Figure 3.1: Alastair Tse, aka liquidx
Feature list for next release of Gentoo Linux 1.4
Daniel Robbins recently posted a list of features that will be completed before the next release of Gentoo LInux 1.4. Features include:
The continued growth of Gentoo Linux has placed more and more demands on our mirror system. Both source mirrors as well as rsync mirrors continue to show dramatic increases in usage. As we continue to grow, the importance of using our mirroring system responsibly becomes more critical. As such, here are some rsync etiquette guidelines to keep in mind as you emerge sync:
Remember that all of our rsync mirrors rely entirely upon donated resources. Thus, being respectful of these donated resources is not only a common courtesy, but essential if we are to support the continued growth of Gentoo Linux.
Over the past few weeks, a number of new Gentoo Linux mailing lists have been created for our users. Among them include:
Policy discussion regarding accessing users' boxes
Recently, the Gentoo Linux development team discussed whether or not it was acceptable to remotely access users' boxes (with the consent of the user) to assist with debugging and troubleshooting a specific problem. Some developers voiced concerns about unwarranted finger pointing that might arise if something went wrong during the process. Others raised concerns about setting unreasonable expectations among the Gentoo Linux user base. After a lengthy discussion, the majority of developers seemed to agree that, while accessing users' boxes should not be a regular occurance, it may be acceptable in certain circumstances, such as trying to track down a particularly troublesome bug.
OpenSSH has a vulnerability which permits a timing attack that can reveal the identities of valid users on the target system. This information greatly enhances the system's vulnerability to brute-force attacks and weak passwords.
The monkeyd web server contains a buffer overflow vulnerability in its handling of POST requests. This could theoretically be used to implement a DoS attack, or to execute arbitrary code under the privileges of the monkey server.
The PPTP daemon contains a buffer overflow in its handling of PPTP packet headers. This could be used to remotely load executable code into the server's stack.
The fax spool in mgetty is world-writable, which permits unprivileged users to modify transmission privileges. In addition, there is a buffer overflow vulnerability in mgetty that could be used for a DoS attack or to execute arbitrary code.
The balsa email client shares a buffer overflow vulnerability with mutt. This vulnerability could be used to remotely crash balsa or to execute arbitrary code with the user's privileges.
The following new security bugs were posted this week:
3. Featured Developer of the Week
Alastair Tse
Figure 3.1: Alastair Tse, aka liquidx |
|
This week we feature Alastair Tse, who is involved with the Gentoo GNOME team, Python modules and programs and general bug fixing. A Python fanatic and KDE-basher/GNOME-user, Alastair takes care of various Gtk/GNOME packages, especially troublesome ones like Evolution, and unofficially looks after dev-python. He has also recently released etcat, a tool that allows power users to get more information from Portage more quickly, and which is now part of the gentoolkit. Like Larry the Cow, Alastair began using Gentoo after being frustrated by the other distros, fell in love with the ability to tweak the way packages were built (until then he had been maintaining his own .spec files), started contributing patches and ebuilds and eventually got noticed and invited to join the team.
Alastair's favorite apps include Epiphany, Xchat2, Gaim, Straw, Evolution, Gnome-Terminal, feh, zsh, and python-bash, and he runs them on a slim Sony Vaio N505-VE (Celeron 333Mhz, 128MB RAM; to those of you who are surprised that Alastair runs those apps on such a machine, he says it's because he's a very patient person). Alastair, now 23, grew up between Melbourne, Australia, and Hong Kong, moved to Sydney, Australia to study after an incident involving a banana and some pajamas, and got a Computer Engineering degree there at the University of New South Wales. After working there for a year as a sysadmin, he left the beaches and kangaroos of Australia for mad cow England, where he is studying for a PhD at the University of Cambridge's Laboratory of Communication Engineering. Along with the exotic animals he left in Australia his hobbies, which included watching and playing basketball and soccer, watching F1 races, driving, and playing Nintendo GameCube. He also has a personal website at http://www.liquidx.net/
GCC 3.3
Highly acclaimed, much anticipated, finally here: GCC 3.3 has been available as an ebuild since Thursday, and folks in the forums are giving it a try:
News from the Zetagrid GLUE Team
"We are Michael Imhof, resistance is futile" is the powerful mantra of Gentoo Linux Users Everywhere (GLUE) participating in the Zetagrid competition, the famous grid computing hunt for proof or rejection of Riemann's Hypothesis. If you want to participate, make sure you use Tantive's user ID and mail address - only individual users can win the 10,000 USD prize, and dozens of Gentoo workstations all over the planet are using Tantive's ID to advance even higher than the current 4th rank. If Michael Imhof wins, all the money goes to Gentoo.
X responsiveness
Does the jerkiness of X under a heavy load got you down? Apparently it was for a number of Gentoo'ers in the -user community. Checkout this thread to readup on the methods used to speedup a sometimes sluggish X. As usual, there's a plethora of system enhancing solutions to choose from, some applicable, some not. In short make sure your harddrive settings are properly tweaked and if you're not using the caffeinated -ck sources, to run your X server with higher priority.
Regional German Gentoo User Meeting in Cologne
After many weeks of indecision about the agenda and - even more importantly - the ultimate choice of a venue, the Greater Cologne/Bonn Area Gentooists have decided on what will just have to be the perfect spot for their initial get-together: On Wednesday, 14 May 2003, from 18:00 with undoubtedly open end, everybody who's anybody in West-German Gentooism will be at Hellers Brauhaus, located on Roonstrasse in Cologne. As for many other regional Gentoo user meetings, this one has a coordination thread in the Forums, for you to announce your participation.
Gentoo Weekly Newsletter now available in Russian, as well
For our growing Russian community of Gentoo Linux users, we are pleased to announce that you can now enjoy the Gentoo Weekly Newsletter in Russian each week
Portage Watch is on hiatus this week and will return next weekThe Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 2964 bugs open in bugzilla. Of these: 48 are labeled 'blocker', 107 are labeled 'critical', and 237 are labeled 'major'.
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
Adding Users with Superadduser
Adding users to a system can be tedious. It involves creating an account, setting a password, and creating a home directory. This week's tip shows how to make adding users easier with the use of superadduser.
Code Listing 8.1: Install superadduser from Portage |
# emerge app-admin/superadduser
|
Using superadduser is very easy. Just run the command and follow the prompts.
Code Listing 8.2: Using superadduser |
(Replace the examples with your own information) # superadduser Login name for new user []: johndoe User id for johndoe [ defaults to next available]: Initial group for johndoe [users]: Additional groups for johndoe (seperated with commas, no spaces) []: johndoe's home directory [/home/johndoe]: johndoe's shell [/bin/bash]: johndoe's account expiry date (YYYY-MM-DD) []: OK, I'm about to make a new account. Here's what you entered so far: New login name: johndoe New UID: [Next available] Initial group: users Additional groups: Home directory: /home/johndoe Shell: /bin/bash Expiry date: [no expiration] This is it... if you want to bail out, hit Control-C. Otherwise, press ENTER to go ahead and make the account. ENTER Making new account... Changing the user information for johndoe Enter the new value, or press ENTER for the default Full Name []: John Doe Room Number []: Work Phone []: Home Phone []: Other []: New UNIX password: user_password Retype new UNIX password: user_password Done... |
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: