Figure 4.1: Christian Andreetta
The first Gentoo UK Meeting will be held at Salford University, Manchester, on Saturday 4th September 2004. The day's events will be a mixture of presentations from invited speakers and break-out sessions where you get the chance to discuss the aspects of Gentoo that matter to you with the developers who will be attending on the day.
Confirmed Gentoo Linux developers attending include Stuart Herbert from the PHP and web-app teams, Rob Holland from the tenshi project, and Ciaranm McCreesh from the Sparc team.
We're also delighted that Harry Moyes from Manchester Wireless (www.manchesterwireless.net) will be speaking at the event.
Full details can be found here: http://dev.gentoo.org/~stuart/2004/
Our thanks to Reuben Finch from Freenode for organizing the event, and to Ricky Clarkson and Andrew Young of Salford University for their generous help and support.
Successful 2004.2 Release via BitTorrent Distribution
With only limited publicity for its debut, the latest release of Gentoo Linux was the first to try an additional method of distribution besides the usual HTTP or FTP downloads: BitTorrent filesharing. Looking at the data volume that has been piped through in the two weeks since the release, the introduction of such a P2P service for downloading Gentoo Linux was immediately very popular with users. The BitTorrent service provided by the German NPO Gentoo e.V. reports that already more than two terabytes worth of data have been processed by the tracker, with roughly one TB for the x86 and Athlon/P4 LiveCD images alone. Unlike other filesharing services, the MIT-licensed BitTorrent builds peer networks flexibly for each individual file, so that clients desiring information about download locations may get different partners for every downloadable item, and eventually provide chunks of data they've already got to others in the process.
Gentoo Forums receive a hardware upgrade
The Gentoo web forums recently received a much needed hardware upgrade. Many users have been commenting on the recent poor performance of the forums, which was caused by the site's continued growth and popularity. The new hardware, graciously provided by the OSU Open Source Lab, is nearly twice as powerful as the old system and should hopefully provide some breathing room for further growth. The Gentoo Foundation wishes to thank the OSU OSL for their continued support of the Gentoo Linux project.
Releng
The Release Engineering team has named a new Operations Lead: Chris Gianelloni (wolf31o2). The group is starting to get back into the swing of things after a well-deserved hiatus following the 2004.2 release. John Davis (zhen) has put together and released catalyst-1.0.9, which incorporates complete support for cascading profiles and preliminary X/GameCD support, which should completed by 2004.3's release.
rsync: Potential information leakage
rsync fails to properly sanitize paths. This vulnerability could allow the listing of arbitrary files and allow file overwriting outside module's path on rsync server configurations that allow uploading.
For more information, please see the GLSA Announcement
xine-lib: VCD MRL buffer overflow
xine-lib contains an exploitable buffer overflow in the VCD handling code
For more information, please see the GLSA Announcement
courier-imap: Remote Format String Vulnerability
There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root).
For more information, please see the GLSA Announcement
Qt: Image loader overflows
There are several bugs in Qt's image-handling code which could lead to crashes or arbitrary code execution.
For more information, please see the GLSA Announcement
Cacti: SQL injection vulnerability
With special configurations of Cacti it is possible to change passwords via a SQL injection attack.
For more information, please see the GLSA Announcement
Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
New releases of Mozilla, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including remote DoS and buffer overflows.
For more information, please see the GLSA Announcement
4. Featured Developer of the Week
Christian Andreetta
Figure 4.1: Christian Andreetta |
|
This week, we are featuring Christian Andreetta (satya), one of several developers supporting samba under Gentoo. In addition to the traditional developer activities of creating and supporting ebuilds, Christian focuses on providing support for antivirus integration, printing, and authorization tools like kerberos and ldap. He has also contributed to a number of other FOSS projects, like the python-based skunkweb and postgresql. He is also looking forward to becoming active working with the clusters and app-sci herds in Gentoo. When pressed for an example of work he was particularly proud of, he confessed to being pleased about the resolution to Bug #48871, a new Samba ebuild that resolved a number of other bugs.
Christian completed a Bachelor's degree in Information Engineering, specializing in biomedical and control systems. He is currently employed as a Technology Officer for the University of Padova in Italy, but hinted that he would be interested in working in Applied Research in other European countries. Christian began using Unix in the early 90s, with Solaris and HP-UX. In 1997, he was looking for a Unix-like operating system for his home computers and experimented with Red Hat and Slackware before settling on Mandrake. A magazine article in 2002 led hem to Gentoo, and he "converted all of [his] systems as soon as possible." He became a Gentoo developer by being active on bugzilla as a user, contributing patches and ebuilds. When a call went out for samba maintainers, he volunteered and was accepted based on his earlier work.
Christian usually develops using the Scintilla text editor, with the amaroK radio streamer running. kgpg, kworldclock and distcc-gnome are launched automatically when his system starts. He works on an Asus L3C laptop that is abundantly supplied with RAM, and uses KDE for his desktop environment. When away from his computers, Christian practices shiatsu massage. He prefers having people around him, which extends to a development philosophy that he describes as preferring "group work over lone", adding his pleasure at working with the other members of the Samba team. He closed with the observation that Gentoo provides "simple tools and is very well documented. Every user is easily a developer."
Don't Drink and Sing - Gentoo Song Revisited
Forum userKen{NoBeeb} aka Kristoffer Ericson from Sweden checked back on a thread he created in January, and was pleasantly surprised that apparently thousands of people had listened to the Gentoo song he recorded (while inebriated, or so he claims), and evidently liked it! So he re-mastered his old tune and put a new version up for download, this time in almost acceptable sound quality:
Booting from Floppies
For users with historic hardware, the standard installation method of booting from a Gentoo LiveCD can be challenging at times. Many alternative procedures including netbooting via PXE, rescue floppies borrowed from minimal Linux distributions exist, but for those who actually have a CD-ROM drive that's just refusing to boot from the media, the GPL'ed Smart Boot Manager may provide an easy solution:
UK: Gentoo Meet-Up Car Sharing Exchange
Since the venue for the planned UK meet-up in September has been decided, users have begun making travel arrangements to get to Manchester. Sheffield-based Gentoo developer Tomk has set up a tool on his website at dev.gentoo.org that helps tackling the UK Gentoo community's geographic challenges. If you plan on coming to Manchester by car, or seek opportunities to hitch a ride to take you there, check the UK Meet-Up Car Pool page provided by Tom.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 14 August 2004 and 20 August 2004, activity on the site has resulted in:
Of the 6889 currently open bugs: 135 are labeled 'blocker', 194 are labeled 'critical', and 554 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Often people compare the differences between two files using diff. But if you needed to do a comparison of similarities between files, comm is the command to use.
Code Listing 8.1: comm usage syntax |
comm [option] file1 file2
|
Note: both file1 and file2 need to be sorted before using comm as it does a line by line comparison. |
comm outputs three columns: lines that are unique to file1, lines that are unique to file2, and lines that are common to both files. The options '-1', '-2', '-3' will suppress the corresponding columns.
Running comm -2 file1 file2 with the following files, would output five.
Code Listing 8.2: comm output |
File1: one two three File2: one five three |
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: