it - just stay on a recent or extended support release, especially of software that tends to ship with a lot of bugs, like web browsers.
"The amount of bugs in private checkouts of crusty old software maintained by competent developers will monotonically decrease," Szewczyk said in her blog post.
That same logic can be applied to extended releases of larger projects that have a greater user base than, say, E16: Live with the features you have, keep up on your security patches, watch the bug count (hopefully) decrease, and you'll probably be safer than if you moved to the latest, greatest iteration that includes features you don't want and a bunch of bugs you don't need. ®
Source: The register