Gentoo Weekly Newsletter: March 17th, 2003
Update from the Game Developers Conference
As reported earlier, Gentoo Linux was present at the recent Game Developers Conference as an official member of the NVIDIA booth. Dean Bailey was Gentoo's official representative and was joined by Emmett Plant,
CEO of Xiph.org. Between Dean, Emmet and the compelling combination of Unreal Tournament 2003 and Gentoo, the conference was a success and introduced many game developers to the wonders of Gentoo Linux.
Figure 1.1: Dean Bailey in the jungle hat and Emmet Plant in the suit at the GDC
GWN looking for contributors
It's hard to believe that the Gentoo Weekly Newsletter is now almost four months old. The ride so far has been a mixture of fun, frustration and plenty of excitement. Each week, we get several emails commenting on how much people enjoy the GWN which is a great help in keeping the GWN team motivated. In an effort to maintain the quality and comprehensiveness that our readers have come to expect from the GWN, we need your help in filling the following positions on our team:
Mailing List Coordinator -- Follow the threads on gentoo-user, gentoo-dev and some of the other more popular mailing lists.
Work with the other mailing list coordinators to write up a summary of the top 3-4 threads of each list
Forums Coordinator -- Follow the forums on the Gentoo Forums. Work with the other
mailing list coordinators to write up a summary of the top 3-4 threads on the forums for that week
Feature writer -- Have an idea for an article you want to write for the GWN? Let us know!
If you're interested in one of the positions above, please send us an email at email@example.com. Remember that it's folks like you that make the GWN possible.
rsync.gentoo.org shows signs of strain as Gentoo Linux continues to grow
As most Gentoo Linux users know, rsync.gentoo.org is a very important domain name. What many people don't know, however, is exactly how rsync.gentoo.org works. Currently, rsync.gentoo.org resolves to one of 20 different IP addresses through a process known as DNS round robin resolution. This essentially is a way of randomly distributing the load of rsync.gentoo.org across multiple servers globally. As Gentoo Linux continues to grow, we've continued to add rsync mirrors to our rotation as generous Gentoo users donate their servers and bandwidth to host a mirror of our Portage tree.
This past week, Gentoo Linux hit an unusual problem as the number of rsync mirrors in the rsync.gentoo.org rotation increased to the point where the total query response packet size became too large for UDP to handle, causing DNS to fall back on TCP to transmit the larger packet size. Despite the fact that this is perfectly valid behavior according to RFC 1035, many firewalls are still configured to block TCP traffic on port 53. This caused some problems among the Gentoo user community as some folks found themselves unable to resolve rsync.gentoo.org, which also meant they were unable to successfully run emerge sync.
As a short-term solution, the number of rsync mirrors in the rsync.gentoo.org rotation was reduced to allow responses to be sent over UDP. As Gentoo Linux continues to grow, however, this will not be a permanent solution. Instead, we're working on two longer-term solutions:
- Migrating to the use of continent and country codes for rsync mirror rotations. Please see this week's Tips & Tricks section for examples on how to set up your box to use this new system.
- Changing our core DNS infrastructure to allow the continued expansion of the rsync.gentoo.org rotation without causing the response packet to become too large. Look for more information about this in a future version of the Gentoo Weekly Newsletter.
Gentoo Linux launches a "hardened Gentoo" effort
An official effort to build a hardened version of Gentoo Linux was launched this week. Built using many of the userland tools, as well as the access controls currently available in Security-Enhanced Linux, this effort should be of interest to anyone running a Gentoo server in an environment that demands a higher level of security.
Anyone interested in participating in this effort should sign up on the gentoo-hardened mailing list.
New items at the Gentoo Store
Based on requests from Gentoo Linux users, the number of items available at the Gentoo Linux Merchandise Online Store has increased significantly. From posters to golf shirts to bumper stickers, now you can show off Gentoo Linux just about anywhere. Prices have also been reduced on many items as well. Remember that each item purchased from the official online store directly supports the continued development of Gentoo Linux.
The ethereal network monitor application contains a string overflow vulnerability in its SOCKS dissector and
a heap overflow in its NTLMSSP code. These vulnerabilities could be used to crash or run arbitrary code under
the privileges of the ethereal service by passing a carefully crafted network packet.
- Severity: High - Remote DOS, code execution.
- Packages Affected: net-analyzer/ethereal versions prior to ethereal-0.9.10
- Rectification: Synchronize and emerge ethereal, emerge clean.
- GLSA Announcement
A patch which cumulatively resolves several buffer overflows and sandbox violations in Macromedia Flash players
has been released. These vulnerabilities could theoretically be used to gain remote access to a target computer.
No exploits have been demonstrated.
- Severity: High - Remote code execution.
- Packages Affected: net-www/netscape-flash versions prior to netscape-flash-6.0.79
- Rectification: Synchronize and emerge netscape-flash, emerge clean.
- GLSA Announcement
The file(1) command contains a buffer overflow vulnerability that could be used to execute arbitrary code
under the privileges of the target user.
- Severity: Moderate - Privilege elevation, mitigated by requirement for target participation.
- Packages Affected: sys-apps/file versions prior to file-3.4.1
- Rectification: Synchronize and emerge file, emerge clean.
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Featured Developer of the Week
Figure 3.1: Grant Goodyear, aka g2boojum
Grant Goodyear is an old timer at Gentoo - quite possibly the only current developer who has been with the project longer is Daniel Robbins himself. Grant, who had been using OpenBSD for scientific computing at work found out about Gentoo through Drobbins' articles at IBM's DeveloperWorks. At the time (about three years ago) #gentoo was a channel with only a dozen or so regulars, the 'ebuild' command existed but 'emerge', with its dependency checking did not, there were only a couple hundred packages, the firstname.lastname@example.org mailing list was the bug tracker, and the only real source of information on writing ebuilds was 'man 5 ebuild'. Like many others who eventually became developers, Grant fixed bugs and wrote packages until the lead developers (then just Achim Gottinger and Drobbins) got tired of committing his changes and asked him to become a developer. Now he's a Senior Development Manager, a trouble shooter and occasional source of advice to younger developers. Grant wrote the Desktop Configuration Guide back when Gentoo upgrades meant a new install so that he could recreate his setup each time. He also edited the Install Instructions which countless users have now used to set Gentoo up more or less from scratch on their machines.
Grant is an Assistant Professor of Chemistry at Clemson University in South Carolina who publishes all his results in freely (as in speech) available, open scientific journals. He's a theoretical chemist, so he spends a lot of his time using computers (all running Linux) to model chemical processes occurring in liquids. He teaches Physical Chemistry 2, which comprises chemical kinetics, quantum mechanics, statistical mechanics, and spectroscopy to undergraduates who would prefer that understanding the world didn't involve so much math. Grant is forced to run Red Hat on his 16-processor cluster, but his P4 and dual Athlon workstations, web/dns server, laptop, and home desktop all run Gentoo. He uses Fluxbox as his WM, screen with irssi for IRC, konqueror for reading 'ebuild(5)', vim, galeon, evolution, and squirrelmail. He feels obligated to use sendmail because he wrote the ebuild for it, but actually prefers postfix.
Grant likes to read science fiction with good character development and happy endings. In his less-than-copious spare time he calls Contra dances. He just got married a few weeks ago, and has accumulated many frequent flier miles visiting his wife Sarah in Houston, Texas from his home in Greenville, South Carolina.
Heard In The Community
Success can be a burden, everybody knows that. The Forums, being particularly successful, have had their shares of load problems, and solutions will have to be found rather quickly by switching to a more powerful hardware platform. While efforts are under way, site admin rac has put the brake on a few features that were responsible for bringing down the Forum's performance, notably the number of thread views that is no longer being updated, the list of people being simultaneously online not sorted alphabetically anymore, and a limitation to ego-searches that now includes only the last two weeks of an individual's post count:
Kernel Sources - Which Do What?
Things were quite easy in the early days of Gentoo with just a handful of kernel source packages to choose from, but the variety of different patchsets, special purpose kernels and platforms at the end of a simple "emerge ***-sources" has grown completely out of proportion. Over the last week, a few descriptions have been put together to update the FAQ about kernel sources in Gentoo, creating a rather impressive document. Still a few blanks to be filled in if you care to add to the knowledge base:
Embarrassing DistroWatch Cheat Attempt
A particularly stupid git has managed to jeopardize Gentoo's reputation by rigging the page view count on DistroWatch, Ladislav Bodnar's well-known list of available Linux distributions. In Ladislav's words: "Now come on, folks! It's just a page hit ranking, it simply monitors how many times a distribution page gets viewed, nothing more! It's not meant to be taken seriously, which I've stated many times - to no avail". Some people are just hopeless:
Mozilla and Java, continued...
The classic tale of Mozilla's distaste for a cup of joe on a Gentoo linux system has returned to the gentoo-user
list this week. It seems that the lizard has plenty of pent up fire to warrant the use of caffeine.
Fortunately this weeks telling contained many success stories on how Gentoo'ers managed to pair the two up.
Examples were given for both Sun and Blackdown's JDK integration into Mozilla's plugins. These should provide
any Gentoo'er the opportunity to take a crack at games.yahoo.com in no time.
Portage-2.0.47-r10 Out for Testing
Small changes to the portage system have been coming along this week. Changes include minor corrections and
alterations, but also additional features. All of this can be looked up in the
of course. However one new option worth special mention is the change to etc-update that allows for
automerging of the config files. So from now on when the occasional
emerge -u world is complete and all you have left to do is the etc-update, just let
the new automerge feature do the work for you! It should be ready for tests so don't hold back on the
And a little reminder, if something isn't quite as it should be after the etc-update. Try
env-update and source /etc/profile both as root.
GLSAs and an Automatic Security Package Tool
Ideas are forming about the Portage system somehow growing to include the GLSAs. This week has seen a small
about how it could come to life. The
Gentoo Linux Security Announcements,
as you all know, inform us when
holes in software packages become a security hazard. And the general consensus is that it would be a
very powerful tool if the portage system could not only update packages for us but also apply those
very needed security patches. Or maybe even entirely mask them out and only allow for updates to packages
with no known security risks. Anyway, I don't think it is too much to say that it would be a most welcome
twist to Gentoo!
New Dutch Forum Moderators Announced
Two new moderators, one Belgian, one Dutch, have been assigned to supervise the Netherlands forum. Long-time Forum dweller Garo and developer Foser have gracefully accepted to split the task between them.
The following stable packages were added to portage this week
Updates to notable packages
- sys-apps/portage - portage-2.0.47-r10.ebuild;
- x11-base/xfree - xfree-4.3.0-r1.ebuild;
- sys-kernel/* - ac-sources-2.4.21_pre5-r3.ebuild; gaming-sources-2.4.20-r1.ebuild; lolo-sources-22.214.171.124_pre5.ebuild; mm-sources-2.5.64-r4.ebuild; mm-sources-2.5.64-r5.ebuild; mm-sources-2.5.64-r6.ebuild; wolk-sources-4.0_rc2.ebuild; wolk-sources-4.0_rc3.ebuild;
- dev-db/mysql - mysql-4.0.11a-r1.ebuild;
- app-admin/gentoolkit - gentoolkit-0.1.19-r3.ebuild;
New USE variables
- lirc - Adds support for lirc (Linux's Infra-Red Remote Control)
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
- 284 new bugs this week
- 417 bugs closed or resolved this week
- 6 previously closed bugs were reopened this week.
- 2047 total bugs currently marked 'new'
- 479 total bugs currently assigned to developers
There are currently 2586 bugs open in bugzilla. Of these: 66 are labelled 'blocker', 87 are labelled 'critical',
and 185 are labelled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Using a localized rsync mirror rotation.
This week's tip shows you how to take advantage of the new country and continent-specific round robin rsync mirror rotations.
The first step is to determine if your country has a round robin rotation assigned to it.
If your country doesn't have an rsync mirror rotation set up yet, you'll see something like the following:
Code Listing 1.1: Using host to determine country-specific gentoo domains
$ host rsync.no.gentoo.org
rsync.no.gentoo.org has address 126.96.36.199
Code Listing 1.1: Not all countries have rsync mirrors yet
$ host rsync.mx.gentoo.org
Host rsync.mx.gentoo.org not found: 3(NXDOMAIN)
You'll need to emerge the bind-tools package in order to use host
Not sure what your two-letter country code is? Here is the official list.
Another option is to use the new continent-level rsync mirror rotations. Currently, the following continent rotations are set up:
rsync.namerica.gentoo.org -- North America
rsync.samerica.gentoo.org -- South America
rsync.europe.gentoo.org -- Europe
rsync.asia.gentoo.org -- Asia
rsync.au.gentoo.org -- Australia (same as the country code)
Once you have identified which rsync mirror you want to use, edit your /etc/make.conf file and place that value in the SYNC variable.
Code Listing 1.1: SYNC set to use the rsync.us.gentoo.org rotation
Moves, Adds and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
- Patrick Kursawe (phosphan) -- bug fixes and miscellaneous stuff
- Sven Vermeulen (SwifT) -- Dutch documentation
The following developers recently changed roles within the Gentoo Linux project.
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: