Gentoo Logo

Gentoo Weekly Newsletter: June 13th, 2005

Content:

1.  Gentoo News

New PegasosPPC Open Desktop Workstations with Gentoo preinstalled


Figure 1.1: New design, performance boost, Gentoo inside: The new Open Desktop Workstation

Fig. 1: ODW

Back in January we reported on Genesi's PegasosPPC, the PowerPC-based platform marketed as the "Open Desktop Workstation" (ODW) -- and being sold with Gentoo preinstalled. In order to better match Apple's Mac Mini the Open Desktop Workstation has just received a face lift, not only in case design but also in terms of hardware inside, and at a lower price than before. The ODW now sports twice the RAM, double the storage space of the previous model, and it includes a dual-layer DVD±RW drive, all for 799 USD (650 EUR). For each unit sold via Gentoo's vendors page, 50 USD is donated to the Gentoo Foundation.

With Apple turning their back on a growing community of PowerPC users, Genesi and IBM remain committed to selling affordable, high-quality PowerPC machines for desktop and server use.

  • Pegasos II with 1GHz G4 processor
  • 512MB DDR RAM
  • 80GB Hard Disk
  • Dual-Layer DVD±RW Drive
  • ATI Radeon 9250 graphics
  • Low Profile Small Footprint Case - Tower or Desktop Orientation

The system comes with one AGP slot, in use by the Radeon 9250, and three PCI slots. The CPU-card is replaceable and CPU-upgrades will be made available at a later date.

A few of the new ODWs have found their way to Gentoo developers already, with one machine donated to Oregon State University currently being used by the Hardened Gentoo team, and yet another donated mainboard assembled to serve by Corey Shields. A second board is scheduled to be put in a crystal case and displayed at the Gentoo booth in San Francisco at the Linux World Expo in August. Another of the double RAM, double HDD space machines went to PPC developer Joseph Jezak, bringing the total number of donated Genesi ODWs of both generations that have been brought to use in Gentoo development to almost twenty.

New Gentoo/MIPS SGI LiveCD

The first iteration of the SGI LiveCD worked only on a few assorted systems. Several months down the line, Joshua Kinard now has the pleasure of announcing a new one that not only supports most SGI hardware available, but also autodetects what system and CPU is present, loads the right kernel and passes every parameter needed to get your Indy, Indigo2, Octane or O2 booted successfully.

While still being labeled experimental, the new CD benefits from the awesome new bootloader for SGI systems called ARCLoad, developed by Stanislaw Skowronek, replacing the older arcboot. ARCLoad itself will be made available in Portage soon those wanting to boot directly off their hard disks. The compressed LiveCD image is slim enough to fit in 15MB of Kumba's devspace where it's available for download along with instructions for the different types of SGI machines.

GuideXML editor released

Christian Hartmann (ian!) has released a new version of his Perl-driven WYSIWIG editor for Gentoo's documentation, gendocedit. Originally written to help ease the process of translating documents from English to other languages, the current version is able to output clean GuideXML that's fit for inclusion on the Gentoo website. Since accurate, up-to-date documentation is one of the most valuable assets for the Gentoo project, a tool that helps authoring it is a welcome addition by anyone's standard. Speaking of documentation, a user manual for gendocedit isn't available yet, but it's pretty much self-explanatory, and is entirely governed by a GPL2 license, free for anyone to mend and bend and make better in the process. Downloads for version 0.4 can be made from ian!'s own website. Currently not for the faint at heart yet, since dependencies require highly unstable environments, including a package-masked MySQL version.

2.  Developer of the week

"Gentoo is LinuxFromScratch on acid" -- Michael Cummings


Figure 2.1: Michael Cummings aka mcummings

Fig. 1: mcummings

This week's victim for the featured developer column is Michael Cummings, a self-proclaimed prankster and Gentoo Perl Monkey. The latter has him hacking all things Perl (especially the package splits in perl-*), the former mostly making fun of users in ways that don't offend them. He's had quite some competition for that role lately, so Michael has to do more Perl work to compensate for that.

Like most other devs Michael got pulled in through fixing a few bugs and trying to help with things that were not working as planned - Gentoo is his first open-source project. Some of the things that came from working on Perl are "bugger" (a command-line bugzilla tool) and g-cpan, a Perl module managment tool for Gentoo.

In real life Michael graduated in 97 from Virginia Tech with a degree in Political Science (with a minor in Philosophy), from where he got to his job of "web application administration, installation, troubleshooting, securing, fixing breaking" for an undisclosed employer. Surprisingly he uses Perl a lot, but after a long time of using blackbox he has recently changed to KDE 3.4 because the integration of applications is just right for him. Unsurprisingly his main computer is a run-of-the-mill Pentium4 box, and there's also a SPARC machine doing a few things.

Outside of Gentoo his greatest hobby is his family: a wife, two daughters and a dog. They live in the US-state of Virginia, on the "south side" of Fredericksburg. His work is about 45 minutes to an hour away, meaning he gets up, drives for a long time, slacks and works a bit, drives back and plays with the kids. That doesn't leave very much time, but the progress in Perl he's made for Gentoo is still more than respectable. His choice of favourite quotes shows a high degree of reliability, too: "If the apocalypse comes, page me," as Buffy the vampire slayer puts it.

3.  Heard in the community

Web forums

Having fun with automation

Bekker, a new user on the Gentoo Forums, saw a Ubuntu feature he liked and tried to reproduce the experience in Gentoo: on insertion of a memory stick an icon appears on the desktop, without even mounting it. One way to get this to work is with udev, d-bus, HAL and gnome-volume-manager, says the friendly helper crowd. The thread is in Dutch, but setting this up is quite easy, and documentation exists in many other places.

gentoo-dev

Minimal perl install

Michael Cummings tells of a reduced-size Perl base package. It's experimental right now and doesn't play nice with the rest of perl, but at 930k (instead of 12300) it might be a nice alternative for LiveCDs and other constrained areas of Gentoo.

Where goes Gentoo?

Aron Griffis starts a really long thread about where Gentoo is today, where it might go in the future and all the other questions that pop up in Gentooland. Parts of it might be inflammatory, but it's a recurring theme that never got fully answered in previous discussions.

ekeyword and ordering

In the past the policy on keyword ordering in ebuilds was never fully agreed on and formalized. So while at one point the keywords were added in chronological order, others were added in alphabetical order. What happens when those two ideas clash is this amazingly long thread that elaborates all advantages and disadvantages that could arise from a change in policy.

4.  Gentoo International

Brazil: 6° Fórum Internacional Software Livre

As happened last year, the Brazilian Gentooists held a meeting during the 6th edition of International Free Software Forum, in Porto Alegre, south of Brazil. Thanks to their big banner, the Gentooists' booth could be easily indentified in the middle of the crowd thus making it easy for the visitors to come and get support, installation CDs and chat with the local Gentoo community.


Figure 4.1: Brazilian Gentooists mounting the booth at FISL

Fig. 1: FISL

Note: Left to right: Gustavo R. Piske (AngusYoung), Diego R. Grein (AngrA), Vanessa Sabino (Bani), Wagner Martins (Chatoo), Eric Raymond, Luiz Agostinho (fl0cker) and Santos (santos). Photo credit: Vanessa Sabino

5.  Gentoo in the press

Linux Magazine Brazilian Edition (June 2005)

The Brazilian edition of Linux Magazine has an i686 Gentoo Linux 2005.0 installation CD (with stages) in its brandnew June issue. Not only that, but they also provide a step-by-step stage1 installation tutorial written by Marcelo V. Lima and William Ferraz.

PC Magazin (8 June 2005)

In an interview with the German general interest computing magazine PC Magazin, former Debian project leader Martin Michlmayer speaks out about the reasons for the longish Sarge delay, the relationship with Ubuntu, and other things over at Debian that could use some refurbishing. "Gentoo has a number of good ideas," acknowledges the Debian veteran of ten years, "For example the easy adaptation of configuration variables to the user's needs will hopefully find their way into Debian, too."

Linuxfr.org (8 June 2005)

The French Linux site posted an announcement for a reverse proxy based on Apache and mod_perl called "VultureNG", mentioning that it's already in Portage. The proxy integrates authentication at remote sites and makes them available to various applications.

Process of Elimination (4 June 2005)

Matt T. Proud shares a few of his KDE 3.5 observations, including plenty of screenshots. For the purpose of checking out the new features in the upcoming version of KDE, he built it from the latest subversion snapshots on a "Gentoo stable" host.

6.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Shyam Mani (fox2mike) - Documentation
  • Chris Hotchkiss (chotchki) - Installer project

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

7.  Gentoo security

Mailutils: SQL Injection

GNU Mailutils is vulnerable to SQL command injection attacks.

For more information, please see the GLSA Announcement

Dzip: Directory traversal vulnerability

Dzip is vulnerable to a directory traversal attack.

For more information, please see the GLSA Announcement

Wordpress: Multiple vulnerabilities

Wordpress contains SQL injection and XSS vulnerabilities.

For more information, please see the GLSA Announcement

SilverCity: Insecure file permissions

Executable files with insecure permissions can be modified causing an unsuspecting user to run arbitrary code.

For more information, please see the GLSA Announcement

libextractor: Multiple overflow vulnerabilities

libextractor is affected by several overflow vulnerabilities in the PDF, Real and PNG extractors, making it vulnerable to execution of arbitrary code.

For more information, please see the GLSA Announcement

Ettercap: Format string vulnerability

A format string vulnerability in Ettercap could allow a remote attacker to execute arbitrary code.

For more information, please see the GLSA Announcement

GNU shtool, ocaml-mysql: Insecure temporary file creation

GNU shtool and ocaml-mysql are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

gedit: Format string vulnerability

gedit suffers from a format string vulnerability that could allow arbitrary code execution.

For more information, please see the GLSA Announcement

LutelWall: Insecure temporary file creation

LutelWall is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Gaim: Denial of Service vulnerabilities

Gaim contains two remote Denial of Service vulnerabilities.

For more information, please see the GLSA Announcement

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 05 June 2005 and 12 June 2005, activity on the site has resulted in:

  • 746 new bugs during this period
  • 437 bugs closed or resolved during this period
  • 28 previously closed bugs were reopened this period

Of the 8435 currently open bugs: 86 are labeled 'blocker', 214 are labeled 'critical', and 599 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  GWN feedback

Please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated June 13, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 13 June 2005.

Ulrich Plate
Editor

David Holm
Author

Patrick Lauer
Author

Otavio R. Piske
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.