Gentoo Weekly Newsletter: February 23, 2004

1.  Gentoo News

• FOSDEM Brussels 21 & 22 February 2004
• Gentoo Linux still looking for an additional dialup developer

FOSDEM Brussels 21 & 22 February 2004

What started four years ago as an initiative of a bunch of Brussels University students has emerged to a full-blown international developers event. Approximately 2000 participants mainly from neighbouring European countries (France, Netherlands, UK, Germany), but also from Sweden, Hungary or Italy made it to Brussels' Free University this year, a fifth more than in 2003. Gentoo was present for the second year in a row, except that the booth was a little larger and the developers significantly more numerous this time around. Indisputable highlight at the Gentoo table was Pieter van den Abeele's dual-processor G5 - compiling Vim in six and a half minutes did its fair share of impressing visitors to the Gentoo booth. Nobody stayed long enough to wait for the end of an X compilation, but at 58 minutes they wouldn't have needed that much stamina after all...

Figure 1.1: Skeptical? Nah, not really: picture taken seconds before John 'maddog' Hall buys two Gentoo LiveCDs, FOSDEM edition

Sadly, the quantum singularity Daniel Robbins and Wout Mertens discovered at last year's show seemed to have disappeared. Richard Stallman, posing as Saint Richard of the Church of Emacs, had an Assisian encounter with a dove, while speakers from Robert Love to Keith Packard attracted equally huge crowds to their presentations on the ULB campus. And the Gentoo developers used their spare time to do some retroengineering and brought drobbins' singularity back! All is well that ends well.

Figure 1.2: Rediscovered quantum singularity at the Gentoo dev sleeping quarters (with former beverage containers)

Germany: Reminder for Chemnitzer Linuxtag

The Chemnitzer Linuxtag activists are all set and ready to accomodate visitors at the Gentoo booth on 6 and 7 March 2004. A coordination thread at the forums is available here.

Gentoo Linux Project still looking for an additional dialup developer

Since we didn't get any volunteers when we announced this two weeks ago, we're still looking for a developer to join the net-dialup team to help quash bugs and maintain ebuilds. We're looking for dedicated devolpers, preferably with experience in developing for dialup packages and writing ebuilds. If you're not sure you have what it takes, check out this bug list. If you're still interested, send an email to Heinrich Wendel with some background info.

2.  Featured Developer of the Week

Ned Ludd

Figure 2.1: Ned Ludd

Our featured developer for this week is Ned Ludd (solar), a developer working on the Hardened Gentoo, Gentoo Infrastructure and Embedded Gentooprojects, as well as an itinerant dev in the security realm. He has been instrumental in establishing (or re-establishing) an organized security group amongst the developers, who handle the Gentoo Linux Security Announcements as well as identifying, assessing and tracking security bugs associated with the distro and its various packages. He has also been working on development toolchains, within both the Gentoo base system and the new Embedded Gentoo project.

Ned started using Linux in 1995, with the venerable Slackware distribution and a 1.x series kernel. His interest in computer security prompted him to start developing an maintaining kernel security patches with the 2.2.x series. He even began his own small security-enhanced distribution (linbsd), to implement a BSD-style ports system on Linux. When he discovered Gentoo, which had a larger developer community and features like grsec support, he decided to move his efforts and support behind it. He became an official dev in the usual way - by offering support and contributions, particularly in the #gentoo-hardened channel. After providing things like the original grsecurity policy examples, he was invited to take on a more formal role. In addition to such projects, Ned has contributed to other Open-Source security projects such as the hogwash packet scrubber and the middle-man filtering proxy. He is currently active in the PaX project to provide kernel protection against memory-related security faults, such as stack overflow attacks.

Ned reflected on some of the work he and his team-mates have been performing: "I'm really proud of the accomplishments we have made recently with PaX and the kernel and userland. It's becoming easier to for the novice user to take advantage of these types of protection without having to understanding all the inner workings. We also make it easier for the advanced user that loves to play with settings and try different security modules out." He added that he feels that the work he and the Hardened Gentoo herd are doing results in the fact that "we are slowly becoming leader in secure kernel and toolchain technologies by putting an end to all arbitrary code execution".

Ned is a partner in a consulting and system integration firm operating out of Savannah, Georgia in the United States. Their primary market is the provision of secure Linux server solutions and large-scale embedded wireless solutions. He is politically active, including membership and activism in Earth First, Food Not Bombs. He also helped start the grass-roots radio station, Radio Free Cascadia. His favorite quote is a slogan from the possibly eponymous Luddites: "The machine is the enemy, smash it without mercy", which he claims is prompted by the movie "Office Space". He concluded with a observation about Gentoo: "it's nice to be king of your own hill."

3.  Gentoo Security

phpMyAdmin < 2.5.6-rc1: possible attack against export.php

A vulnerability in phpMyAdmin which was not properly verifying user generated input could lead to a directory traversal attack.

For more information, please see the GLSA Announcement

Updated kernel packages fix the AMD64 ptrace vulnerability

A vulnerability has been discovered by in the ptrace emulation code for AMD64 platforms when eflags are processed, allowing a local user to obtain elevated priveleges.

For more information, please see the GLSA Announcement

Clam Antivirus DoS vulnerability

Oliver Eikemeier has reported a vulnerability in Clam AV, which can be exploited by a malformed uuencoded message causing a denial of service for programs that rely on the clamav daemon, such as SMTP daemons.

For more information, please see the GLSA Announcement

4.  Heard in the Community

Web Forums

X No Longer Free?

The XFree team has changed their license policy two weeks ago, to something that isn't compatible to the GPL any longer. The Gentoo developers have already drawn their own conclusions from this, and will refrain from adding XFree86 versions under the new license scheme to the portage tree for the time being. There's plenty of room left for discussion at this thread:

• Xfree no longer free ?

New Forum for AMD64

Opteron users of Gentoo Linux have achieved critical mass to deserve their own platform inside forums.gentoo.org. Threads that were scattered over other forums have been moved to the new one, and any new debate on 64-bit x86 architectures will belong here:

• [forums-announce] New AMD64 Forum!

Bootsplash for 2.6 Kernels Available

One of the most lively long-term debate in the Forums has been the bootsplash howto and its companion thread, the support discussion. Since last week, 2.6 kernel users can also benefit from the collective effort - gently hiding the fine print of a Linux boot process behind shiny handmade flash screens:

• The Gentoo Framebuffer, Bootsplash & Grubsplash How-To
• Gentoo Framebuffer, Bootsplash & Grubsplash - SUPPORT

gentoo-user

XFree86 Alternatives

The XFree86 4.4 is being released under a revised license that isn't fully compatible with the GPL. Because of this, several distributions--including Gentoo--have users looking at alternatives. One of them is Y-Windows, which was discussed in this thread.

gentoo-dev

Portage and Bittorrent.

Here is an interesting idea about using bittorrent (or at least some of it's code) to share source packages around. Although there obvious benefits like sharing bandwidth, faster downloads, and less effects from downtime, there are some downsides. These include security, responsibility and possible design incompatibilities. Have a look for more infomation.

5.

6.  Bugzilla

Summary

• Statistics
• Closed Bug Ranking
• New Bug Rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 13 February 2004 and 19 February 2004, activity on the site has resulted in:

• 669 new bugs during this period
• 392 bugs closed or resolved during this period
• 17 previously closed bugs were reopened this period

Of the 5160 currently open bugs: 0 are labeled 'blocker', 0 are labeled 'critical', and 0 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

• Java Team, with 48 closed bugs
• Mozilla Gentoo Team, with 38 closed bugs
• Gentoo KDE team, with 27 closed bugs
• Gentoo Linux Gnome Desktop Team, with 20 closed bugs
• Python Gentoo Team, with 14 closed bugs

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

• Core System Packages Team, with 19 new bugs
• AMD64 Porting Team, with 19 new bugs
• Media-Video Herd, with 13 new bugs
• Gentoo KDE Team, with 13 new bugs
• Portage Team, with 12 new bugs

7.  Tips and Tricks

Converting Text Files

This week's tip shows you how to convert files from Windows format to UNIX format and vice versa. This can be handy if you've ever opened a file that was created in Windows and found your screen full of of ^M characters at the end of every line.

The easiest way to convert files back and forth is to use the dos2unix and unix2dos commands provided by app-text/dos2unix and app-text/unix2dos.

% dos2unix file.txt
% unix2dos file.txt

If you're missing these commands and can't install them, you can also use tr and sed

(Convert from DOS/windows to unix)
% tr -d '\015' < win.txt > unix.txt

(Convert from unix to DOS/windows)
% sed -e 's/$/\r/' unix.txt > win.txt

8.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

• none this week

Adds

The following developers recently joined the Gentoo Linux team:

• Jason Stubbs (jstubbs) - portage documentation/modularization

Changes

The following developers recently changed roles within the Gentoo Linux project:

• none this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN Feedback

Please send us your feedback and help make the GWN better.

11.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Dutch
• English
• German
• French
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish