Gentoo Weekly Newsletter: October 4, 2004
Website redesign finalists up for voting
The Gentoo Foundation's website redesign contest has reached its final stage. More than 30 designs had been submitted to the preselection committee, and choosing only five candidates was not easy for the jury. Now the finalists are up for public assessment at the contest webpage, and Gentoo users get to vote for their favorite design. A poll has been set up at the Gentoo Forums, and registered users can enter their vote here no later than 8 October 2004.
Gentoo PPC developers meet in Germany
Among the remarkable things to happen at the first international Gentoo PPC developer meeting was the mere appearance of one of its participants: Bryon Roche, who pioneered the port of Gentoo to the PPC platform in early 2002, had disappeared from active Gentoo development more than half a year ago when he joined the U.S. infantry. Last Thursday he was reunited with his European developer colleagues at Kransberg Castle, which is just a 20-minute drive from his German outpost...
Figure 1.1: Gentoo PPC co-founder Bryon Roche
Working together exclusively over IRC and mailing lists may be only a substitute for real-life interaction, but getting together in the flesh for the first time, in the Taunus mountain area just north of Frankfurt am Main, really was like meeting old friends. Only a few of the participants knew each other from FOSDEM in Brussels earlier this year, making this new opportunity attractive enough for e.g. Michael Hanselmann from Switzerland to spontaneously decide on Thursday morning to hop on the next train to Frankfurt to be there, too. David Holm (Sweden) and Luca Barbato (Italy) had attended the Freescale Smart Networks Developer Forum in Frankfurt since Tuesday, and Lars Weiler (Germany) and Damien Krotkine (France) joined for the last day of that conference, dedicated to introductory seminars for the recipients of free PegasosPPC desktop computers handed out by the organizers. Four of those donated Pegasos machines (with Debian and Yellow Dog Linux plus the exotic MorphOS operating system pre-installed) ended up at the castle, one of them not lasting 10 minutes before a Gentoo LiveCD was spinning on it. Like G.I. Kain, Pieter van den Abeele and Jochen Maes (both from Belgium) and guest dev Benjamin Judas (Germany), the release engineer for x86, only came to attend the Gentoo gathering.
Figure 1.2: Screen shot of a Pegasos desktop PC running Gentoo Linux from a PPC-LiveCD
On top of the Gentoo PPC meeting's agenda was the release engineering for 2004.3, centering on questions like choosing udev for device handling, and whether to address hardware issues in the kernel. Pvdabeel announced a new KDE/Gnome LiveDVD for PPC, SeJo reported from talks he had had with Benjamin Herrenschmidt, the PPC kernel maintainer, and motioned for Java 1.5 to be masked at this stage, because of its lack of backward compatibility. A tentative roadmap for PPC development in 2005 was also drafted, and old and new reponsibilities were discussed and assigned to individual developers.
Figure 1.3: From left to right, above: plate, beejay, pvdabeel, dams; below: pylon and lu_zero
Figure 1.4: Hansmi, dholm and sejo
Amid all the serious talk there was space and time enough for recreation, of course. Pvdabeel and SeJo had cleverly thought in advance to bring Belgian beer in quantities that would have been enough, all truth told, to entertain twice as many people. Photos of the event including a few shots of the scenery surrounding the castle, the insides of donated PegasosPPCs, and mug shots of all attendants are here, and even more are here, including lots of pictures from SNDF.
Nvidia Nforce network chipset driver change in Portage
Daniel Drake announced last week that the proprietary nforce-net driver currently in Portage would be removed in favour of its open-source alternative forcedeth. Forcedeth contains fixes to those bugs in nforce-net that nobody outside of Nvidia was able to address, and it is also supported by Nvidia itself, which recently provided some important patches to the reverse-engineered code of the Forcedeth project. DSD's developer space on gentoo.org contains instructions for Gentoo users on replacing the driver.
X.org, XFree86: Integer and stack overflows in libXpm
libXpm, the X Pixmap library that is a part of the X Window System, contains multiple stack and integer overflows that may allow a
carefully-crafted XPM file to crash applications linked against libXpm, potentially allowing the execution of arbitrary code.
For more information, please see the GLSA Announcement
Subversion: Metadata information leak
An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
For more information, please see the GLSA Announcement
sharutils: Buffer overflows in shar.c and unshar.c
sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution.
For more information, please see the GLSA Announcement
Heard in the community
A sci.crypt newsgroup posting by Tom St. Denis triggered a forum thread about whether vulnerabilities in MD5 make it possible to get malicious code past security and into the Portage tree:
Newcomers and etc-update
Using etc-update properly is vital to the ongoing stability of your Gentoo system. However,
at the same time it can be one of the most confusing aspects for people new to Gentoo. Many
other distributions do the "work" of maintaining most of the configuration files,
however Gentoo's hands-on approach requires gaining sufficient knowledge to surf through the
/etc directory and at least know what the files are for. This thread was started by a Gentoo
newcomer who accidentally overwrote most of his /etc configuration files, and it discusses methods
for recovering as well as some handy etc-update use tips.
The possibilities and security implications of non-root (i.e. normal user) emerges were discussed in this thread. Portage has limited support ("userpriv" and "sandbox" features), but the installation of software needs root privileges at some point.
Removing dhcpcd from system?
This long thread weighed the pros and cons of having dhcpcd as part of the system profile, drifting off to a discussion of what needs to be part of the base system in the first place.
Integrating the hardened toolchain and better NTPL support
Travis Tilley caught the list's attention with two topics this week: "Recent gcc ebuilds have been patched to recognise an environment variable, GCC_SPECS, that sets which specs-file should be used. The gcc 3.4.2-r2 ebuild also builds both hardened and non-hardened specs files for all users," in reference to the efforts for integrating the hardened toolchain to Gentoo, and concerning support for NTPL: "[The ebuild] builds glibc twice, once with and once without nptl. The nptl libs go into lib/tls where they belong and are used by default when using a 2.6 kernel and LD_ASSUME_KERNEL isn't set."
Italy: Gentoo installation week at University of Bologna
It is only open to registered students of information science at Bologna's university, but it is a highly interesting initiative: During the entire week of 11 to 15 October, weathered Gentooists of the faculty will provide an "assisted installation" of Gentoo Linux on their co-ed's PCs. For those who have access to it, all the necessary details are to be had via the university's internal newsgroup, unibo.cs.students. Although it is of immediate benefit only to a limited audience this time, the event doubles as a dress rehearsal for a planned public Bolognese "Gentoo Installation Week" in the near future.
Gentoo in the press
Linux.com (28 September 2004)
Linux.com, the "Enterprise Linux Resource," carried an article by Jem Matz on "Gentoo in the server room", reflecting the use of Gentoo Linux for web servers and back room production platforms, featuring two Gentoo sponsor companies, Tek Alchemy and Seven L Networks.
Linux Format (October issue 2004)
Linux Format, a UK Linux magazine published by the Future Publications group, has Gentoo Linux on the cover DVD of the October issue. This is a full source installation of Gentoo's latest 2004.2 release, with the DVD booting as an x86 LiveCD and more than 2GB of source in the distfiles directory. The magazine also contains detailed information on installing Gentoo. The CD version of the magazine has two CDs dedicated to Gentoo, and the DVD version also contains the AMD64 live CD ISO image.
LinuxPlanet (DistributionWatch, September 2004)
Sean Michael Kerner has just published his latest report called "DistributionWatch: Your Guide to Linux Distributions" at LinuxPlanet, one of the publications of Internet.com. Gentoo is featuring prominently in the "Major Linux distributions" section, while "Specialized distributions", interestingly enough, lists both Gentoo Linux and its predecessor Enoch, extinct since 1999...
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. Between 25 September 2004 and 01 October 2004, activity
on the site has resulted in:
- 714 new bugs during this period
- 426 bugs closed or resolved during this period
- 27 previously closed bugs were reopened this period
Of the 7175 currently open bugs: 136 are labeled 'blocker', 227 are labeled 'critical', and 555 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period are:
New bug rankings
The developers and teams who have been assigned the most new bugs during this period are:
Tips and Tricks
Some pretty .bashrc hints
This week we cover some nice to know bash tips that in my opinion every user should know of.
Do not remember a command you typed in a few days ago and can not find it because it has already been removed from your .bash_history? Then it is time to increase the number of lines bash keeps in its history file.
Code Listing 7.1: ~/.bashrc
Note: To find commands in your history easily use the ctrl+r shortcut to reverse-search your .bash_history as you type.
If you want to stop bash from creating a history file simply add export HISTFILE=/dev/null to your .bashrc.
Another nice tip is to put export HISTCONTROL=ignoredups into your .bashrc that will stop bash from caching duplicate lines.
Moves, adds, and changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: