Gentoo Weekly Newsletter: August 8th, 2005First alpha release of the Gentoo Installer Gentoo Installer Project lead Andrew Gaffney made an announcement this week about version 0.1 of GLI! This is a milestone in Gentoo's history as it was installer-free before and the user had to do every step manually with the help of the Gentoo Handbook. There will be an x86 LiveCD with the installer included in the /experimental branch on the mirrors. More information is available on the Installer Project's website. Tor network servers banned on the Forums The Tor Network is an anonymous Internet communication system that uses a distributed network of servers to bounce communications around. People were able to use tor to browse the Gentoo Forums until some malicious users started abusing the forums. As you might have already guessed, using tor hides your IP address, so it works similarly to a kind of anonymous posting. The gentoo forums staff, due to this abusive use of tor servers, has decided to ban all tor servers that have an exit policy allowing connections to forums.gentoo.org on ports 80 (HTTP) and/or 443 (HTTPS). We are concerned that our users might want to preserve their anonymity, however there doesn't seem to be a good technical or legitimate reason to use tor on the Gentoo Forums. In an effort to purge the abuse of the Tor Network generating the least problem to our users, only Tor servers with an exit to forums.gentoo.org on the ports above stated will be banned. If they have those exits removed, they'll automatically be unbanned. Please, notice that this process of retrieving the list of Tor servers is performed automatically and that it might take a while to have the ban-list synced. ”Gentoo is something you learn once and apply wherever you want… just port it there ;)“
This week's developer special is Diego Pettenò, better known as Flameeyes. He is one of the Gentoo/FreeBSD hackers and a media-video and sound bugfixer, so he usually does ebuild maintenance, patches for media apps and of course Gentoo/FreeBSD things in general. Diego lives somewhere near Venice, Italy, where he tries to study Computer Science at the Ca' Foscari university and does translations to pay for his studies. Before he got assimilated into the Gentoo collective he worked on a few small open-source projects, but as he said ”nothing that takes someone else“. Gentoo/BSD is the thing he is most proud of: ”When I joined in march it was an overlay over FreeBSD, now it can be considered a full distribution on its own, so it's the first time I can really see something actually usable where I worked on :)“ Obviously KDE is the best thing since sliced bread, so Diego uses it and only needs vim and ssh to be happy. The first thing that gets started is usually amaroK to wake up… but usually the computers just keep running 24/7. Diego uses an Athlon64 3500+, an iBook (with Gentoo/OSX) and an old Athlon-tbird headless for Gentoo/FreeBSD. When not in front of his computers (unlikely as that may appear) he is usually reading fantasy books or doing bricolage. Quote: ”I'd like to thank all the devs who allowed me to be here right now :)“ Food For Thought: Bugzilla Localization? Chris White starts a discussion whether bugzilla should be localized. This would be a great asset for non-English Gentoo users, but it would complicate bug management to the point where it seems unreasonable to implement it. Especially duplicate bugs and translation issues can't be managed sanely. Germany: Reminder for the national user meeting Just a quick reminder for the national user meeting in Wissen (Westerwald) next weekend. If you like camping and want to meet some other Gentoo users, this is the perfect event for you. This month's issue of the Redmondmag.com, ’The independent voice of the Microsoft IT community‘, features an article entitled ”Make Room for Linux Apps“. The author describes how a Windows user can run Linux application in Windows and describes his experiences with Gentoo in combination with coLinux. The ulimit and sysctl programs allow to limit system-wide resource use. This can help a lot in system administration, e.g. when a user starts too many processes and therefore makes the system unresponsive for other users.
All these settings can be manipulated. A good example is this bash forkbomb that forks as many processes as possible and can crash systems where no user limits are set:
Now this is not good - any user with shell access to your box could take it down. But if that user can only start 30 processes the damage will be minimal. So let's set a process limit:
If you try to run the forkbomb now it should run, but throw error messages "fork: resource temporarily unavailable". This means that your system has not allowed the forkbomb to start more processes. The other options of ulimit can help with similar problems, but you should be careful that you don't lock yourself out - setting data seg size too small will even prevent bash from starting! sysctl is a similar tool: It allows to configure kernel parameters at runtime. If you wish to keep settings persistent across reboots you should edit /etc/sysctl.conf - be aware that wrong settings may break things in unforeseen ways.
The list of variables is quite long (367 lines on my system), but I picked out vm.swappiness here. It controls how aggressive swapping will be, the higher it is (with a maximum of 100) the more swap will be used. This can affect performance a lot on systems with little memory, depending on load and other factors.
The effects of changing this setting are usually not felt instantly. But you can change many settings, especially network-related, this way. For servers this can offer a nice performance boost, but as with ulimit careless usage might cause your system to misbehave or slow down. If you don't know what a variable controls, you should not modify it! The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Compress::Zlib: Buffer overflow Compress::Zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code. For more information, please see the GLSA Announcement ProFTPD: Format string vulnerabilities Under specific circumstances, ProFTPD is vulnerable to format string vulnerabilities, potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement nbSMTP: Format string vulnerability nbSMTP is vulnerable to a format string vulnerability which may result in remote execution of arbitrary code. For more information, please see the GLSA Announcement Netpbm: Arbitrary code execution in pstopnm The pstopnm utility, part of the Netpbm tools, contains a vulnerability which can potentially result in the execution of arbitrary code. For more information, please see the GLSA Announcement Heartbeat: Insecure temporary file creation Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 July 2005 and 06 August 2005, activity on the site has resulted in:
Of the 8042 currently open bugs: 107 are labeled 'blocker', 200 are labeled 'critical', and 539 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 11. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
