Gentoo Weekly Newsletter: February 9, 2004

1.  Gentoo News

• Gentoo Linux Project seeking an additional dialup developer
• New gentoo-science maliing list

Gentoo Linux Project seeking an additional dialup developer

The Gentoo Linux Project is looking for a developer to join the net-dialup team to help quash bugs and maintain ebuilds. We're looking for dedicated devolpers, preferably with experience in developing for dialup packages and writing ebuilds. If you're not sure you have what it takes, check out this bug list. If you're still interested, send an email to Heinrich Wendel with some background info.

New gentoo-science mailing list

Gentoo User Andrew Fant is currently in the process of pulling together a group interested in the use of Gentoo technology in computational science and engineering. To this end, a mailing list (gentoo-science@gentoo.org; follow the instructions on the mailing list page to subscribe) and IRC channel (gentoo-science on irc.freenode.net) have been established. The initial focus will be on providing a clearing house for applying Gentoo Linux to scientific computing, as well as working with the maintainers of the science herd to help speed the unmasking of new versions of applications. In the longer term, they hope to engage in advocacy and voicing the needs of end-users interested in scientific computing.

2.  Featured Developer of the Week

Bryan Stine

Figure 2.1: Bryan Stine

Our featured developer for this week is Bryan Stine (battousai), a recent addition to the development team who is working with Donnie Berkholz and the xfree herd on improving ati-gatos support in portage, as well as helping with the Hardened Gentoo project maintaining the Bastille-Linux and PSAD projects. His main tasks at this early point in his dev career comprise developing, updating and testing ebuilds, as well as the perennial tasks of bug identification and squashing - whether in ebuilds or the original applications. Bryan has also been working with the xfree herd in adapting the XFree86 SDK to assist with the task of simplifying XFree installations under Gentoo.

Bryan has been using Linux for about seven years, having worked with it under the RedHat, Slackware and Mandrake distros - with Mandrake as his preference prior to encountering Gentoo. He first encountered Gentoo when version 1.0 was in pre-release, and welcomed it as an opportunity to escape RPM package management. His role on the development team began when Seemant Kulleen asked him to assist with some perl hacking in order to get Bastille-Linux working with Gentoo. After taking over maintenance of the Bastille-Linux and PSAD (a log analyzer and intrusion detector) ebuilds as a user, Bryan was asked to take on formal responsibilities as a Gentoo developer. He commented that "I really enjoyed contributing as a user, and that enjoyment continues as I am now a developer", and remarked on the continuing friendliness and helpfulness of users and developers as he has settled in. In addition to his new role, Bryan still enjoys helping out with user questions on the #gentoo IRC channel, and is frequently seen there under his pseudonym, Battousai.

Bryan is "a long-time KDE user", who counts KvIRC and Kontact and slicKer among his favorite apps. He is also fond of Konqueror and Mozilla Firebird. He works on an Athlon XP 2800+ (512 MB, 120 GB SATA, Radeon 7200) workstation and an HP laptop from WalMart that sports an Athlon XP 2200+ M (256 MB, 30 GB).

Bryan is currently a sophomore student, studying Computer Science at East Stroudsburg University of Pennsylvania in the United States. He lives in a small town north of Philadelphia, near New York city. He is an avid hockey fan, unfailingly cheering for the Philadelphia Flyers. He is also a video (not computer) game aficionado, anime watcher and unapologetic Groening fan. Bryan closed our interview with a favorite quote from Futurama's robotic alchoholic, Bender: "Arrr...the law of science be a harsh mistress.", and a reminder to mark our calendars with September 19th, "International Talk-Like-a-Pirate Day".

3.  User Story

Michael Rayment, MUN: Computer Department at University of Newfoundland Switches to Gentoo

Michael Rayment, the system administrator at Canada's Memorial University of Newfoundland who decided to put Gentoo on every single desktop and server in the house, sent us an account of his motivations for moving to Gentoo that was so convincing we decided to publish it verbatim:

Background

First I should provide a little background. I work as a system administrator at a moderate sized university providing computing support for the student computer labs across campus. In total my group provides support for about 800 client workstations some of which are part of a Beowulf cluster, others are Linux only and some are dual boot (Linux/Win98). One common feature is that they are all booting Linux disklessly using an internal boot prom (PXE or Etherboot). All the client workstations get their Linux software from one of 15 application servers that each have identical copies of the Linux software. Only the kernels are customized to run on their respective hardware. The lowest end computers are AMD 266's but most of the computers are in the 600 to 2800 megahertz range. It is quite remarkable that such a wide range of computers can run from a single image but what a difference it makes to managing those systems. Within minutes we can rsync the latest modifications out to our 15 application servers and immediately the software is available to our 800 clients. Over the years we have based our image on Slackware, Debian, Mandrake and Redhat.

Making the Plunge

Until quite recently we were running Redhat 7.2 heavily modified and patched to keep up-to-date with the latest security patches and some newer versions of applications. You might wonder why we are still running Redhat 7.2 instead of the latest and greatest. Well the reason is that invariably things break and packages are missing or don't work after a major upgrade. In short the users get upset and therefore we take a lot of time checking the new distribution before inflicting it on our users. Also we have to munge the distribution to get it to play well in the diskless environment. Putting out a new distribution is therefore something that we don't take lightly and don't do at the drop of the hat. However the applications and libraries are getting old and are in need of a refresh so we began looking at alternatives last summer.

Our first task was to come up with a list of what we wanted from our new distribution. At the top of our wish list was a distribution that:

• would evolve gradually over time and not go though completely "new" distributions every year.
• would be comprehensive so that we would not have to go out to other sources and get missing applications and deal with inevitable incompatibilities.
• would be able to gracefully deal with package dependencies so we don't have to hunt around on the net for particular packages that are required to get an application going.
• would be highly configurable and allow for the easy customization of software to fit into our environment.
• would provide access to the source code actually running on our systems.
• would play well in a diskless environment.

At the end of the day Gentoo won out on all counts. Gentoo provides an incredible utility called emerge that is able to keep our image up-to-date without inflicting our user community with traumatic change. Changes in one package here or there, following an emerge -u world, is much easier to handle and test than the installation of a completely new distribution. We were amazed at the 6000 odd packages (I didn't bother to count) that are supported under the Gentoo distribution. Most of the software that we have accumulated over the years was available through a simple emerge command. I really enjoyed the way Gentoo dealt with software dependencies. Under our Redhat distribution sometimes we would have to hunt down packages in order to get an application up and running. With Gentoo it lists the dependencies and, at the installers request, proceeds to download, compile and install all the dependencies along with the application. Another feature of Gentoo is that it is a source distribution and so all the sources are readily available in a compact form that can be easily be expanded and viewed for debugging purposes. Since the conversion of sources to binary is accomplished through the use of ebuild scripts, it is possible to control the way your system compiles and where the various package components are installed.

Finally and most importantly I was pleased that Gentoo played well with our diskless environment. One thing that made converting to a diskless environment easy was the ability to have named run levels. This allows us to start up computers running different services by passing an argument to the kernel at boot time. For each of our specialized environments (eg. dual boot computers, single boot computers, Beowulf systems, firewalls, dial up ISP computers and kiosk computers), the symlinks to the specific start up scripts are simply placed into an appropriately named directory and the diskless client then takes on the requested functions based on the boot up parameter. Another thing I liked was the way that you could fake the start up of a particular component of the run time start up sequence. This is important when booting disklessly as things like the network services are already configured before init even starts.

Where We Are

We have just started the roll out of Gentoo into our lab environment. We are currently running a modified Gentoo image on a few computers in one of our Computer Science labs and will turn more on as we work out the wrinkles. We will soon be starting to build our master Gentoo server that will sync out software to the application servers. As we switch one lab from Redhat to Gentoo we will simply point the labs application server to the Gentoo master sync server. It will probably take a month or two to complete the switch over depending on how busy we are and how many problems we run into. Again we like to make sure things are working well before inflicting change on our users.

Comments

As to whether Gentoo is the distribution for you, well that depends on a number of things. As you can well imagine we have a lot of experience with Unix and Linux and we also like to do unusual things with our computers. Gentoo is ideal for this kind of situation. The portage system does make things very smooth so I can certainly see neophytes being able to install a Gentoo system without much effort but for the guy who just wants to turn on the computer and have it work then I can see a real advantage in the traditional binary distribution. One of the big advantages of Linux is that there are multiple ways to set up your computer. Hopefully there will be a way, whether it be Redhat or Gentoo, that meets everyones needs so that some day most people will actually choose Linux over Microsoft when selecting an OS.

My other hope is that there will be greater support for running Linux in a diskless environment. What is needed is a standard way of doing Linux disklessly so that software developers can write their software in such a way as to facilitate the running of their applications in a diskless environment. The /dev file system and /dev/shm have certainly gone a long way towards facilitating the diskless transition. The adoption of the /var as the directory of choice for applications to write to, has made the task quite easy but occasionally some applications still do something that messes up. But from a systems management point of view going diskless is worth the effort. It offers truly distributed computing with truly centralized management control and it is something that Microsoft does not offer. It is therefore something that the Linux world should promote.

4.  Gentoo Security

GLSA: mod_php

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If the server configuration "php.ini" file has "register_globals = on" and a request is made to one virtual host (which has "php_admin_flag register_globals off") and the next request is sent to the another virtual host (which does not have the setting) through the same apache child, the setting will persist. This may lead to leaks of global variables.

Depending on the server and site, an attacker may be able to exploit global variables to gain access to reserved areas, such as MySQL passwords, or this vulnerability may simply cause a lack of functionality. As a result, users are urged to upgrade their PHP installations. Gentoo ships PHP with "register_globals" set to "off" by default. This issue affects both servers running Apache 1.x and servers running Apache 2.x.

• Severity: Normal
• Packages Affected: <=dev-php/mod_php-4.3.4-r3
• Retification: emerge sync; emerge -pv ">=dev-php/mod_php-4.3.4-r4"; emerge ">=dev-php/mod_php-4.3.4-r4"
• GLSA Announcement

5.  Heard in the Community

Web Forums

Indian Languages in Gentoo

Aniruddha Shankar akaKream isn't exactly new to the Forums, in fact, he's been one of its first users, mere days after forums.gentoo.org's initial setup in April 2002. Despite this early involvement, he's only had very little over a dozen posts - and as it turns out just this weekend, that's to be seen as a clear victory for quality over quantity: His modified scripts for enabling Indian language support are in the Documentation, Tips & Tricks section now, a must-have for Indian Gentoo users. Original author Guntupalli Karunakar's IndLinux scripts, font and tool packages aim at providing Panjabi, Tamil and other languages to the Linux desktop, too, but for the time being Hindi is the only language supported, and it only works in a limited number of desktop environments. Check the thread:

• Indian Language support in GNOME2.4 & XFCE4

New Polish Forum

Yet another language version for the official Gentoo Forums: The bulletin boards at Gentoo Poland that had been active for several months already have now been complemented by a Polish addition to forums.gentoo.org too. Variety rules:

• Polish Forum

Call for WLAN Test Equipment

Gentoo developer Latexer is looking for some of the harder-to-get-by WLAN hardware in order to do some driver hacking and testing on them. If you've got a spare PCMCIA or PCI wireless card with any of the chipsets he's mentioned in this thread, he'll be happy to hear from you:

• Spare wifi hardware put to good use.

gentoo-user

What doesn't work with 2.6?

One of the larger threads this week was a discussion regarding what does and does not work with the new 2.6 Linux kernel. Definitely some nice-to-know info. Check it out here

Lightweight HTTPD

Serving only a few static webpages? You might be interested in this thread discussing smaller, simpler alternatives to Apache.

gentoo-dev

Libraries and Binary Packages.

Use many binary packages? Ever have trouble with broken library links? Well, this is the post for you. Enter the world of binary packages in Gentoo. More often than not, we compile here in Gentoo land, but sometimes (kde, gnome, openoffice please take the stage) it's just as easy to use pre-compiled packages. However, this can provide it's own fun adventures when it comes to library dependancies. Have a look for more ideas.

etc-update and Essential Configs

One of our favorite accessories, etc-update, usually makes life a whole lot easier. But what about those essential - and more often than not, system specific - configuration files like /etc/fstab, /etc/group and /etc/passwd? Should etc-update leave those alone regardless? Should the default be to make "example" files of the new files? Check it out.

6.  Gentoo International

Belgium: Gentoo Developers and Users Meet at FOSDEM in Brussels on 21 & 22 February

Just like last year, lots of Europeans on the Gentoo team take the opportunity to be at Europe's number one developer conference quite seriously. This is the best venue for a meeting of those who are actively participating in advancing Gentoo Linux on a planetary scale, and besides Brussels does have a rather interesting gastronomical infrastructure, too. Though it's mostly a conference and not an exhibition as such, there will be an even bigger and better Gentoo booth than last year. If you want to make sure you meet the right people, be there on both Saturday 21 and Sunday 22 February 2004.

Germany: Chemnitzer Linuxtag 6 & 7 March

With a few more days left before they really need to panic, the organisers of the Gentoo booth at the upcoming Linuxtag (link points to German webpage) at the University of Chemnitz are looking for people to help out, by bringing hardware to the event, and answering questions of the many visitors expected at Saxonia's main Linux event of the year. You can volunteer at this forum thread.

7.  Bugzilla

Summary

• Statistics
• Closed Bug Ranking
• New Bug Rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 January 2004 and 05 February 2004, activity on the site has resulted in:

• 602 new bugs during this period
• 311 bugs closed or resolved during this period
• 24 previously closed bugs were reopened this period

Of the 5066 currently open bugs: 118 are labeled 'blocker', 197 are labeled 'critical', and 373 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

• Jeremy Huddleston, with 26 closed bugs
• AMD64 Porting Team, with 21 closed bugs
• Gentoo Games, with 19 closed bugs
• Portage team, with 14 closed bugs
• Gentoo Sound Team, with 13 closed bugs

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

• Core System Packages Team, with 32 new bugs
• AMD64 Porting Team, with 17 new bugs
• Net-Mail Packages Team, with 13 new bugs
• Gentoo KDE Team, with 12 new bugs
• Jeremy Huddleston, with 12 new bugs

8.  Tips and Tricks

Job Control

This week's tip shows you how to use the basics of job control in the shell by putting processes in the background and returning them to the foreground.

Whenever you execute a command at the command line, that's a job that has to be run. Most commands execute quickly and return you to the command line. But some commands (for example, using cp to copy a large amount of data), can take a long time. When that happens, your terminal will be unaccessible unless you put the job in the background.

To put a job in the background, type <Ctrl>-z to suspend the job (and regain control of your terminal), and then type bg to put the job in the background.

% cp file backup/file
Ctrl-z
zsh: 1398 suspended  cp file backup/file
% bg
[1]  + continued  cp file backup/file

Alternatively, you can put the job in the background from the start using the & sign.

>% cp file backup/file &
[1] 1608

To see your running jobs you can use jobs. If you need to stop a job, you can use kill %jobnumber

% cp file backup/file &
[1] 1751
% jobs
[1] + running   cp file backup/file
% kill %1
(no news is good news) 

9.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

• none this week

Adds

The following developers recently joined the Gentoo Linux team:

• none this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

• none this week

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make the GWN better.

12.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

13.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Dutch
• English
• German
• French
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish