Gentoo Weekly Newsletter: December 6, 2004

1. Gentoo News

Gentoo Developer Meeting at 21C3, 27 to 29 December 2004

The 21st Chaos Communication Congress (21C3) is a three-day conference on technology, society and utopia. Traditionally held in the German capital of Berlin between Christmas and New Year's Eve each year, the C3 offers lectures and workshops on information technology, IT security, Internet, and cryptography, and offers a generally critical and creative debate on technology and its effects on society.

Last year's 20C3 already had plenty of Gentoo developers and users attend the conference, leading to the announcement of an official Gentoo Developer Meeting to be held concurrently at this year's event. The Gentoo Dev Meeting is scheduled for 28 December (the second day of the conference) at 18:00 hours, the guestlist and the agenda are to be announced at the 21C3's public wiki for Gentoo. It will serve many purposes, ranging from a simple get-together for (mainly European) Gentoo developers, via exploring the possibilities for closer co-operation, improved direct communication and more synergies in the network, to improvements to the Gentoo project as a whole. We will define the state of the European Gentoo developer network, and how we can improve developer relations in that network, we will discuss ways to work together and help each other with our efforts in maintaining and developing the Gentoo distribution, now and in the future.

Besides the developer meeting, other Gentoo highlights at the 21c3 are not to be missed, either, one being the Hardened Gentoo presentation of Alexander Gabert on 28 December at 15:00, an introduction to the hardened toolchain, the PaX kernel, strong DAC/MAC control mechanisms and the project's thorough low-entry oriented user documentation, all-in-all providing "full scale" protection for a wide range of home to enterprise users. On the exhibition and activity floor of the conference, the traditional "hackcenter", a Gentoo table will be set up to meet, greet and play around with Gentoo Linux.

Getting to know each other, sharing experience and planning future activities are important goals of this meeting, but we do count on its being fun at the same time. Please contact Marc Hildebrand if you like to attend or wish to add to the agenda.

New Gentoo Linux 2004.3-r1 release announced

Following quickly on the footsteps of the highly successful 2004.3 release, the Release Engineering project has put out a maintenance release for some architectures. Supplying a maintenance release was open to all architectures, but only a few found it necessary to provide one. There are very few changes in the release media, and this only fixes a few bugs which kept some people from installing. The affected architectures and their respective changes are:

Alpha - New LiveCD with a correct aboot.conf, stages and livecd moved to /releases
AMD64 - New LiveCD with corrected Speakup support, pnpbios is turned off by default, and distfiles for dhcpcd, slocate, usbutils, and pciutils added to the Universal CD
HPPA - This CD adds lvm2 support to the LiveCD
x86 - Additions identical as for AMD64, and the x86 PackageCD was recompiled due to a missing glib dependency on kdegraphics

You can find the maintenance release media in the same location as the 2004.3 release media on your favorite Gentoo mirror.

UK Gentoo Developer Meeting Preannouncement

The UK-based Gentoo developers are pleased to announce that the Gentoo UK 2005 Conference will be held on Saturday 12th March 2005 at the University of Salford, with social events the night before and the night after. The theme for this year's Conference is "Success with Gentoo", and they will be running both a Speakers Programme and a Demonstration Programme. They're inviting developers and users alike who wish to take part in the programme to submit their proposals before 31st December 2004. For more details, see the Conference website

2. Future zone

Gentoo on a 256MB USB stick: Flash Linux

Note: Topics for this section may occasionally include projects that are not officially part of Gentoo, but affect it in one way or the other. This could be development in the wild that is is bound to end up being a Gentoo project in the future, or something that's inspired by and based on Gentoo, but heads off in a different direction all by itself. One of the latter is the topic for this week's column:

FlashLinux is a customized Linux variant designed to be run directly off a USB key or similar forms of bootable flash memory. Gareth Bult and his helpers have based their trimmed-to-fit binary distribution entirely on Gentoo Linux, with a special focus on Gnome 2.8, and the aim to to produce something that would encourage Windows users to give Linux a try. "The applications we included may not be a programmer's dream, but we're hoping they're what the average user is looking to get from a modern desktop system," says Gareth. Currently included are Evolution, XChat, Firefox, and a Ximian build of OpenOffice, along with many more.

The choice of Gentoo as the base for Flash Linux seemed obvious, even if generously overlooking the fact that its creator is a Gentoo user who has been running his web servers on Gentoo Linux for the past twelve months. "I was looking for something as nippy as possible, and the task was to fit a quart into a pint pot," he explains - implicitly leaving little to no alternatives to FlashLinux being based on Gentoo. Provided a (x86 or AMD64) computer's BIOS allows for booting off a USB stick in the first place, the FlashLinux key fires up a 2.6.7-gentoo-r14 kernel, autoconfig comes from the Knoppix tools and provides hardware detection, and mkxf86config does the X setup. There's a GRUB based choice of either LAN or dialup configurations, at two different screen resolutions each.

Figure 2.1: Windows-swatting penguin splashscreen: FlashLinux USB key booting

"Everybody knows the LAN setup works perfectly in the Gentoo LiveCDs, but we were surprised how well dialup is integrated, too," says Gareth Bult. While comments he received from early adopters show mostly awe that this fits onto a 256MB key - that even keeps 50MB of free space - the stick itself is where the developers identify a decisive factor. According to them, the choice of media is crucial for a usable configuration: "USB 1.0 keys only transfer data at 1Mbps and are unusable when it comes to FlashLinux. But even USB 2.0 keys do not really transfer data at 480Mbps, typical rates vary between 5 and 10Mbps." But even the more expensive recommendations in USB memory sticks are typically still within a 30 USD price range.

The FlashLinux creator has placed his work under the GPL, and hopes for outside help from people interested in different aspects, like making the USB sticks ADSL-ready, solving bootsplash issues with newer kernels, and other contributions or ideas that are most welcome. The contact address is hostmaster@encryptec.net.

3. Gentoo security

Open DC Hub: Remote code execution

Open DC Hub contains a buffer overflow that can be exploited to allow remote code execution.

For more information, please see the GLSA Announcement

Sun and Blackdown Java: Applet privilege escalation

The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.

For more information, please see the GLSA Announcement

rssh, scponly: Unrestricted command execution

rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.

For more information, please see the GLSA Announcement

4. Heard in the community

gentoo-user

udev or devfs

Systems running a 2.6 kernel now have the option of installing udev. One user notices some of the online Gentoo documentation still advises devfs and asks for suggestions on configuring udev.

new 2004.3 system - to devfs or not to devfs, that is the question

To opt or not to opt. That is the question!

A discussion regarding the location of the gentoo-rsync-mirror ebuild's install popped up this week. Why was it in /opt? Shouldn't it be in /usr? A series of (opinioned) answers came in, including some brief history of where /opt came from in the first place.

Local portage repository

Gentoo... Limiting?

One of the Gentoo provisions is that users have full control over their system. Is this true? One lister posed this question on the gentoo-user mailing list this week. It of course spawned a great discussion. The short of it is that Gentoo is as configurable as you want it to be, as long as you learn the tools in Portage fully.

Gentoo limitations

libperl rebuilder

After upgrading Perl packages one user asks how to update all the Perl modules.

Upgrading Perl Modules when Upgrading Perl

Best Digital Camera for Linux?

Nothing can be more frustrating than buying a shiny new computer toy, just to find out that it does not work with your favorite Linux distribution. With Christmas right around the corner; the gifts for geeks shopping season is ramping up into full gear. This thread has some tips for purchasing a digital camera that will work seamlessly with Gentoo--or any Linux for that matter!

Suggestions for a Digital Camera under Linux

5. Gentoo International

Italy: GentooDay report

"Macelli Comunali", the municipal slaughterhouse, sounds a bit strange for a meeting in the framework of the Italian LinuxDay, but the Gechi's contact in Prato, a nice little town near Florence, assured penguins of the Gentoo variety wouldn't run any danger: It's an old palace now, used as meeting spot and conference hall for many activities of non-profit organizations.

The place was cold, but the Gechi effectively heated it with their computers. Half an hour into the event, the distfiles and rsync mirror for people was set up, and the LAN was fully working for present Gentoo users to do a few happy emerges. Being curious about each other characterized much of the atmosphere in the morning, since it was the first meeting ever for many of the Gechis. While others continued to trickle in, Giulio Salani (zuglio) explained about his Vidalinux tests, and Matteo Pescarin (peach) showed his wonderful posters.

In the afternoon Giacomo Benvenuti (benve) did a ceremonial first download from the new experimental Italian Gentoo mirror in Bologna, and some people created a distcc LAN between their laptops.

Then it was time for the presentations, and the first was about Andrea Perotti's (deadhead) "Success stories of Gentoo in commercial companies". Unfortunately, Andrea had to fight the projector for an hour, and could only begin after that, leaving no time for Giovanni Ferri's (FonderiaDigitale)'s talk about the "Creation of a blackbox for securing your network environment" that was also planned for the afternoon slot. Giovanni's extraordinary presentation was finally held later that night, but ordinary visitors had all left by then, he only spoke to a nucleus of Gentoo activists, all well-fed with an intriguing local delicacy known as an F2 sandwich.

Figure 5.1: Gechi activists at the former abattoir of Prato

Note: Left to right: Cazzantoio, akiross, oRDeX, lavish, randomaze, nemesix2001, .:deadhead:., and sitting in front holding the magic penguin that never falls from the table: genGNUbbo

Austria: New AGLUG website

The former Vienna Gentoo Linux Users Group has grown steadily over the year, and now broadened its focus to encompass an all-Austrian support group. A new website has been set up that carries many new services, including a brand new Austrian Gentoo user forum, and an RSS feed for local news. Stammtisch-type regular meetings are being organized every month, with the next one to take place on 16 December. Check the event calendar for details.

Germany: Nürnberg meeting report

Karl Hansl reports from the first meeting in Nürnberg last week: "Local Gentoo users met and discussed typical Linux topics, such as which motorcycle brand was faster, Kawasaki or Honda, and had some off-topic chats about programming, too. Current experience tells us that GUGN participants come from all ranges of society, self-employed, students, IT interns, and professional sysadmins. We'll definitely meet again, on 5 January 2005, and hope that others can join us then."

6. Gentoo in the press

Linux Devices (3 December 2004)

Linux Devices extensively covers the Gentoo Embedded project this week, in an article about the "New kid on the embedded Linux block". The author links to the Gentoo Embedded web page, has friendly words for all developers involved, and even extends an official welcome to Gentoo Linux in the name of the Embedded community!

ZDNet UK update (3 December 2004)

Based on additional information by Gentoo release engineering lead Chris Gianelloni, the ZDNet editors have updated the article on upcoming releases of Gentoo Linux initially published last week. Details of experimental features planned, like the installer project and the option of running Gentoo Linux completely off the LiveCD, have been sorted out and are most accurately reflected in the current version.

7. Bugzilla

Summary

Statistics
Closed bug ranking
New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 28 November 2004 and 05 December 2004, activity on the site has resulted in:

717 new bugs during this period
458 bugs closed or resolved during this period
30 previously closed bugs were reopened this period

Of the 7619 currently open bugs: 130 are labeled 'blocker', 239 are labeled 'critical', and 560 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

Gentoo's Team for Core System packages, with 35 closed bugs
Gentoo KDE team, with 25 closed bugs
Gentoo Games, with 19 closed bugs
AMD64 Porting Team, with 18 closed bugs
Gentoo Linux Gnome Desktop Team, with 17 closed bugs
Daniel Black, with 17 closed bugs
Java team, with 16 closed bugs
Jeremy Huddleston, with 13 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

Java team, with 19 new bugs
AMD64 Porting Team, with 15 new bugs
Gentoo Linux Gnome Desktop Team, with 13 new bugs
Gentoo's Team for Core System packages, with 13 new bugs
Gentoo X-windows packagers, with 10 new bugs
SpanKY, with 10 new bugs
media-video herd, with 10 new bugs
Portage team, with 10 new bugs

8. Tips and Tricks

Revival of the Compose Key a.k.a. Multi_Key

Many users are on a keyboard layout which does not allow to type other characters than those printed on the keys. There are some workarounds with so-called "deadkeys" so that you can type characters with accents, but that does not enable you to type all characters in your locale.

On many Unix-machines you can find a "Compose Key" on the attached keyboard. With that special key you can "compose" the desired character. For instance, typing the sequence <compose> <"> <a> will result in the Umlaut ä. Or take <compose> </> <o> for a danish ø. With X it is no problem to declare any key as the Compose Key, or "Multi_Key" as it is called in the internal routines. Just remember that a keyboard sends only keycodes, and that it is unimportant which keycode represents a given character or special key.

To enable the Compose Key you have to alter your /etc/X11/xorg.conf. There are other ways, like using xmodmap, but the global configuration with the xorg.conf ensures that the Compose Key will be available to all users. I recommend the right "Windows Key" (just one of the two on your keyboard enabled should be enough):

Code Listing 8.1: Enable the Compose Key in the xorg.conf

# Your section in xorg.conf about the keyboard looks similar to this:
Section "InputDevice"
        Identifier      "Keyboard0"
        Driver          "kbd"
        Option          "XkbModel"      "pc104"
        Option          "XkbLayout"     "us"
        Option          "XkbOptions"    "compose:rwin"
EndSection

After you restart X, you should be able to type the characters in the example above. A complete list of available Compose Key characters with their description can be found in the file /usr/X11R6/lib/X11/locale/<your_character_enocding>/Compose.

9. Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

None this week

Adds

The following developers recently joined the Gentoo Linux team:

Joe McCann (joem) - Gnome development
Michael Stewart (vericgar) - Apache

Changes

The following developers recently changed roles within the Gentoo Linux project:

None this week

10. Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11. GWN feedback

Please send us your feedback and help make the GWN better.

12. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

13. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

Page updated 6 December 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 6 December 2004.

Ulrich Plate
Editor

Brian Downey
Author

Chris Gianelloni
Author

Stuart Herbert
Author

Marc Hildebrand
Author

Fabrizio Masia
Author

Emmet Wagle
Author

Lars Weiler
Author

Donate to support our development efforts.