Figure 1.1: Left to right: James Le Cuirot (chewi) and developers strerror, plasmaroo, tomk, peitholm and cryos
The new Gnome 2.12 will be moved into unstable (~arch) this week. An upgrade guide is available with step-by-step instructions for Gentoo users who'd like to update. If you experience any issues, please search the Gentoo bugzilla, wander into #gentoo-desktop on irc.freenode.net, or file a new bug. Changes to specific packages are shown in the upgrade guide.
Unstable KDE users are also affected by this change. If a KDE user upgrades hal/dbus/pmount then kde-base/kdebase-kioslaves will need to be recompiled afterwards.
Gentoo at the Linux World Expo London
Last weekend was the time for the annual Linux World Expo in London. This year Gentoo was represented by several developers, including Tim Yamin, Marcus Hanwell, Benjamin Smee, Tom Knight, Colin Morey, Tom Martin and Herbie Hopkins. Also present at the booth were Gentoo developers Rob Holland and Andrea Barisani, who had just launched their new company, Inverse Path Ltd., merely two days before the LWE opened its gates. Their brandnew venture - besides co-sponsoring the Gentoo booth - provides professional Gentoo support to corporate customers.
Figure 1.1: Left to right: James Le Cuirot (chewi) and developers strerror, plasmaroo, tomk, peitholm and cryos |
|
The booth was fairly busy throughout the show, but the lack of internet access made it difficult to show the whole range of benefits Gentoo has. The decision to burn LiveCDs on demand worked out really nicely, as x86 LiveCDs could be stock-piled and handed out as and when necessary, and amd64 or PPC media were burnt on demand whenever people needed them. Thanks to Computashop on Tottenham Court Road for donating plenty of blank CDs and printed labels for them!.
Figure 1.2: Tigger (left) and peitholm receive the Linux Format Awards from Nick Veitch (right) |
 |
Editor Nick Veitch from Linux Format, the UK Linux magazine, came to the booth to hand over the awards that the Gentoo project had won in March this year, in two categories, best support forum and best distribution. Outside the Gentoo booth the LWE had its moments, too: Gentoo Forums veteran and GWN author George Prowse managed to show ReactOS to two head people at the Novell booth. They found the open-source clone of a Windows NT environment impressing enough to send their team over to talk with its founder and discuss the legality of the project. Other highlights included the free discussions (attended also by Microsoft), appearances by Mark Cox and Alan Cox from Red Hat, and by Mark Spencer from Digium. But as always, the main highlight for everyone was the chance to meet up with the other developers and the users they're in contact with every day.
To top off what was a great show, Digium president and Asterisk creator Mark Spencer treated the entire Gentoo booth staff to drinks, food and talk about the future of open-source technology and Linux at a Sushi restaurant in Kensington. More photos from the expo, the after-show event, and other motives can be found at Marcus Hanwell's gallery.
CFLAGS for various Athlons
Forum user dannysauer asks about the various optimizations that can be found in the various Athlon chips from AMD. There seemed to be some confusion over what was best with Thunderbird, XP and MP models all having differentiating attributes.
Grub and Reiser4
Version 4 of the Reiser filesystem gets tested by more and more people. Some want to use it everywhere, including the boot partition - but for that to work the bootloader needs to understand the filesystem. Patches for grub do exist, but reiser4 is not officially supported - should GRUB be patched or not?
Interactive emerge
Every now and then a "bad" ebuild exists that is interactive, asking the user for some input. This thread discusses why that is in most if not all circumstances not acceptable - imagine starting an "emerge -uD world" only to come back an hour later to find an ebuild asking you "do you really want to install me?" instead of just doing what it's been told...
Gentoo classes?
As an idea to help Gentoo power users learn specific tools and concepts a user suggests to have "Gentoo Classes" - focused IRC discussions with a set timetable, supervised by someone with a reasonably good knowledge of the subject. While not without its faults this could turn out to be a nice experiment, with one criticism being that well-written documentation might be better than an IRC logfile.
Germany: Gentoo User Meeting in Oberhausen
4 November is the date for the next GUM at Gasthof Harlos in Oberhausen, the town in Germany's Ruhr region where a whole nucleus of Gentoo developers happen to live. On the agenda next month, among other things are: preparations for the November developer conference at Kransberg castle, and an introductory presentation of the "Capture the flag" contest (CTF) to be followed by some practicing and a test bout right then and there. The meeting - Oberhausen GUMs are monthly events, on every first Friday of a month - will start around 18:00, please reserve a seat and - if need be - your Schnitzelplatte in advance.
Local CBS affiliate TV station WAGM has a regular news segment called "Sci Tech Flash", produced by Samantha Hensell and scheduled each Thursday at 18:00. Last week WAGM-TV broadcast an interview with Michael Surran, computer science teacher and network administrator at the Greater Houlton Christian Academy, a private kindergarten-to-twelfth grade school in Houlton, a U.S. border-town to Canada. The 2:41 minutes spot covers the principles of steering a computer lab that's entirely Gentoo-driven: distributed compilation across all workstations, fast deployment, easy administration. And Surran does an excellent job of explaining in simple terms what source-based distributions are about. A thread in the Gentoo forums keeps an updated list of mirror sites for the recording, in different formats to meet all possible codecs and bandwidth limitations.
Gentoo beta-testers wanted: a t-shirt bounty has been declared by Gentoo sponsor Genesi. Launching an initiative for beta-testing the PPC build of the REBOL programming environment we reported about a month ago, this post at the PPC Zone forums promises "the coolest t-shirt we ever made" to the 100 first beta-testers who report back.
To keep your computer uncluttered and clean you can use these commands to keep /var/log nice and tidy.
Firstly, tar up those messages that are over a day old with:
Code Listing 5.1: Find old logs |
# find /var/log/ -name "*.log" -mtime +1 -exec bzip2 -z '{}' \;
|
Then you can delete the tars' that are over 30 days old (or any amout of time, just edit the "-mtime +n" part) using this:
Code Listing 5.2: Delete old tars |
# find /var/log -name "*.bz2" -mtime +30 -exec rm '{}' \;
|
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
gtkdiskfree: Insecure temporary file creation
gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement
Berkeley MPEG Tools: Multiple insecure temporary files
The Berkeley MPEG Tools use temporary files in various insecure ways, potentially allowing a local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement
Uim: Privilege escalation vulnerability
Under certain conditions, applications linked against Uim suffer from a privilege escalation vulnerability.
For more information, please see the GLSA Announcement
Texinfo: Insecure temporary file creation
Texinfo is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement
Ruby: Security bypass vulnerability
Ruby is vulnerable to a security bypass of the safe level mechanism.
For more information, please see the GLSA Announcement
Dia: Arbitrary code execution through SVG import
Improperly sanitised data in Dia allows remote attackers to execute arbitrary code.
For more information, please see the GLSA Announcement
RealPlayer, Helix Player: Format string vulnerability
RealPlayer and Helix Player are vulnerable to a format string vulnerability resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement
xine-lib: Format string vulnerability
xine-lib contains a format string error in CDDB response handling that may be exploited to execute arbitrary code.
For more information, please see the GLSA Announcement
Weex: Format string vulnerability
Weex contains a format string error that may be exploited by malicious servers to execute arbitrary code.
For more information, please see the GLSA Announcement
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 02 October 2005 and 09 October 2005, activity on the site has resulted in:
Of the 8511 currently open bugs: 103 are labeled 'blocker', 181 are labeled 'critical', and 530 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better.
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: