Gentoo Logo

Gentoo Weekly Newsletter: November 29, 2004

Content:

1.  Gentoo News

Genesi starts shipping PegasosPPC with Gentoo Linux preinstalled

The Luxembourg-based company Genesi S.à.r.l. has announced that sales of their PegasosPPC Open Desktop Workstations (ODW) equipped with Gentoo Linux 2004.3 will start this week. Just hours after ordering of the ODW had become "quietly" available on the Freescale (i.e. the CPU manufacturer's) website on Thanksgiving Day, orders started pouring in, says Bill Buck, Genesi's CEO. The units are to be shipped to South Korea and will be the first to sport Gentoo Linux, on top of the previously included Debian and Yellowdog.


Figure 1.1: Fan-less assembled Pegasos II motherboard

Fig. 1: PegasosPPC ODW

According to Genesi, the PowerPC-based ODW offers "an anchor for the whole enterprise infrastructure." Optimized performance and lower price levels are the prime objectives, offering a solution to collapse the IT infrastructure into one family of scalable and upgradable hardware, and an open-source operating system and application base. "We think there will be a lot of interest in this concept, especially for national IT infrastructures where a progressively developing software resource based on GNU/Linux can significantly reduce the total cost of ownership," says Bill Buck. He wants a low-foot-print, low-power 32bit PowerPC solution "with a strong link to Gentoo and other non-commercial GNU/Linux distributions as a foundation." Genesi and Freescale foster development on their current Open Desktop Workstations, with the next hardware generation being tuned to market: The PegasosPPCs donated last month to Gentoo Linux and other developers are predominantly positioned as development machines, but they can serve as thin clients, workstation, netcom devices, file servers or clusters alike.


Figure 1.2: What's inside a Pegasos?

Fig. 2: Block diagram

Amidst MySQL servers and efforts at building Pegasos blade clusters, Gentoo developer David Holm and colleagues have been working on a Linux/PPC-based network firewall and mail filter application running on the Pegasos hardware. By utilising AltiVec to do parallel processing of data they hope to increase the maximum throughput of both network packets and e-mails. Developers at the Romanian subsidiary of Freescale are integrating their AltiVec enhanced VPN enciphering modules with this product. The base system is built by using the Gentoo uclibc stages in order to minimise the footprint so that it will fit on flash storage. Parts of the code developed for this project will be released as (L)GPL, the systems are scheduled to ship in early 2005.

Gentoo script repository

As the script-aided administration of Gentoo systems is clearly a very useful concept, the idea of a central script repository had already been formalized in an early Gentoo Linux Enhancement Proposal (GLEP). Lack of manpower has prevented this from finishing yet, but Gentoo developer Patrick Lauer now offers a provisional repository, awaiting integration into the official collection when GLEP #15 is finally implemented. This space is open to all users, not just official developers. For the time being, if you want to contribute, send your script(s) with a short description (and in case they are not in the public domain, some license information attached to it) directly to Patrick.

News from the Gentoo translators projects

With the announcement of the Japanese translator team that their version of the Gentoo Handbook for x86 now reflects all changes done for the 2004.3 release, there are currently six alternative languages available with a mostly or even completely up-to-date translation of the English default handbook. While the German version had already been in sync with the English documentation since the day of the release, Danish, French, Spanish and traditional Chinese have been added over the course of the last two weeks. Other languages are bound to follow, and you can speed up things by helping the translation teams in your language: contact the project leads listed here if you would like to contribute your time.

2.  Future zone

Shifting to 2.6 kernel as default

Traditionally, our installation documentation has instructed users to install a Linux 2.4 kernel to power their Gentoo installation. Linux 2.4 is now in maintenance mode and has been superseded by Linux 2.6.

Linux 2.6, initially released at the end of 2003, is the result of years of rapid development, providing many new features and improvements. Notable changes include much improved desktop interactivity, multimedia improvements such as new sound drivers (ALSA), improved hardware and architecture support, additional security capabilities, improved multi-processor (SMP) efficiency, and many other changes. Linux 2.6 is still under constant development and has now reached a mature stage.

Gentoo Linux has always provided and semi-supported Linux 2.6 for an option for users, and a few architectures have recently moved to making this their recommended kernel (ppc, ppc64, amd64, ia64). For other architectures such as x86, the default supported kernel is still Linux 2.4. For the 2005.0 release, the Gentoo kernel developers are working to make Linux 2.6 the default kernel for all supported architectures upon which 2.6 runs well. All new installations will run Linux 2.6, and at time of release, existing 2.4 users will be encouraged to migrate.

Preparation for this switch has already begun. Our 2004.3 LiveCD, unlike previous releases, runs the Linux 2.6 kernel internally by default, and feedback from this has been very positive. Our Gentoo-supported Linux 2.6 package, gentoo-dev-sources, has been extended to be supported by as many architectures as possible, whereas its 2.4 predecessor (gentoo-sources) is really only aimed at x86 users. Thankfully, the process of migration from Linux 2.4 to 2.6 is relatively simple, but documentation is in development to highlight caveats in the migration.

For the 2005.0 release, the 2.6-based gentoo-dev-sources package will be merged into gentoo-sources. Other kernel packages will undergo similar operations (e.g. development-sources merging into vanilla-sources), and the 2.6 releases will be the default kernels under these package titles. Linux 2.4 will still be supported, and will be selectable through an alternative Portage profile. We have some more work to do beforehand, but we will provide complete documentation when this change settles into place.

3.  Gentoo security

X.Org, XFree86: libXpm vulnerabilities

libXpm contains several vulnerabilities that could lead to a Denial of Service and arbitrary code execution.

For more information, please see the GLSA Announcement

unarj: Long filenames buffer overflow and a path traversal vulnerability

unarj contains a buffer overflow and a directory traversal vulnerability. This could lead to overwriting of arbitrary files or the execution of arbitrary code.

For more information, please see the GLSA Announcement

pdftohtml: Vulnerabilities in included Xpdf

pdftohtml includes vulnerable Xpdf code to handle PDF files, making it vulnerable to execution of arbitrary code upon converting a malicious PDF file.

For more information, please see the GLSA Announcement

ProZilla: Multiple vulnerabilities

ProZilla contains several buffer overflow vulnerabilities that can be exploited by a malicious server to execute arbitrary code with the rights of the user running ProZilla.

For more information, please see the GLSA Announcement

phpBB: Remote command execution

phpBB contains a vulnerability which allows a remote attacker to execute arbitrary commands with the rights of the web server user.

For more information, please see the GLSA Announcement

TWiki: Arbitrary command execution

A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki.

For more information, please see the GLSA Announcement

Cyrus IMAP Server: Multiple remote vulnerabilities

The Cyrus IMAP Server contains multiple vulnerabilities which could lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

phpWebSite: HTTP response splitting vulnerability

phpWebSite is vulnerable to possible HTTP response splitting attacks.

For more information, please see the GLSA Announcement

phpMyAdmin: Multiple XSS vulnerabilities

phpMyAdmin is vulnerable to cross-site scripting attacks.

For more information, please see the GLSA Announcement

4.  Heard in the community

Web forums

The udderly mysterious Larry the Cow

In preparation for the Italian G-Day (see our article in the GWN two weeks ago), Peach has designed a few posters, and thought he'd share his artwork with the community. Note that "If it moves, compile it" doesn't become the official motto for Gentoo Linux just by repetition...

gentoo-user

Gentoo on low end systems

Gentoo is primarily installed on modern hardware because it demands CPU power when doing most Portage operations. However, Gentoo's "only what you need" approach is great for systems that only need a select set of services running, or machines with meager hardware available. Check out this quick thread for a few tips if you're planning on installing Gentoo on an aging machine.

Copying kernel config files

Here's a quick tip that we've mentioned before; but can be such a time saver that it is worth bringing up every so often. When upgrading Linux kernels, use the command stated in this thread to carry over the settings from your previous kernel version.

Thanksgiving shopping tips

For our readers in the U.S., what kind of holiday week would it be without mentioning shopping the day after Thanksgiving? This sprawling thread covered just about every old tip and advice in the book. A bit off topic, but right on time. Enjoy!

gentoo-dev

Thanksgiving thanks given

With Thanksgiving just over and Christmas approaching, both users and developers have expressed their gratitude for Gentoo's existence. In the first thread, Christian Hoenig expresses his gratitude for being able to run Gentoo for two years without reinstall, and just a few hours before, Jeremy Huddleston was all warm and mushy inside after eating his Thanksgiving turkey, and just felt like writing a happy "thank you all!"

Beeping nuisance

Roman Gaufman writes: "Someone was bound to complain. I set xorg to emerge and go to sleep. I fall asleep and it starts beeping! GRR! Doesnt it bother anyone? -- under no circumstances do I want beeping." This common "bug" has already been taken care of, but the documentation for EBEEP_IGNORE is not yet publically available. Check the thread to see how you can silence Portage if you have to!

5.  Gentoo International

Turkey: New Gentoo website, GWN mailing list

Gentoo Türkiye, the Turkish Gentoo User Group, has announced their soon-to-be website, still very much under construction at the time of this writing. According to admin Bahadır Kandemir (who is doubling as lead GWN translator for Turkish), the team running the site is working on their own XML content management system, and will go live as soon as possible. More importantly, the revived Turkish GWN version can now be subscribed to, via a brandnew mailing list "bulten@gentoo-tr.org" (bulten = newsletter), operational only since last week. If you would like to receive the Turkish GWN regularly (with a delay of just a few hours compared to the English original), send an empty mail to bulten-subscribe@gentoo-tr.org. Interestingly enough, Gentoo Türkiye's website and mailing list are sponsored by a Moscow-based hosting company, IQChoice.com. In case you'd like to support their efforts, come and meet the Turkish Gentoo user community where they usually hang out: in the #turklug channel on irc.freenode.net.

Poland: Bialystok EVDT conference

Last Saturday, 20 November 2004, a group of open-source amateurs using the colorful label "Electric Vodka Developer Team" (EVDT) held a conference on "Alternative platforms and operating systems" in their home town Bialystok, an all-day event hosted at the local Technical University. Papers on the history of operating systems, on cluster, embedded, and real time systems, and about the differences between x86 and PowerPC architectures were being presented to about 80 participants. The PPC side was further explored in talks about the Altivec units in PowerPC G4 processors and how to make use of them with the help of gcc, and in a closing presentation about the PegasosPPC platform (see above) and its native MorphOS system. Between the sessions and after the last one had finished, visitors were able to see and touch some live hardware and software. There were PowerPC (G3 and G4) with MorphOS on display, and x86 desktops with QNX, Slackware, Debian, and of course Gentoo Linux installed. Everyone was free to check the differences between several Linux flairs, alternative operating systems, and assorted hardware. Some photos and a longer report from the event are available here (polish only).


Figure 5.1: Power of diversity: alternative platforms on display at the conference

Fig. 1: EVDT conference

Germany: Bowling for Gänsebein

The notorious Ruhr region Gentooists are meeting on 10 December for a friendly Christmas dinner party at the equally notorious Gasthof Harlos in Oberhausen. The menu is still being discussed, available options include Gänsekeulen (goose legs) and Rinderrouladen (beef rolls). After dinner the attendants and their ample supply of Glühwein (German mulled wine) will retreat to the bowling alley. If you intend to join them, post to this forum thread.

6.  Gentoo in the press

ZDNet UK (25 November 2004)

In her article published shortly after Gentoo Linux 2004.3 was made available to the public, Ingrid Marson from ZDNet UK already reports about the preparations for Gentoo's next release, 2005.0, due in February next year. The article is mostly based on an interview with Gentoo release engineer Chris Gianelloni and points out a graphical installation and the planned ability to run Gentoo Linux completely off the LiveCD.

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 14 November 2004 and 28 November 2004, activity on the site has resulted in:

  • 1563 new bugs during this period
  • 847 bugs closed or resolved during this period
  • 47 previously closed bugs were reopened this period

Of the 7645 currently open bugs: 135 are labeled 'blocker', 248 are labeled 'critical', and 562 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  Tips and Tricks

Portage GUIs

Larry the Cow became just a bit frustrated with Portage and its textual frontend. There used to be the legendary KPortage to sooth his craving for a graphical user interface, but its development stalled, and it vanished from the Portage tree a long time ago.

Then Larry tried guitoo and porthole. He was impressed. He found two up-to-date Portage frontends with ongoing development. All of a sudden, Larry the Cow was in control. And he liked it.

First off, Guitoo is a KDE application offering most functions of Portage, such as views of installed and generally available packages. It helps you keep your system up to date, lets you view logs and keeps its own queue for the installation of multiple packages. Very interesting and rather more advanced than its predecessor KPortage it's equipped with a systemtray ("kicker") application called Gentoo Watcher, which is pulling in rss feeds from the Gentoo website, raking in all available information on the latest packages and the Gentoo Linux Security Advisories (GLSA). Using the watcher, pending security updates are just one click away as they can be pushed to Guitoo for emerging.

Code Listing 8.1: Emerge Guitoo

# echo "app-portage/guitoo ~x86" >> /etc/portage/package.keywords (if necessary)
# emerge guitoo

And then there's Porthole. GTK+-2 rather than Qt-based, it gives you control over the basic Portage features, i.e. emerge, unmerge, sync and update. While guitoo only gets the output of emerge --pretend to show you the dependencies a package has, porthole can show you directly which dependencies are met and which are not.

Code Listing 8.2: Emerge Porthole

# echo "app-portage/porthole ~x86" >> /etc/portage/package.keywords (if necessary)
# emerge porthole

Larry, being happy about having the tools in the first place, is rather indifferent at this point as to which one is preferrable. He suggests you try both, and decide for yourself. Choice to the user.


Figure 8.1: Screenshots of Porthole (left) and Guitoo (right, including the watcher)

Fig. 1: Guitoo and Porthole

9.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Micheal Marineau (marineam) - Kernel patches

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN feedback

Please send us your feedback and help make the GWN better.

12.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

13.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 29 November 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 29 November 2004.

Ulrich Plate
Editor

Rafał Ciszyński
Author

Brian Downey
Author

Daniel Drake
Author

Michael Imhof
Author

Patrick Lauer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.