Gentoo Logo

Gentoo Weekly Newsletter: December 13, 2004


1.  Gentoo News

New Chinese Gentoo Forum

A long-standing request has finally been fulfilled: The official Gentoo Forums, according to our user survey the single most popular support platform, now have a shiny new Chinese language forum. Requests for this language to be supported at the Forums had been brought forward for a very long time already, but were growing substantially over the past few weeks.

Enabling Chinese turned out to be trickier than anticipated. The language packs for phpBB, the software that powers the Gentoo Forums, are normally available in separate encodings, which would have mandated two forums for traditional (i.e. the Taiwanese and Hong Kong user base) and simplified (mainland) Chinese characters. Splitting the forum into two was out of the question for the Forum administrators, but thanks to Christian Hartmann (ian!) who finally set out to implement a recommendation from Chinese users, the language packages and headers were patched, and all files transcoded into UTF-8. ian! then released his changes on a few testers first, since being unable to read Chinese himself, he had to rely entirely on user feedback. Testing this way is similar to mooring an oil tanker using your ears only, but nevertheless it appears to work, didn't bring the ceiling crashing down or the Forum hardware to falter, and the two initial moderators are now eagerly waiting for the massive influx of Chinese users to put the platform under yet some more endurance tests.

The encoding to be used is UTF-8, which allows for both simplified and traditional Chinese in postings to the new forum. EricHsu and akar, will be the inaugural moderators to deal with the first wave of Chinese users to join the Gentoo Forums starting from today. Many Chinese Gentooists have been frequenting the forums, but are expected to adopt the new, officially Gentoo-driven platform, too. The freshly appointed moderators are able to read both character sets, but EricHsu is operating in GB2312 (simplified) and akar in Big5 (traditional Chinese) on their own PCs, and will share the supervision of forum posts accordingly.

Figure 1.1: Chinese Gentoo Forum editing window, with encoding set to UTF-8 and autodetection to Chinese

Fig. 1: Chinese Forum

Note: While the content of the forum can be posted in either Big5 or GB2312, the board languages, e.g. the interface, the menu items and messages, can be set to each of the styles the user prefers: Both traditional and simplified Chinese are available as board languages now, too.

2.  Future zone

Linux virtualization techniques

For some types of applications (development, service separations, simulated environments) it is preferrable to "hide" parts of the hardware or the operating system behind a virtualized machine. There are three major approaches to achieve this:

  • Hardware Emulators: These programs emulate the complete hardware step-by-step. Bochs, PearPC, coLinux and QEMU belong to this group.
  • Hardware Virtualization: VMWare, UML, plex86 and XEN do this. They only emulate certain system calls and Interrupts.
  • Limited Virtualization: vServers only hide parts of the OS. Only one kernel is running, but system calls are intercepted and modified according to access privileges etc.

All these techniques have their advantages and shortcomings, as hardware emulators for example are platform independent and just make-believe in parts or subsystems, but are extremely slow compared to hardware virtualizers. The latter are also mostly OS-independent, but limited to specific hardware (VMWare only runs on x86), and their performance isn't quite optimal yet. The limited virtualizers are optimized for speed and low overhead, and are perfectly integrated into the operating system, but of course completely dependent on it, and not all functions can be expected to work as usual.

Today's future zone looks at some of the candidates for virtual machines and emulations, and sheds a little light on their availability and status in Gentoo Linux:


This program is developed at the University of Cambridge. Guest operating systems need some changes applied, but XEN in return offers extremely high performance compared to other solutions.

Gentoo integration: There are experimental ebuilds at Gentoo's bugzilla available.

UML - User Mode Linux

This is a Linux-specific virtualization. It uses a patched kernel for the guest OS, and needs a patched host for better performance. Some versions also support nested UMLs, e.g. booting a UML instance in another UML instance. It is completely encapsulated from the host OS and usually uses files for its "virtual harddisks". Therefore performance tends to be lower than XEN, but since it emulates a whole kernel, its uses tend to be different, for example honeynets, network testing, distributed computing testing.

Gentoo integration: The patched kernel is available as usermode-sources in Portage. A Howto exists at the Gentoo website.


This commercial program allows to run any x86 OS "in a window" on Linux and Windows. It is quite mature, and reasonably fast. Even stacked instances are possible, such as Linux in VMWare on Windows in VMWare on Linux, for example. The hardware emulation presents a S3 graphics card, so some special applications like Windows DirectX games will be unable to run. Different versions of VMWare are available, ESX Server targeted for large server installations, and VMWare Workstation for desktop use.

Gentoo integration: app-emulation/vmware-workstation is a 30-day demo version. It can be upgraded to the full version by aquiring a key from VMWare.

MOL - Mac-on-Linux

The PowerPC equivalent of VMWare, but non-commercial and free. Near-native performance, runs Mac OS > 7.5, Mac OS X and Linux in windows or full-screen modes. Its only drawback is the inability to operate on the new G5 64-bit CPU Macintosh, but it does work on PegasosPPC, for example, even with Mac OS X.

Gentoo integration:MOL is available in Portage.


BOCHS is one of the oldest emulators available. It is an x86 CPU-emulator written in C++, thus completely portable. Compared to virtualization, the performance is extremely low, but it still has its moments - or do you know any other program that allows you to boot FreeDOS on an UltraSPARC?

Gentoo integration:BOCHS is available in Portage. Disk images for booting can be found on the BOCHS website.


The newcomer among the emulators. It is still in rapid development, but already allows to boot a virtual MacOS X on any supported platform (including Win32!). The speed is about 1/500th of a real processor, but the coolness factor of running bochs in pearpc in vmware is hard to beat.

Gentoo integration: PearPC is available in Portage.


Plex86 wants to be seen as the Open Source alternative to VMWare. It is x86 only, but offers acceptable performance. The project seems to have little activity at the moment. A fork with slightly different goals can be found here but this is a Linux only virtualization.

Gentoo integration: Plex86 is available in Portage.


Cooperative Linux is the first working free method for running Linux on Microsoft Windows natively. It can boot any Linux loopback filesystem, and even has limited network support through the TUN/TAP driver. It is not a replacement for Cygwin (which itself isn't a virtualizer, only an API translator), but offers the full bandwidth of Linux applications in Windows.

Gentoo integration:A Gentoo boot image can be downloaded from the project homepage.


This nice program is not one, but many emulators. It can emulate different architectures on a wide range of hardware, thus giving it the edge in flexibility. It is supposed to be much faster than other emulators, but the real performance will still be quite low.

Gentoo integration:QEMU is available in portage.

3.  Gentoo security

PDFlib: Multiple overflows in the included TIFF library

PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

imlib: Buffer overflows in image decoding

Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code.

For more information, please see the GLSA Announcement

Perl: Insecure temporary file creation

Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

mirrorselect: Insecure temporary file creation

mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

PHProjekt: setup.php vulnerability

PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration.

For more information, please see the GLSA Announcement

4.  Heard in the community


Too many mailing lists?

Are there too many (low traffic) Gentoo mailinglists? How do you get all relevant info without subscribing to a dozen mailinglists? And finally, is there a better solution? Find out what other Gentooists have to say to those questions.

Small notes on developer policy

Mike Frysinger posted two reminders on how to do things the right way: 1) Only apply patches arch-specific if absolutely neccessary, and 2) don't dump your bugs in gcc-porting (or some of the other defenseless bugzilla aliases). He suggests that if everyone sticks to some basic rules, bugfixing and updating will be easier and more efficient. And, if bugs are assigned to the right people, they might even get fixed ...

5.  Gentoo International

Japan: Gentoo Bonenkai in Tokyo

GentooJP developer-at-large Masatomo Nakano, currently based in London, is coming back to Japan for a few days around New Year's Eve. As on previous occasions, this serves as the perfect excuse for the Japanese Gentooists to hold a Bonenkai, the usually raucous Japanese year-end party. Check the Japanese user mailing list for details on the exact location, so far the plan is to meet in Tokyo's Shibuya district on 28 December 2004, at around 18:00.

Germany: Christmas party photos

The Christmas bowling event on Friday 10 December, organized by and for Germany's most weathered Gentooists in the Ruhr region that we announced two weeks ago, appears to have gone down quite well, and in perfect harmony, according to the impressive photo gallery available at the German Gentoo website. Depicted are some of the finest developers around, but frankly, their bowling skills are not on the same level. The scorecards aren't much to write home about, but on the upside of things no harm was done to the inventory.

6.  Gentoo in the press

Heise online (7 December 2004)

Germany's leading IT magazine reports about the upcoming 21c3 conference in Berlin, in an article titled "More than the usual suspects." Based on an interview with Gentoo developer and Chaos Computer Club spokesman Lars Weiler, the article specially mentions the Gentoo developer conference to be held during the 21c3.

7.  Bugzilla



The Gentoo community uses Bugzilla ( to record and track bugs, notifications, suggestions and other interactions with the development team. Between 05 December 2004 and 12 December 2004, activity on the site has resulted in:

  • 742 new bugs during this period
  • 443 bugs closed or resolved during this period
  • 31 previously closed bugs were reopened this period

Of the 7590 currently open bugs: 126 are labeled 'blocker', 237 are labeled 'critical', and 548 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  Tips and Tricks

Fresh USE flag and profile editors

ufed has served its purpose of providing an overview and editing USE flag settings in Gentoo systems for quite a while. Its ncurses-based interface wasn't exactly pretty, and it hasn't seen much development over the past few months.

Enter the alternatives: Damien Krotkine has just brought his new "Profuse" up to speed and into Portage. It is meant to be particularly good at dealing with cascading profiles, has a GTK+-2 interface that's generally pleasing to the eye, and is easily available by simply emerging it.

Code Listing 8.1: Emerge profuse

# echo "app-portage/profuse ~x86" >> /etc/portage/package.keywords (if
# echo "dev-util/libconf ~x86" >> /etc/portage/package.keywords    necessary 
# echo "dev-perl/gtk2-fu ~x86" >> /etc/portage/package.keywords    for you)
# emerge profuse

Figure 8.1: Damien Krotkine's profuse, the profile and USE editor

Fig. 1: Profuse

profuse defaults to whatever is linked to /etc/make.profile, but it can already work on cascading profiles, too, with the profile editing GUI currently still under development:

Code Listing 8.2: Invoke profuse with a cascading profile

# profuse --profile-dir=/usr/portage/profiles/default-linux/ppc/2004.3

For Gentoo on Mac OS X users, Michael Hanselmann has created app-portage/portage-prefpane that works as a plugin to the standard System Preferences application of Mac OS X. It serves as an editor for the make.conf file and can manipulate USE-flags, features and mirrors. Additionally, it provides an interface to edit all variables in make.conf. It runs only on Mac OS X, of course:

Figure 8.2: Portage-prefpane fully integrated into Mac OS X System Preferences

Fig. 2: portage-prefpane

9.  Moves, adds, and changes


The following developers recently left the Gentoo team:

  • Michael Boman


The following developers recently joined the Gentoo Linux team:

  • Torsten Veller (tove) - net-mail, net-dialup
  • Aaron Kulbe (SuperLag) - net-mail


The following developers recently changed roles within the Gentoo Linux project:

  • None this week

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN feedback

Please send us your feedback and help make the GWN better.

12.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to from the email address you are subscribed under.

13.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:


Page updated 13 December 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 13 December 2004.

Ulrich Plate

Michael Hanselmann

Damien Krotkine

Patrick Lauer

Lars Weiler

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.