Figure 3.1: Bob Johnson, aka LiveWire
Earlier this week, the decision was made to release the next version of Gentoo Linux 1.4 as Release Candidate 4, rather than Final. Improvements to the rc4 release include much better hardware detection on the LiveCD installation disc as well as major updates to various packages in the Portage tree. The decision to issue another release candidate was made due to a number of reasons, including:
New Unreal Tournament 2003 Game CD
A new Unreal Tournament 2003 Game CD has been released and can be downloaded here as well as any of our other mirrors. This CD allows you to run the Unreal Tournament 2003 demo directly from CD, with no installation required. Just boot your computer from the CD and play! The latest CD includes a highly-optimized gaming kernel, which significantly improves overall gameplay. Other improvements include the latest NVIDIA drivers (1.0.4349) with GeForce FX support, preliminary bootsplash support, full autodetection of all hardware and countless other enhancements. This GameCD does require a modern NVIDIA graphics card to run the ut2003-demo.
You can also run the latest demo on your existing Gentoo Linux system provided you have a modern NVIDIA graphics card. Just type emerge ut2003-demo and then type ut2003-demo to start the game. The use of the gaming-sources kernel is recommended for optimum gaming performance and responsiveness.
The Samba server is subject to a buffer overflow in a string copy routine that could be exploited to gain remote root access to the vulnerable server.
KDE's use of Ghostscript to process PostScript and PDF files is subject to a security vulnerability permitting the execution of arbitrary shell commands embedded in such files, using the user privilege level. This attack could be implemented by posting maliciously crafted files to webservers or embedding them in emails.
Note: The patch versions of kde are currently only marked stable for x86. If you have successfully compiled and merged 3.1.1a or 3.0.5a on any other architecture please report this to kde@gentoo.org . |
KDE's use of Ghostscript to process PostScript and PDF files is subject to a security vulnerability permitting the execution of arbitrary shell commands embedded in such files, using the user privilege level. This attack could be implemented by posting maliciously crafted files to webservers or embedding them in emails.
The popular Seti-At-Home distributed computing client application is subject to a buffer overflow vulnerability that could be used to execute arbitrary code - this would require spoofing of the client connection to the server. The client also transmits system information in plain text, including processor type and OS.
Version 2 of the Apache HTTP server is subject to a memory leak in the way it handles large numbers of consecutive linefeed characters. This could be used by a remote attacker to exhaust system resources on a vulnerable server.
There were no new security bugs this week that are still outstanding.
3. Featured Developer of the Week
Bob Johnson
Figure 3.1: Bob Johnson, aka LiveWire |
|
The Gentoo LiveCD is the tool that got Gentoo Linux onto most people's systems and is often the first impression of Gentoo that users get. This week's featured developer, Bob Johnson, is in charge of the livecd-ng scripts that are used to make the LiveCDs (curious readers can go ahead and emerge it since it's in Portage), and has been building the last few x86 LiveCDs. His work with the LiveCDs mostly involves listening to users complain about how they can't get the LiveCD to boot or get their NIC working, and then working to fix the problem. Bob's involvement with the Gentoo team began when he was suddenly asked to get the xfs-sources kernel ready for the 1.4-rc2 LiveCD in 24 hours when he had only been running Gentoo for about two weeks. In addition to working on livecd-ng and the x86 CDs, Bob also maintains xfs-sources and gs-sources (to find out about these and other kernels, read KC6:Which Sources? in the forums.)
Bob's main box is an Athlon XP 2100+ with 512MB RAM, seven hard drives (four SCSI, three IDE), dual NVIDIA cards with a 19-inch monitor attached to each and running KDE, which Bob used to think was ugly but now, at version 3.1, loves. He uses VMWare a lot for testing, and doesn't know what he'd do without it.
Bob owns a concrete and excavating company, and has been in the business for seventeen years. He's been married for fifteen years, has a thirteen-year-old-daughter, and has two beagles in his home in Indianapolis, Indiana. During the summer he spends a lot of time at the lake, slalom water skiing, and waxing the 20-foot Caravelle he bought last year when he isn't boating.
Happy Birthday, Gentoo Forums!
The first post to the freshly installed Gentoo Forums was an announcement by Forum founder Nitro on 9 April 2002: "This forum is my shot at helping users of Gentoo (including myself)." What started as a humble affair on a cable connection has quickly developed into one of the most successful and exciting tech support venues on the web, with an average of 700 new posts every day, five-digit user head count and a peculiar atmosphere that sets it apart from most other Linux forums. People here are polite, eloquent, uncommonly helpful to others and generally the best of folks. Congratulations to us all:
Automatic Hardware Configuration Using Profiles
Making clever use of the runlevels in Gentoo, Optilude contributed scripts and documentation for configuring your hardware according to different profiles last week, thank you very much:
Running Business Software in Gentoo: How to Install Oracle 9.2
Problems with Oracle under Gentoo Linux had been dragging on since December, doubtlessly due to problems with gcc and its libraries. Finally we've come to a happy ending. Make sure your glibc is in order, run the Oracle installer and enjoy:
Getting the most USE out of it...
The USE flag system portage implements may well pose as a source of anxiety for the Gentoo newbie. Carlos Gonzalez began a thread exemplifying the somewhat complicated process of having to modify USE flags on a per package basis (stripping JAVA for a PHP emerge). Thankfully the thread mentioned a tool created to simplify the process of managing these USE flags, ufed -- Use Flag Editor, where flags are explained and can be toggled on and off. Carl Hudkins noted his *wish* that ufed would be included on Gentoo's LiveCD.
p2p for the masses
It's finally happened, p2p has gone mainstream and the sheer amount of KaZa'ers are rivaling the once dominant Napster network. While some Gentoo users have jumped on the bandwagon by installing Kazaa lite using wine (a MS Windows emulator), Chris Graves wants to get down with p2p clients native to Linux. The good news is that Linux is far from lacking in p2p clients, and that the network was in fact pioneered with open source clients developed for Linux. Keppy mentions Gentoo's commitment to these programs in the form of the portage directory: /usr/portage/net-p2p/. Limewire a popular open source p2p client written in Java was also recommended, though not in portage.
Performance in Gentoo
The Linux kernel project has given rise to quite a few derivatives over the years. And while the Kernel project tries to maintain a stable kernel befitting a general public. The spawned derivatives implement a wide variety of changes often brought by many different people. This plethora of minds and opinions going into the kernel is its strength. Then naturally it becomes hard to choose.
One way to reduce the dilemma of choosing is simply trying out the different major distributions. This way we can see how the specific distribution performs the task it is set to do.
While performing a little speed test, this user noticed that apparantly the Gentoo kernel had a relative performance low compared to the Red Hat installed kernel.
The discussion itself evolves around a specific system call monitored with a specific lmbench. But for those of you eeking to test your linux box here are a couple of resources you might want to take a look at.
First of all, don't forget that the kernel is not the distribution. Never compare the incomparable. Remember, similar configurations, similar platforms, similar patches and so on. Now, having a good test foundation we need a tool - which Gentoo provides here. And there is a benchmarking howto available at TLDP
Now, as annoying as this can be, the trick is knowing what flag goes with what package. And also remember that there are default flags set.
The way around the first dilemma is to run the command "emerge -pv [package_name]" this will show what flags go with what package package
And the default flags are not apparant either. However the command "grep -A 3 USE /etc/make.profile/make.defaults" will reveal the secret. But caution, do not change the make.defaults. Rather modify your make.conf and you can even build your own USE string from scratch. To compose your own list of USE flags you set USE="-* [your flag list]". Where "-*" unsets all flags and "[your flag list]" simply is the string of flags you choose to enable.
Gentoo as a binary release?
The question was raised as to why Gentoo does not provide a binary package system. Binary vs. source has always been a point of contention among Gentoo users. Many want the convenience and speed offered by binary packages while others decry such efforts as taking focus away from making Gentoo Linux the best source-based distribution available.
As some users may already know, Gentoo Linux is working on providing a limited subset of binary packages in the form of the Gentoo Reference Platform. Applications such as KDE, XFree86 and other large applications will be offered in both source and binary form in order to provide a choice to our users. The first "official" release of the Gentoo Reference Platform will come with the final release of Gentoo Linux 1.4.
Taiwanese Gentoo Initiatives Merging
In a big push for the fledgling Chinese Gentoo user communities, Gentoo Taiwan GOT, gentoo.org.tw) was set up last week. Patrick Hsieh, the coordinator, and a few zealous Gentooists are merging their strength to establish a local Gentoo organization in Taiwan. They're not only promoting Gentoo to the Taiwanese Linux user sphere, but also making every effort to help localizing Gentoo Linux for the realm of the Big5 Chinese encoding. "We already have a dedicated rsync server (rsync.gentoo.org.tw) and an ambitious new forum (http://openbazaar.net) plus an almost ready gentoo FTP server(ftp.gentoo.org.tw). And definitely more and more users will see how we make the difference," says Patrick Hsieh. The GOT web portal is also under construction and about to be unveiled in a few days.
Meanwhile Back in Reality: Italian Consultancy Deploys Gentoo Linux
Verona, a rather attractive spot in Northern Italy, is better known for its historic arena dating from the Roman empire (and notorious for butchering opera master pieces at that same location). A lesser known fact is that it's currently spearheading Gentoo's move to professional corporate use: Euronia, a technology consultancy firm in Verona, made the switch from SuSE to Gentoo Linux for their own computers as early as release 1.0, and started offering services based on Gentoo six months ago. Their customers include Banca Populare di Verona e Ravenna, the largest banking group in the region, where Euronia set up a proxy for 7500 users, a reverse SSL proxy, secure FTP and other servers, all powered by Gentoo Linux. At Antex (a major HR consultancy in Italy), the tax calculations for 150,000 pay checks each month are done on a Gentoo-based SQL server, and a handful of other banks had Euronia switch their web servers to Gentoo as their operating system, too. Euronia's push for Gentoo Linux in corporate server solutions is easily explained: "We find that Gentoo Linux is the most advanced distro available", says Andrea Gagliardi, head of technology at Euronia. "We build solutions for customers, like the servers we usually base on EVMS-enabled Vanilla kernels with a dozen other stable patches thrown in, or our embedded Xfree on Aquapads (diskless tablet PCs). Nothing we've tried makes setting up and deploying all those customizations more manageable than Gentoo".
The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 3010 bugs open in bugzilla. Of these: 55 are labeled 'blocker', 119 are labeled 'critical', and 245 are labeled 'major'.
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
Using /dev/loop to view a CD image
This week's tip explains how to use the loop device to view or share files from a CD image or ISO file.
First, you need to make sure you have support in your kernel. It can be configured as a module so there's no need to reboot if you don't have support.
Code Listing 8.1: Installing the kernel module |
(configure the following option) Block Devices -> <M> Loopback device support # make dep && make modules modules_install # insmod loop |
To view the contents of an iso file, just mount the iso on a loopback device. For example, here we mount gentoo-basic-x86-1.4_rc4.iso to gentoo-1.4_rc4/.
Code Listing 8.2: Mounting an iso on a loopback device |
# mount gentoo-basic-x86-1.4_rc4.iso gentoo-1.4_rc4 -o loop=/dev/loop1,blocksize=1024
|
Now you can view the directory gentoo-1.4_rc4 just as if it were part of your regular filesystem.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: