Gentoo Logo

Gentoo Weekly Newsletter: March 28th, 2005

Content:

1.  Gentoo News

Gentoo 2005.0 released

Gentoo Linux is proud to bring you the long awaited Gentoo Linux 2005.0 release!

This release has had a few setbacks including a complete security rebuild, but with the help of the many teams within the Gentoo developer community, we believe that this release will be one of the best that we have ever had.

This release includes new installation media from Alpha, AMD64, PPC, PPC64, SPARC, and x86 and includes stages for IA64 and SPARC32. Please check out our mirrors to find the closest one to you. As with 2004.3, you will be able to download optimized PackageCD images for x86 and PPC via our bittorrent server, and also our "unofficial" secondary bittorrent server, provided by Friends of Gentoo e.V. in Germany.

Donations to Gentoo via Paypal

The Gentoo Foundation is pleased to announce the return of the Paypal donation link on the www.gentoo.org pages. This link allows you to donate any amount you wish directly to the Foundation. One of the responsabilities of the Foundation is to handle the financial needs of Gentoo and to help fund the further development of Gentoo Linux. More information about funding needs can be found at the Gentoo website.

The most immediate funding need that the Foundation has is to raise the 500 USD opening balance for the Foundation's bank account (and this will remain in the account as the minimum balance). We challenge users and organizations to donate if they can, even the smallest amount counts! Thank you for your continued support of Gentoo Linux!

Gentoo Bugzilla now supports SSL

As of 24 March 2005, Gentoo's Bugzilla now supports SSL for encrypted communications. This will help people who reside in highly unprotected networks (such as a university or an unencrypted wireless connection) and want to have a more secure connection to our Bugzilla. Authentication and bug submission can now be done securely, without threat of your password being sniffed or patch data being altered while in transit. Happy bug fixing!

2.  Developer of the week

"Gentoo represents choice and freedom for every user to build their computing environment to their individual needs, by giving them the tools to do it." -- Marcus D. Hanwell (cryos)


Figure 2.1: Marcus D. Hanwell aka cryos

Fig. 1: cryos

This weeks featured developer is Marcus D. Hanwell, aka cryos. He is a PhD student at the University of Sheffield, studying "the structure of metal-organic nanosystems and their sensing applications", as he puts it. He also runs a small IT consultancy firm specialized in deploying Gentoo-based solutions for local businesses.

Initially recruited for work with the science herd, he now also supports the AMD64 herd since his work and home systems are AMD64-based. Further interests include, but are not limited to, the www-proxy herd and web apps in general. "I would like to see Gentoo recognised as the best platform for scientific applications," states Marcus who works a lot on getting new scientific applications into Gentoo - concentrated in the areas of physics, mathematics and analysis packages/language extensions. Gentoo is his first real open-source project, but he has used Linux since the stone age (which translates roughly to 1996). The motivation to work on Gentoo came from it being his favourite distribution.

His favourite tools are Thunderbird, Firefox, kdevelop, vim and gvim, kvirc, irssi, kopete, povray, gimp, screen, konsole and amarok, proving that the K*/G* split in Gentooland is not absolute. His main machine is, of course, an Athlon64 3200+, featuring lots of goodies: 1GB Corsair LL RAM, NEC DVD writer, nVidia GeForce FX5900XT 128MB graphics, Creative Audigy 2 sound, Dolby 5.1 speakers and two 17" LG TFT screens using nVidia TwinView. His desktop environment of choice is KDE (especially 3.4), and on booting up he usually starts konsole or Thunderbird first. kvirc fills his need for an IRC client.

When he isn't glued to his computers he takes his German shepherd for walks and does some amateur photography with the cameras he owns. He has an extensive life away from computers, much of it devoted to his fiancee (which he intends to marry in July). But other activities are becoming rare since working on Gentoo is so much fun... He enjoyed meeting other developers at the FOSDEM Gentoo developer conference in February and the UK conference in March very much. His motto is borrowed from Albert Einstein: "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe."

3.  Heard in the community

Web forums

Forkbombing Gentoo

An article on SecurityFocus (see Gentoo in the press section) triggered a heated debate about the sanity of setting ulimit by default. Common sense dictates that system administrators have to take care of this themselves, but many people point to the broad base of non-professional Gentoo users for reasons why setting a "safe" limit to the number of processes in a user shell may be a good idea. Check the companion bug report for developer opinions, and the Gentoo documentation on tightening security.

gentoo-dev

alternative tree sync methods?

From a Forum thread comes an idea for an optimized sync method that might fill the void between rsync (which many firewalls filter) and webrsync (one huge tarball, no easy updating, not updated that often).

GLEP 34 implemented

Ciaran McCreesh informs us that GLEP 34 (category metadata) has been implemented. This gives users some more metadata to search, and it can even be done in multiple languages!

glibc update problems

Among the most difficult problems in Gentoo are toolchain bugs. If your compiler doesn't work, you can't update. Not as bad, but still very annoying are problems like this one: "When trying to upgrade my glibc [...] it does nothing but [an] infinite loop." If you find such bugs, please don't post to the mailinglists, bugs.gentoo.org is a much better place for that. But we appreciate precise bugreports that allow us to track down the problem and give you a better Gentoo experience!

4.  Gentoo International

Japan: Open Source Conference 2005

We had more than 30 participants, from Linux newbies to Gentoo users, at the Gentoo Installfest event on the second day of the Open Source Conference at Tokyo's Japan Electronics College in Okubo. Starting with a short explanation of the latest Gentoo release, Mamoru Komachi introduced the power of distributed computing: distcc bootstrapping. With distccd as build helpers, it was expected that at least some of the 15 machines in the room -- rather than none, as it turned out -- would be Gentooified within the two hours of the session. Despite the result, people enjoyed this exotic installation procedure. After the session, GentooJP members and a few participants had lunch together, discussing some new GentooJP projects.

For Usata, this event was the last one in Tokyo: He is moving to the Kansai area to attend Graduate School. We appreciated his contribution, thanks and good luck, Usata!


Figure 4.1: GentooJP installfest at the Japan Electronics College in Tokyo

Fig. 1: GentooJP

5.  Gentoo in the press

SecurityFocus (16 March 2005)

Author Jason Miller produces a "deer-in-headlight look" on his own face by running a forkbomb script on his own Mandrake desktop, then goes on to have his friends spawn enough processes to crash their Gentoo and RedHat installations. Amid displays of happiness about his BSD machines and Debian not faltering under the DoS attacks his script triggers, his article doesn't quite explain what default ulimit settings and kernel security have to do with each other, but has collected a fairly large number of comments questioning the method or asking for additional information, and even more active are the discussions Miller's article triggered on the Gentoo Forums and Bugzilla.

Linux Journal (24 March 2005)

Dovid Kopel, a Gentoo user and Forum regular, has written a detailed howto for synchronizing the Treo 650 smartphone via Bluetooth, using a Gentoo Linux desktop. His article describes the necessary modifications to the kernel configuration in order to access the USB bluetooth adapter he uses, installation and configuration of packages, and using the phone to hotsync applications like calenders and addresses, but also to connect the Linux host to the Internet via bridged networking through the Palm OS 5 device!

Software Design (Issue 4/2005)

Gentoo developer and PPC strategic lead Pieter Van den Abeele gave an interview in a Japanese magazine, Software Design, with his answers embedded in this month's cover story about the business ramifications of OpenSolaris and its relation to Linux. The article, titled "Solaris Perfect Guide 2005", is not available online, but copies of the magazine's April issue can be bought at newsstands in Japan.

6.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Christian Hartmann

Adds

The following developers recently joined the Gentoo Linux team:

  • Marcelo Góes (vanquirius) - netmon, crypto, Brazilian translations
  • John N. Laliberte (allanonjl) - Installer team, GLSR, libconf
  • Luis F. Araujo (araujo) - Haskell
  • Zaheer Abbas Merali (zaheerm) - gstreamer

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Danny van Dyk (kugelfang) - Release coordinator for the AMD64 project
  • Lars Weiler (pylon) - PPC release coordinator

7.  Gentoo security

Xzabite dyndnsupdate: Multiple vulnerabilities

Xzabite's dyndnsupdate software suffers from multiple vulnerabilities, potentially resulting in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Sun Java: Web Start argument injection vulnerability

Java Web Start JNLP files can be abused to evade sandbox restriction and execute arbitrary code.

For more information, please see the GLSA Announcement

GnuPG: OpenPGP protocol attack

Automated systems using GnuPG may leak plaintext portions of an encrypted message.

For more information, please see the GLSA Announcement

Mozilla Suite: Multiple vulnerabilities

The Mozilla Suite is vulnerable to multiple issues ranging from the remote execution of arbitrary code to various issues allowing to trick the user into trusting fake web sites or interacting with privileged content.

For more information, please see the GLSA Announcement

Mozilla Firefox: Multiple vulnerabilities

Mozilla Firefox 1.0.2 fixes new security vulnerabilities, including the remote execution of arbitrary code through malicious GIF images or sidebars.

For more information, please see the GLSA Announcement

Mozilla Thunderbird: Multiple vulnerabilities

Mozilla Thunderbird is vulnerable to multiple issues, including the remote execution of arbitrary code through malicious GIF images.

For more information, please see the GLSA Announcement

IPsec-Tools: racoon Denial of Service

IPsec-Tools' racoon is affected by a remote Denial of Service vulnerability.

For more information, please see the GLSA Announcement

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 March 2005 and 27 March 2005, activity on the site has resulted in:

  • 853 new bugs during this period
  • 544 bugs closed or resolved during this period
  • 19 previously closed bugs were reopened this period

Of the 8307 currently open bugs: 98 are labeled 'blocker', 222 are labeled 'critical', and 625 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated March 28, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 28 March 2005.

Ulrich Plate
Editor

Lance Albertson
Author

Chris Gianelloni
Author

Patrick Lauer
Author

Tomoyuki Sakurai
Author

Corey Shields
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.