Gentoo Logo

Gentoo Weekly Newsletter: July 7th, 2003

Content:

1.  Gentoo News

Summary

Good bye and thank you to all.

With this issue, the Gentoo Weekly Newsletter marks its eighth month of publication. It also marks the retirement of myself as editor of the Gentoo Weekly Newsletter. Though I am retiring from editing the GWN, I will continue to remain with the Gentoo Linux project, assisting with infrastructure, public relations and general management responsibilities, as well as the occasional article contribution to the GWN. Yuji Carlos Kosugi will be taking over the helm of the GWN, continuing where I left off and improving things going forward.

I wanted to take this opportunity to thank our readership for their support, feedback and contributions over the past eight months. In that short time, the GWN has grown from nothing more than an idea to one of the most popular features of Gentoo Linux. The gentoo-gwn mailing list has over 5500 subscribers and the web pages are among the busiest on our site. None of this would have been possible without your support. So, while I am sad to be leaving such a wonderful position, I am happy that it is being handed over to someone who can devote more time and effort to it than I was able to do. With that, please join me in welcoming Yuji aboard as the editor of the Gentoo Weekly Newsletter.

-- Kurt Lieber

Gentoo coming to Windows with Cygwin

We're very pleased to announce the creation of the gentoo-cygwin project, which will enable users to take advantage of Portage and other features of the Gentoo platform in Windows using Cygwin. In pursuing this projects like Metapkg and this, our goal is to extend users' choices, giving existing users the choice of additional platforms and making Gentoo an option for users of different operating systems.

We are currently getting our infrastructure ready (mailing lists, project page, etc.) for this project. News about further developments will be posted on the Gentoo news page as well as in future editions of the GWN.

Milestone reached in herds project

The herds project, which aims for the development of an infrastructure to help manage the growing number of ebuilds, has reached a milestone with the finalization of a DTD for the metadata.xml file which contains extra information about an ebuild. Users: we need long descriptions for packages, and good suggestions are welcome on Bugzilla.

Infrastructure changes

During this past week forums.gentoo.org, bugs.gentoo.org, cvs.gentoo.org, and dev.gentoo.org all experienced some downtime as they were migrated to new machines or upgraded. While some of these changes were necessitated by having to return loaned hardware, various improvements have been made: the forums and bugs servers are on much better hardware that should scale far better than before, and dev.gentoo.org and cvs.gentoo.org, which offer developer e-mail, public html directories, and CVS, are no longer on the same machine.

Controversy about inappropriate content in ebuilds

A bug posted by a user who found inappropriate content in the x11-themes/windowmaker-themes ebuild sparked a long debate among developers about what should be done, and the proposed solutions were many. Those arguing for choice wanted the ebuild to be left as it was, or conceded that it would be a bad idea to install inappropriate content by default and suggested implementing a local USE flag. Others argued that Gentoo should distribute software, not content, and remove themes from Portage altogether. In the end, the offending themes were removed from the ebuild; some voiced concerns that it would be bad to modify an upstream package, but this was actually just a collection of themes thrown together and put in Portage.

GWN seeking additional contributors

The Gentoo Weekly Newsletter is looking for someone to take over the Featured Developer of the Week section, as well as some additional contributors to add depth to the team so we don't have sections going on hiatus as often. Candidates should have a solid understanding of written English; drop us a line at gwn-feedback@gentoo.org if you're interested. Also, there's no need to send us a resume - we actually mean it literally when we say "drop us a line".

2.  Gentoo Security

Summary

GLSA: phpbb

The phpbb forum contains a SQL-injection vulnerability that could permit remote attackers to obtain password hashes.

  • Severity: High - Remote security vulnerability.
  • Packages Affected: net-www/phpbb prior to phpbb-2.0.5
  • Rectification: Synchronize and emerge phpbb, emerge clean.
  • GLSA Announcement

GLSA: gnocatan

The game gnocatan contains multiple buffer overflows that could be used to execute arbitrary code on the server system.

  • Severity: High - Remote arbitrary code execution.
  • Packages Affected: app-games/gnocatan prior to gnocatan-0.7.1-r3
  • Rectification: Synchronize and emerge gnocatan, emerge clean.
  • GLSA Announcement

GLSA: mikmod

The mikmod MOD-player is subject to a buffer overflow that could permit a remote attacker to execute arbitrary code.

  • Severity: High - Remote arbitrary code execution.
  • Packages Affected: media-sound/mikmod prior to mikmod-3.1.6a
  • Rectification: Synchronize and emerge mikmod, emerge clean.
  • GLSA Announcement

GLSA: noweb

The noweb literate programming tool contains multiple vulnerabilities, causing insecure temporary files and the possibility for local users to overwrite arbitrary files.

  • Severity: Moderate - Local file insecurity.
  • Packages Affected: app-text/noweb prior to noweb-2.9-r3
  • Rectification: Synchronize and emerge noweb, emerge clean.
  • GLSA Announcement

GLSA: tcptraceroute

The network analyzer package tcptraceroute does not properly drop privileges after obtaining a file descriptor. This could permit a local user to gain access to that descriptor through another tcptraceroute vulnerability.

  • Severity: Moderate - Local file descriptor vulnerabiity.
  • Packages Affected: net-analyzer/tcptraceroute prior to tcptraceroute-1.4-r1
  • Rectification: Synchronize and emerge tcptraceroute, emerge clean.
  • GLSA Announcement

3.  User stories

News from the XX chromosome users


Figure 3.1: loothi and her beloved laptop

Fig. 1: Lucy Newman aka loothi

Ok, this week's featured user is really special. Not because he uses Gentoo to take over the world. But, fellow geek beware, because "he" is not even a "he". Really, it's true, there are female Gentoo users out there! ;) And this week we are introducing one of them: Lucy aka loothi.

Some personal info

loothi, 27, originally comes from London and is currently working as a web developer in Sydney, Australia. But as she likes to wander the world with her laptop, she is already on her way to the Netherlands to spend a year working over there. Lucy likes Perl script fu, "Indiana Jones" style adventures in foreign countries and playing the banjo. Her favourite apps include windowmaker, a gecko-derived browser (she keeps changing her mind about which one to use), vim, xine, xmms, gnome-terminal (because she likes the clickable links), mutt and gnupg.

Why Gentoo Linux

Nobody can explain why she chose Gentoo Linux better than Lucy herself: "The laptop is my lifeline, in that it has to reliably fulfill all my desktop computing, communications, entertainment and development needs. I need to be able to update libraries and applications quickly to keep current with security, patches and releases which is why Gentoo appealed." This reasoning should sound quite familiar to most of us!

Past, present and future

Lucy was a Debian fan for a long time, but the idea of a finely tuned operating system featuring a *BSD style ports system really appealed to her and so she finally decided to install Gentoo on her notebook.

So far loothi didn't regret this decision, although she found the installation process pretty painful, especially because she had to do it without a network connection. Therefore she doesn't recommend this way of installing Gentoo Linux to anybody who isn't deeply masochistic. But apart from that she feels that she has made the right decision and is learning more with everyday she's using Gentoo. Lucy is really pleased with Portage because of its painless way of software installation and the automatic management of dependencies.

For the future she'd like to do another Gentoo installation on a spare box to see how Gentoo competes as a server. If it turns out well Lucy is going to use it as a production server and can start to deploy it at her workplaces.

Wishlist

What Lucy really would like to see is a nice user handbook ala FreeBSD's because she thinks that the documentation is a bit fragmented and she's not a huge forums fan. Anything else? Yeah, sure, a black Gentoo T-shirt would be nice! White gets dirty too quickly... ;)

4.  Featured Developer of the Week

Dylan Carlson, aka absinthe


Figure 4.1: Dylan Carlson, aka absinthe

Fig. 1: Dylan Carlson, aka absinthe

Dylan Carlson is the lead man for the Java team, and as such is the caretaker for all things Java, and spends his time thinking of new ways to break things, closing bugs for what he has already broken, and makes fun of fellow developer Todd Berman(/joke). Recruited by Seemant Kulleen after having been noticed for his contributions on Bugzilla and interest in porting BSD stuff to Gentoo, he plans to return to the BSD effort sometime soon. Before Gentoo, most of Dylan's work was on FreeBSD; he still divides his time between FreeBSD and Gentoo today, and occasionally contributes small fixes to apps he uses. He wrote a METAR decoder (for NOAA weather data), and a defect-tracking/helpdesk app called Coalesce. In the fall, he plans to release a java-based Citadel BBS; he is also considering writing a Java-based GUI client for Bugzilla.

His favorite applications include jEdit, distcc/ccache, and bogofilter; he runs them under Fluxbox along with Idesk, KDE 3.x and OpenOffice. He uses Kmail on the console and Mutt from a shell. Recently, he built his first Gentoo Linux firewall using Shorewall, and plans to put Method's Hardened project to the test.

Dylan lives in Roxbury, Connecticut, and has been working in IT and IT management for the last 13 years. Presently he's doing data center construction and systems administration; his eventual goal is to do software development full-time, preferably without being a manager as well. He likes to travel when he has the money, and go hiking locally when he doesn't. When the mood strikes him, he writes horrible fiction on a 1924 Underwood typewriter. He also mows his lawn.

"And a thousand slimy things lived on; and so did I." - Samuel Taylor Coleridge

5.  Web Forums

Crashed Server Back Up

After a successful migration on Thursday to new and better hardware, Friday saw the utter demolition of both the Forum and the Bugzilla server harddisk, causing a disruption of both services for a number of hours. Everything is back in working order now, of course, but for anyone looking to explain how this can happen, why not have a look at the Forum statistics every now and then? At 22,000 users, peaking at almost 250 concurrent sessions, with 400,000 posts in 1.5 GB worth of database entries, the strain on the Forum hardware becomes quite understandable:

GUI Installer: Almost Done...

Traditionally among the more frequent requests (and even bitter complaints) is Gentoo's lack of a semi-automated, fancy GUI-based installation routine. While most Gentooists certainly don't need one, chances are that having one can't do much harm. Nathaniel McCallum wrote a script that's been evolving quite nicely since the first version, and his website and the Forum thread of eight pages at the time of this writing are certainly proof that there's an audience for that sort of thing:

Eclass Errors

Shortly after publication of our last GWN issue, a seriously disturbing phenomenon caused an uproar in the Forums. A glitch in the portage tree that propagated slowly across the mirrors had caused hundreds of "eclass 'foo' in 'foo' does not exist!" errors to float past the horrified users on their next rsync. This problem, traced to a glitch in the master rsync server possibly caused by the CVS migration, continued to occur to a lesser degree for the rest of the week because the fix took some time to propagate to all the mirrors, but it has been resolved thanks to the expediency of robbat2, peitolm, avenj, and klieber, and hopefully will not happen again. Not to be taken lightly, but interesting to watch an error ripple the global surface, jumping continents one by one:

6.  Gentoo International

Gentoo Brazil

It's been online for a few months already, but we forgot to tell you... Better late than never: Marcos Roberto S. Vieira and Otavio Rodolfo Piske, two CIS students from Rio Grande do Sul and Santa Catarina started Gentoo Brazil three months ago, with the aim to provide all those services we've come to expect from the growing number of regional Gentoo websites, documentation, tips and tricks, user services, everything in their own language which some people say still strongly resembles genuine Portuguese... The Gentoo Linux Brazil users group was created in March 2003, and its focus on promoting Gentoo to Brazilian Linux users is no easy task in a country that does have a popular home-grown Linux distribution, Conectiva. Marcos and Otavio both started out as Conectiva users way back in 1997/98, too, but they've shifted to Gentoo over the course of the last year, now also adding to the strong group of people busy translating the Gentoo documentation and news into Brazilian Portuguese (as opposed to Portuguese Portuguese). Their success, by the way, has led the former colonial masters back in Europe to start thinking about setting up their own site. If you're up to giving them a hand, join the Portuguese Portuguese Portuguese Gentooists at this Forum thread.

Gentoo-driven Computer Store and Internet Cafe in Australia

Proof that Down Under can well be on top of things at times: Michael Vale informs us that on 30 June he opened the doors to his own computer store in Bendigo/Victoria, a seven-days-a-week affair by the name of ZING! Computing, where all the computers run Gentoo Linux. Amongst sales and repairs for computers, they offer Internet access for browsing and online games to whoever walks in. And of course they run their own local rsync server: "The wonders of working with Gentoo have amazed me. The ability and freedom it has offered is second to none. Because it is very straight-forward it has allowed me to achieve many things with ease which would normally take a lot longer with any other distribution", says Michael, who is in the process of setting up a handful of 386 thin clients for his Internet Cafe, in addition to the four AMD Athlon 2.0 with Soltek Nforce2 mother boards and a few PCs with additional Geforce4 TI graphic cards. The shop will be difficult to miss if you happen to be in Bendigo, Victoria: It's the one that says "Powered by Gentoo Linux" at 374 Hargreaves Street...

Germany: Come and See Gentoo at the LinuxTag 2003

Europe's largest annual Linux and Open Source event, the German LinuxTag 2003, is going to be held this week, from 10 to 13 July at the Conference Centre in Karlsruhe. Sufficiently close to the French border to attract lots of visitors from outside Germany, too, this year's event throws a spotlight on the coveted "Linux in public administrations" discussion thread, with an entire conference day sponsored by the German Federal Ministry of the Interior, known for its active role in deploying open source software in government offices. Everyone who's anyone is going to be there, including - of course - a number of activists manning the Gentoo booth in the LinuxTag's exhibition hall. Pre-registration entitles you to a free ticket for the exhibition and most speeches and seminars (excluding the Government Linux conference, that'll be 175 EUR, please). Meeting other Gentoo users will be easy since they will undoubtedly have a tendency to gravitate around the Gentoo booth, but if you want to announce your coming, this Forum thread is the right place to coordinate Gentoo user meetings at the LinuxTag.

7.  Portage Watch

The following notable packages were updated or added to portage in the last two weeks

The following stable packages were updated or added to portage in the last two weeks

Total categories: 86 (no category added in the last week)

Total packages: 4448 (30 packages added in the last week)

8.  Bugzilla

Due to technical difficulties with the bugs.gentoo.org server on Friday, bug statistics will be unavailable this week. Next week's GWN will include a two-week summary.

9.  Tips and Tricks

Killing Processes

This week we show you some interesting ways to kill stubborn processes. Never let it be said that you can't kill a process again! The first way is the old boring way that most people probably use. Use the command ps aux, look through the process list until you find the PID you want and issue the kill command. How tedious!

Alternatively, try using the killall command which will automatically kill a program based on its name.

Code Listing 9.1

  # killall mozilla-bin

But what if you only know part of the name? Well, you could combine ps with grep, kill and awk to produce something like this.

Code Listing 9.2

  # ps aux | grep mozilla | awk '{print $2}' | xargs kill

But, there's a far simpler way. Enter pkill and the closely related pgrep. These commands are part of the sys-apps/procps package and are designed to search for (or kill) running processes. So the previous command could be replaced with the following:

Code Listing 9.3

  # pkill mozilla

Note: To list the PIDs instead of killing them, use pgrep.

Finally, what if you have a runaway process hogging /dev/dsp, or some other file/socket? You can use fuser, which displays the PIDs of process using a specified file or filesystem. Or give it the -k option, like this, and you can easily kill those processes:

Code Listing 9.4

  # fuser -k /dev/dsp

10.  Quote/Signature of the week

This week we have another quote about XML; it seems like making fun of it is almost as popular as XML itself! Gentoo developer Phillip Cockrell said: "XML is like the community bicycle ... everybody needs to have a ride."

11.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • none this week

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • none this week

12.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

13.  GWN Feedback

Please send us your feedback and help make GWN better.

14.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

15.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 07 July 2003

Summary: This is the Gentoo Weekly Newsletter for the week of July 7th, 2003.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Michael Kohl
Contributor

Kurt Lieber
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

Gerald J Normandin Jr.
Contributor

Ulrich Plate
Contributor

Peter Sharp
Contributor

Kim Tingkaer
Contributor

Mathy Vanvoorden
Dutch Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Thomas Raschbacher
German Translation

Klaus-J. Wolf
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Christian Apolloni
Italian Translation

Stefano Lucidi
Italian Translation

Yoshiaki Hagihara
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Takashi Ota
Japanese Translation

Radoslaw Janeczko
Polish Translation

Lukasz Strzygowski
Polish Translation

Michal Drobek
Polish Translation

Adam Lyjak
Polish Translation

Krzysztof Klimonda
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Sergey Kuleshov
Russian Translator

Dmitry Suzdalev
Russian Translator

Anton Vorovatov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.