Forums Migration to New Hardware Completed
The migration of the Gentoo Forums to two new machines generously provided by OSU OSL has been successfully completed last week. Immediately after the new hardware went online on Tuesday, almost 500 users were seen online at the same time. Out of a total of roughly 65,000 registered Forum users they were the first to experience the performance boost gained from a web frontend that moved from a single-processor 1 GHz PIII to a hyperthreading Dual 2.4GHz Xeon server with 1 GB of RAM and an 80 GB disk, while the database backbone for the Forums now resides on a powerful Dual 3.0GHz Xeon machine, with hyperthreading, 4 GB of RAM and 70 GB worth of RAID5 SCSI disk space. Room enough for growing the Forum userbase beyond 100,000...
No updates this week.
kdelibs: Cross-domain cookie injection vulnerability
The cookie manager component in kdelibs contains a vulnerability allowing an attacker to potentially gain access to a user's session on a legitimate web server.
For more information, please see the GLSA Announcement
Linux Kernel: Multiple information leaks
Multiple information leaks have been found in the Linux kernel, allowing an attacker to obtain sensitive data which may be used for further exploitation of the system.
For more information, please see the GLSA Announcement
MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.
For more information, please see the GLSA Announcement
zlib: Denial of service vulnerability
The zlib library contains a Denial of Service vulnerability.
For more information, please see the GLSA Announcement
Gaim contains several security issues that might allow an attacker to execute arbitrary code or commands.
For more information, please see the GLSA Announcement
4. Featured Developer of the Week
NN - Your Name Here?
No featured developer this week. If you're a Gentoo developer and you would like to see your portrait here, please contact the GWN team.
Deltup Comeback
When an application needs upgrading, Xdelta provides a method of compressing deltas - the original new tarball isn't needed in its entirety, only the actual changes to an older source file already present in your system. By downloading and patching only the bare necessities it can help saving bandwidth for dial-up users and others who'd like to speed up an update run. Because its first Gentooified version, the Deltup project (introduced to the tree about a year ago) wasn't really doing anything anymore, due to the lack of updated delta files on the corresponding server, Deltup was finally removed from Portage only a few weeks ago. While Xdelta fans are waiting for Gentoo developer Brian Harring's GLEP to make inroads to Portage, it looks! like Deltup may be on its way back in earlier than expected, thanks to Blackpenguin, a forum user who's set up a new "dynamic deltup server" working a little differently from the old version: Everytime someone looks for a source not yet available on the server, it queues the request and starts making the delta file, thus dynamically growing its file base to the point of actual usability. To spread the workload Blackpenguin is also looking for additional server capacity, either caching files or providing complete Deltup service redundancy. Complicated as it may seem on the server side, it's completely transparent to users - Blackpenguin even uses the old ebuild that had been in Portage before, without any changes, only the download wrapper is slightly different... Check the thread in the forums and his website here:
MOCA Camp Photo Fallout
The Metro Olografix Summer Camp is over, and those who didn't make it this year can still benefit from the picture harvest of several happy Italian Gentooista MOCA campers. Velenux went and made a nice little photo report, and Silian87 has put up an entire collection of pictures, mainly of him and his buddies featuring lots of portable electronics, plus views of the camp and a few funny shots. The MOCA thread in the Italian Forum is still active, too, in case you'd like to chat with those who went, and last but not least there's the official picture gallery by the MOCA organisers.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 21 August 2004 and 27 August 2004, activity on the site has resulted in:
Of the 6914 currently open bugs: 139 are labeled 'blocker', 202 are labeled 'critical', and 559 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
This section is always looking for volunteers to submit their favourite Linux shortcuts, bash scripting tricks and other ideas to make life with Gentoo Linux a little more comfortable. If you have anything you'd like to share with other users, please submit it to the GWN team.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: