Gentoo Logo

Gentoo Weekly Newsletter: February 23, 2004

Content:

1.  Gentoo News

FOSDEM Brussels 21 & 22 February 2004

What started four years ago as an initiative of a bunch of Brussels University students has emerged to a full-blown international developers event. Approximately 2000 participants mainly from neighbouring European countries (France, Netherlands, UK, Germany), but also from Sweden, Hungary or Italy made it to Brussels' Free University this year, a fifth more than in 2003. Gentoo was present for the second year in a row, except that the booth was a little larger and the developers significantly more numerous this time around. Indisputable highlight at the Gentoo table was Pieter van den Abeele's dual-processor G5 - compiling Vim in six and a half minutes did its fair share of impressing visitors to the Gentoo booth. Nobody stayed long enough to wait for the end of an X compilation, but at 58 minutes they wouldn't have needed that much stamina after all...


Figure 1.1: Skeptical? Nah, not really: picture taken seconds before John 'maddog' Hall buys two Gentoo LiveCDs, FOSDEM edition

Fig. 1: John 'maddog' Hall

Sadly, the quantum singularity Daniel Robbins and Wout Mertens discovered at last year's show seemed to have disappeared. Richard Stallman, posing as Saint Richard of the Church of Emacs, had an Assisian encounter with a dove, while speakers from Robert Love to Keith Packard attracted equally huge crowds to their presentations on the ULB campus. And the Gentoo developers used their spare time to do some retroengineering and brought drobbins' singularity back! All is well that ends well.


Figure 1.2: Rediscovered quantum singularity at the Gentoo dev sleeping quarters (with former beverage containers)

Fig. 2: Quantum beer cans

Germany: Reminder for Chemnitzer Linuxtag

The Chemnitzer Linuxtag activists are all set and ready to accomodate visitors at the Gentoo booth on 6 and 7 March 2004. A coordination thread at the forums is available here.

Gentoo Linux Project still looking for an additional dialup developer

Since we didn't get any volunteers when we announced this two weeks ago, we're still looking for a developer to join the net-dialup team to help quash bugs and maintain ebuilds. We're looking for dedicated devolpers, preferably with experience in developing for dialup packages and writing ebuilds. If you're not sure you have what it takes, check out this bug list. If you're still interested, send an email to Heinrich Wendel with some background info.

2.  Featured Developer of the Week

Ned Ludd


Figure 2.1: Ned Ludd

Fig. 1: Ned Ludd

Our featured developer for this week is Ned Ludd (solar), a developer working on the Hardened Gentoo, Gentoo Infrastructure and Embedded Gentooprojects, as well as an itinerant dev in the security realm. He has been instrumental in establishing (or re-establishing) an organized security group amongst the developers, who handle the Gentoo Linux Security Announcements as well as identifying, assessing and tracking security bugs associated with the distro and its various packages. He has also been working on development toolchains, within both the Gentoo base system and the new Embedded Gentoo project.

Ned started using Linux in 1995, with the venerable Slackware distribution and a 1.x series kernel. His interest in computer security prompted him to start developing an maintaining kernel security patches with the 2.2.x series. He even began his own small security-enhanced distribution (linbsd), to implement a BSD-style ports system on Linux. When he discovered Gentoo, which had a larger developer community and features like grsec support, he decided to move his efforts and support behind it. He became an official dev in the usual way - by offering support and contributions, particularly in the #gentoo-hardened channel. After providing things like the original grsecurity policy examples, he was invited to take on a more formal role. In addition to such projects, Ned has contributed to other Open-Source security projects such as the hogwash packet scrubber and the middle-man filtering proxy. He is currently active in the PaX project to provide kernel protection against memory-related security faults, such as stack overflow attacks.

Ned reflected on some of the work he and his team-mates have been performing: "I'm really proud of the accomplishments we have made recently with PaX and the kernel and userland. It's becoming easier to for the novice user to take advantage of these types of protection without having to understanding all the inner workings. We also make it easier for the advanced user that loves to play with settings and try different security modules out." He added that he feels that the work he and the Hardened Gentoo herd are doing results in the fact that "we are slowly becoming leader in secure kernel and toolchain technologies by putting an end to all arbitrary code execution".

Ned is a partner in a consulting and system integration firm operating out of Savannah, Georgia in the United States. Their primary market is the provision of secure Linux server solutions and large-scale embedded wireless solutions. He is politically active, including membership and activism in Earth First, Food Not Bombs. He also helped start the grass-roots radio station, Radio Free Cascadia. His favorite quote is a slogan from the possibly eponymous Luddites: "The machine is the enemy, smash it without mercy", which he claims is prompted by the movie "Office Space". He concluded with a observation about Gentoo: "it's nice to be king of your own hill."

3.  Gentoo Security

phpMyAdmin < 2.5.6-rc1: possible attack against export.php

A vulnerability in phpMyAdmin which was not properly verifying user generated input could lead to a directory traversal attack.

For more information, please see the GLSA Announcement

Updated kernel packages fix the AMD64 ptrace vulnerability

A vulnerability has been discovered by in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges.

For more information, please see the GLSA Announcement

Clam Antivirus DoS vulnerability

Oliver Eikemeier has reported a vulnerability in Clam AV, which can be exploited by a malformed uuencoded message causing a denial of service for programs that rely on the clamav daemon, such as SMTP daemons.

For more information, please see the GLSA Announcement

4.  Heard in the Community

Web Forums

X No Longer Free?

The XFree team has changed their license policy two weeks ago, to something that isn't compatible to the GPL any longer. The Gentoo developers have already drawn their own conclusions from this, and will refrain from adding XFree86 versions under the new license scheme to the portage tree for the time being. There's plenty of room left for discussion at this thread:

New Forum for AMD64

Opteron users of Gentoo Linux have achieved critical mass to deserve their own platform inside forums.gentoo.org. Threads that were scattered over other forums have been moved to the new one, and any new debate on 64-bit x86 architectures will belong here:

Bootsplash for 2.6 Kernels Available

One of the most lively long-term debate in the Forums has been the bootsplash howto and its companion thread, the support discussion. Since last week, 2.6 kernel users can also benefit from the collective effort - gently hiding the fine print of a Linux boot process behind shiny handmade flash screens:

gentoo-user

XFree86 Alternatives

The XFree86 4.4 is being released under a revised license that isn't fully compatible with the GPL. Because of this, several distributions--including Gentoo--have users looking at alternatives. One of them is Y-Windows, which was discussed in this thread.

gentoo-dev

Portage and Bittorrent.

Here is an interesting idea about using bittorrent (or at least some of it's code) to share source packages around. Although there obvious benefits like sharing bandwidth, faster downloads, and less effects from downtime, there are some downsides. These include security, responsibility and possible design incompatibilities. Have a look for more infomation.

5.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 13 February 2004 and 19 February 2004, activity on the site has resulted in:

  • 669 new bugs during this period
  • 392 bugs closed or resolved during this period
  • 17 previously closed bugs were reopened this period

Of the 5160 currently open bugs: 0 are labeled 'blocker', 0 are labeled 'critical', and 0 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Converting Text Files

This week's tip shows you how to convert files from Windows format to UNIX format and vice versa. This can be handy if you've ever opened a file that was created in Windows and found your screen full of of ^M characters at the end of every line.

The easiest way to convert files back and forth is to use the dos2unix and unix2dos commands provided by app-text/dos2unix and app-text/unix2dos.

Code Listing 7.1: Converting files the easy way

% dos2unix file.txt
% unix2dos file.txt

If you're missing these commands and can't install them, you can also use tr and sed

Code Listing 7.2: Converting files with tr and sed

(Convert from DOS/windows to unix)
% tr -d '\015' < win.txt > unix.txt

(Convert from unix to DOS/windows)
% sed -e 's/$/\r/' unix.txt > win.txt

8.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Jason Stubbs (jstubbs) - portage documentation/modularization

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • none this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN Feedback

Please send us your feedback and help make the GWN better.

11.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 23 February 2004

Summary: This is the Gentoo Weekly Newsletter for the week of February 23, 2004.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Luke Giuliani
Contributor

Kurt Lieber
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

David Nielsen
Contributor

Ulrich Plate
Contributor

Sven Vermeulen
Contributor

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Xavier Neys
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Thomas Raschbacher
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Lukas Domagala
German Translation

Tobias Scherbaum
German Translation

Daniel Gerholdt
German Translation

Marc Herren
German Translation

Tobias Matzat
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Christian Apolloni
Italian Translation

Stefano Lucidi
Italian Translation

Yoshiaki Hagihara
Japanese Translation

Katsuyuki Konno
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Takashi Ota
Japanese Translation

Radoslaw Janeczko
Polish Translation

Lukasz Strzygowski
Polish Translation

Michal Drobek
Polish Translation

Adam Lyjak
Polish Translation

Krzysztof Klimonda
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Aleksandr Martyncev
Russian Translator

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Denis Zaletov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.