Gentoo Weekly Newsletter: November 1, 2004Report from last week's Linux World Expo in Germany (Frankfurt) The Linux World Conference & Expo in Frankfurt is one of Germany's top 5 specialized fairs, with 15,000 visitors and its main focus on commercial Linux offerings. The exhibition serves as a platform for Linux products and development, and is complemented by a conference program spanning all three days. Gentoo was present in the ".org Pavilion" next to a lot of other non-commercial community projects. The German non-profit association "Förderverein Gentoo e.V." had been in charge of organization, and brought together more than ten Gentoo developers from Germany, Austria and the Switzerland to man the booth.
There was quite some interest in the large variety of supported platforms displayed at the Gentoo booth this year, from various x86 and PPC laptops to three Ultra-Sparc machines, and even a Siemens Primergy quadruple Xeon server. With half a dozen hosts constantly building base systems or emerging applications, a dedicated Mini-ITX based distfiles server was put in place as a local repository right at the booth, very convenient for both staff and Gentoo users passing by. Several visitors came to get special support for their Gentoo installations, or just wanted to meet some of the developers involved in the project. One of their most frequent request was a "server edition" or "Enterprise Gentoo", with a more stabilized tree and more comfort for updates in a production environment - hardly surprising, since the LWE is a predominantly commercial trade fair. Special LWE edition Gentoo x86 LiveCDs (nicknamed "Fizzlewizzle") featuring German localizations of KDE, extensive documentation and a nightview of Frankfurt's office district on the CD label were distributed at the booth. Both the ISO image (remastered by Tobias Scherbaum) and Christian Hartmann's artwork to print directly onto the media can be downloaded from here.
Mixed messages were heard from neighboring exhibitors: While Sven Herzberg of the Gnome booth was kind enough to point out that Gentoo's bugzilla (unlike his own project's older version) provides buglists in iCalendar format for import into Evolution, Sun Microsystems had disappointing news about the future availability of Java on the PowerPC platform - none planned, unfortunately. Their project Looking Glass remains quite an eyecatcher, though. Call for help: Experienced J2EE developers needed Karl Trygve Kalleberg of Gentoo's Java team really needs help: "Judging from the number of bugs and requests for feature enhancements that we've been assigned in the recent past, there must have been increased interest in Java applications since the release of Eclipse," explains Karl. The first request for additional help went out in August, but this time there's a tad more urgency to it: If you're an experienced Java developer, especially with a J2EE track record, please mail Karl and the Gentoo recruiters team today. Coming up: Gentoo Bugday on Saturday, 6 November 2004 Gentoo Bugday is a monthly event where users and developers gather on IRC to fix lots of bugs. This unique opportunity to meet the devs and directly participate in fixing problems has been hugely successful, in the past. A dedicated IRC channel has been set aside for this collaborative effort, #gentoo-bugs on irc.freenode.org, and if you want to participate, all you have to do is /join the channel. MySQL: Multiple vulnerabilities Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL. For more information, please see the GLSA Announcement Gaim: Multiple vulnerabilities Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code. For more information, please see the GLSA Announcement MIT krb5: Insecure temporary file use in send-pr.sh The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. For more information, please see the GLSA Announcement Netatalk: Insecure tempfile handling in etc2ps.sh The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. For more information, please see the GLSA Announcement socat: Format string vulnerability socat contains a format string vulnerability that can potentially lead to remote or local execution of arbitrary code with the privileges of the socat process. For more information, please see the GLSA Announcement mpg123: Buffer overflow vulnerabilities Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code. For more information, please see the GLSA Announcement rssh: Format string vulnerability rssh is vulnerable to a format string vulnerability that allows arbitrary execution of code with the rights of the connected user, thereby bypassing rssh restrictions. For more information, please see the GLSA Announcement PuTTY: Pre-authentication buffer overflow PuTTY contains a vulnerability allowing an SSH server to execute arbitrary code on the connecting client. For more information, please see the GLSA Announcement GPdf, KPDF, KOffice: Vulnerabilities in included xpdf GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file. For more information, please see the GLSA Announcement Archive::Zip: Virus detection evasion Email virus scanning software relying on Archive::Zip can be fooled into thinking a ZIP attachment is empty while it contains a virus, allowing detection evasion. For more information, please see the GLSA Announcement To sleep - perchance to dream: ay, there's the patch Ending many months of insomnia in PowerBooks, Gentoo/PPC developer JoseJX reported in a Forum thread on Wednesday that Benjamin Herrenschmidt, the PPC kernel maintainer, has published his latest enhancement to the power management of portable Macs, more specifically for putting the aluminium PowerBooks with ATi graphics chipsets to sleep. Benh's patch seems to apply cleanly to Gentoo's development sources 2.6.9-r1, and a wave of gratitude is washing over the PPC forum: Analogue distributions Users commented on a new linux distribution vidalinux which is based on Gentoo. It uses the Gentoo system tools and portage as its package manager. Master USE Several discussions arose this week regarding USE flags in Portage. USE flags provide a convenient approach to managing support and dependency information when emerging packages. Understanding what flags are necessary and how they might impact a system's configuration can be challenging for new users. Binary pop One user noticed that etc-update was asking them to overwrite /etc/X11/xdm binary files in addition to just configuration files. A few glibc changes Travis Tilley has again done some (major) changes to Gentoo's glibc. This includes enabling some sanity checks, and improved DNS and mDNS handling. "Planet Gentoo" blog aggregator Daniel Drake presents a proposal for a Gentoo Blog Aggregator to provide users and developers with a better overview of developments in Gentoo. The ensuing discussion centered more on the usefulness of such a service, as many people dislike blogs. GLEP 29: USE flag grouping In another GLEP started this week, Ciaran McCreesh proposes some new input on USE flag groups. This should enable users to select groups (for example, @KDE, @MULTIMEDIA), but the fine details (what does @KDE -@GNOME do?) are still not perfectly worked out. Joe Barr has written a tongue-in-cheek piece answering the question what the choice of Linux distributions says about a person. According to Barr, Gentoo's motto is "If it moves, compile it," supposedly making it the distribution most appealing to lone ranger types like John Wayne. The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 24 October 2004 and 30 October 2004, activity on the site has resulted in:
Of the 7368 currently open bugs: 115 are labeled 'blocker', 255 are labeled 'critical', and 551 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Last week's GWN introduced brandnew Portage features, this week we'd like to take you back to a venerable, sturdy old feature that's hot nonetheless: PORTAGE_NICENESS. Let's look at some basics first. Very simply put, the Linux kernel has a (process) scheduler that selects which process to run next in your system. One factor influencing the scheduler's decision about which process to assign CPU time to, is the priority of a process. Processes with a high priority will run before those with a lower priority, and processes with the same priority will take turns in running, one after the other and over again. Better have a look at it for yourself: Run top from a terminal on your host and pay special attention to the PR and NI columns:
The PR column indicates the priority level of a process, the value in the NI column displays the so-called nice value of process, which allows you to adjust the priority of a running process. Possible values range from -20 (very high priority), via 0 (standard priority) to 20 (very low priority). In our little example the xscreensaver process has a higher nice value than X, which indicates that X has a higher priority than xscreensaver. Now, how do we make this work to our advantage when using Portage? If you keep using your computer while compiling packages you will notice that your box is much less responsive as usal. This is caused by having two "groups" of processes with the same nice priority: your usual running tasks on one side, and emerge (and its child processes) on the other. Now, if you could renice emerge and its children to a higher nice (i.e. lower priority!) value, compiling would inevitably take somewhat longer, but you could use your workstation without noticing much difference to its usual performance. That's what the PORTAGE_NICENESS parameter in /etc/make.conf is for:
You can generally "renice" individual processes from the commandline, (e.g. renice 0 -p 8148 to prioritize xscreensaver in the above example), but this will not work with emerge, as Portage reads the PORTAGE_NICENESS setting from /etc/make.conf once and executes all child processes with the specified nice value. The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 10. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
