Figure 3.1: Joshua Kinard
Gentoo announces web redesign contest
The Gentoo Foundation has announced plans to redesign the various web sites that are part of the Gentoo community with a new, universal theme. Being a community-based distribution, we decided to solicit submissions for the new look and feel from our users.
We are officially opening the Gentoo Foundation Web Redesign Contest. This contest gives you, as a Gentoo user, the ability to design the new look and feel that will define Gentoo Linux for the imediate future. The winning design will be selected by the community via an open voting process. For full details, please see our contest guidelines.
We're very pleased to announce that bootsplash is now working in PPC. Bootsplash is a kernel patch that allows images to be displayed during the boot seqeunce in addition to or in lieu of traditional boot messages. Thanks to developer Michael Januszewski's hard work, bootsplash is now independent of vesa-framebuffer. The latest ebuild (media-gfx/bootsplash-0.6.1-r4) is now ~ppc-masked, and the bootsplash_patch works on development-sources (the patch will be included in gentoo-development-sources soon). For more information, see the bug report and forum discussion.
mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
mit-krb5 contains multiple buffer overflows in the function krb5_aname_to_localname(). This could potentially lead to a complete remote system compromise.
For more information, please see the GLSA Announcement
Pavuk contains a bug potentially allowing an attacker to run arbitrary code.
For more information, please see the GLSA Announcement
Esearch: Insecure temp file handling
The eupdatedb utility in esearch creates a file in /tmp without first checking for symlinks. This makes it possible for any user to create arbitrary files.
For more information, please see the GLSA Announcement
Linux Kernel: Multiple vulnerabilities
Multiple vulnerabilities have been found in the Linux kernel used by GNU/Linux systems. Patched, or updated versions of these kernels have been released and details are included in this advisory.
For more information, please see the GLSA Announcement
Apache 2: Remote denial of service attack
A bug in Apache may allow a remote attacker to perform a Denial of Service attack. With certain configurations this could lead to a heap based buffer overflow.
For more information, please see the GLSA Announcement
Pure-FTPd: Potential DoS when maximum connections is reached
Pure-FTPd contains a bug potentially allowing a Denial of Service attack when the maximum number of connections is reached.
For more information, please see the GLSA Announcement
3. Featured Developer of the Week
Joshua Kinard
Figure 3.1: Joshua Kinard |
|
This week, we feature Joshua Kinard, who goes by kumba due to a fascination with the "Kumba" roller coaster at Busch Gardens, Tampa Bay. Joshua serves as the team leader for the MIPS project, although he describes that role as being just "another part of the MIPS teams ...we all work together to keep Gentoo running on what some might consider the strange MIPS architecture." Some readers may be more familiar with MIPS as a processor architecture that powers the Silicon Graphics workstation. Joshua has also contributed some porting work for the Sparc processor, and serves as a member of the embedded, base-system and toolchain herds. Joshua's work for the MIPS project consists of maintaining the mips-sources kernel tree ebuilds, porting ebuilds, recruiting developers, building the netboot images and contributing to the Cobalt port. He also works on the Sparc toolchain, and contributed the crossdev script for building cross-compiler environments.
Joshua first heard about Linux six or seven years ago, although at the time he confesses he and his friends "thought it was some kind of Windows add-on." After learning more, he was intrigued and purchased a boxed version of Red Hat 5.2. He also had access to a remote server shell account, which gave him the opportunity to become familiar with the Linux command line. In late 2001, he acquired a Sun Blade-100 System that he intended to install Linux on. Red Hat's Sparc port was defunct, so he was shopping for a distro for the new system. He remembered "an obscure distribution mentioned in an IRC channel" and installed it. He's been using Gentoo ever since. In 2003, his interest in helping Jan Seidel implement a MIPS port was noticed, and he was asked to join the team as a developer. This was not his first Open Source project - he is also the author of Program Killer, a Windows application for blocking spyware, P2P, IM traffic or other applications, based on administrative settings.
Given his role as a developer, Joshua's eclectic collection of computers should provoke no surprise. In addition to the Sun Blade mentioned earlier, he has an SGI Indigo2 , an SGI Indy, a SGI O2 and a Cobalt Microserver - all running Linux. Two other SGI boxen and a Sun SPARCstation are currently not in use. His collection is rounded out by a dual PIII system running Windows 2000. Under Linux, he claims the tools he uses are fairly prosaic. He does confess to a fondness for Mozilla Mail, the StormLab doppler radar information client and the art of Greg Martin.
Joshua recently completed a degree in Computer and Information Sciences at the University of Maryland University College. He also worked at a local College Computer lab providing user support and system administration. He has commenced the usual post-graduation job search, hoping for a job where he "can apply [his] computing/Linux knowledge." He is a "bona fide geek", with few non-computer related hobbies. This is reflected in his use of Middle Earth place names for his servers. He also confesses to the common geek fondness for Babylon 5, and quoted the former Centauri Emperor for a favorite saying: "The past tempts us, the present confuses us, the future frightens us. Our lives slip away, moment by moment, lost in that terrible in between."
Flavour of the Week: 3D Desktops
Reading the hardware requirements (2 GHz CPU and 512 RAM minimum) may turn off many veteran Linux users, but Sun's new desktop Looking Glass was put under the GNU public license last week, reason enough to be cheered on by many Gentoo Forum posters. Sailing in the wake of Sun's mother ship, a somewhat lighter French 3D solution called Metisse, based on a virtual X server and a modified FVWM window manager , is being discussed almost as enthusiastically:
Mailing List Etiquette
A plea from one mailing list member started a good thread on standard mailing list etiquette. A good read if you are new to email lists!
The Mail Client Thread
Gentoo offers a wide variety of mail clients for its users. This large thread tackled the topic of the eternal question: "Which one is best?"
Multibooting 2.4 and 2.6 Kernels
Check out this comprehensive thread for multibooting with 2.4 and 2.6 kernels.
USA: Linux World Expo in San Francisco
Four more weeks to go before the Californian franchise of the Linux World Expo opens its gates, at the Moscone Center in downtown San Francisco, from 2 to 5 August 2004. Just like last year, Gentoo will be present inside the exposition hall, this year at booth number 270 (floor plan available as PDF). Besides the exhibition, you will not want to miss Greg Kroah-Hartman, udev maintainer and Gentoo developer in his own right, battle it out with Andrew Morton, Timothy Widham from OSDL and three open source evangelists from Apple in an OSS trivia quiz called the "Golden Penguin Bowl". Corey Shields from the Gentoo infrastructure team is on the speaker's list, with a presentation on "High Performance Linux Storage Management", and he has also set up a Gentoo Community Meeting on day two of the show (3 August 2004 from 17:30 to 19:00): a BoF (Birds of a Feather) gathering for all Gentoo afficionados, developers and users alike, which will also include a GPG keysigning party. Contact Corey for details about the procedure.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 26 June 2004 and 02 July 2004, activity on the site has resulted in:
Of the 6706 currently open bugs: 138 are labeled 'blocker', 183 are labeled 'critical', and 515 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Tips and Tricks is on hiatus this week.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: