Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 8 August 2005
Date: Mon, 08 Aug 2005 00:32:36
Message-Id: 20050808000220.GL3733@celeborn.wh-og.hs-niederrhein.de
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 8 August 2005.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 First alpha release of the Gentoo Installer
12 -------------------------------------------
13
14 Gentoo Installer Project[1] lead Andrew Gaffney[2] did an announcement[3]
15 this week about version 0.1 of GLI! This is a milestone in Gentoo's
16 history as it was installer-free before and the user had to do every step
17 manually with the help of the Gentoo Handbook[4].
18
19 1. http://www.gentoo.org/proj/en/releng/installer/index.xml
20 2. agaffney@g.o
21 3. http://article.gmane.org/gmane.linux.gentoo.installer/329
22 4. http://docs.gentoo.org/handbook
23
24 There will be an x86 LiveCD with the installer included in the
25 /experimental branch on the mirrors[5]. More information are available in
26 the Installer Project's website[6]
27
28 5. http://www.gentoo.org/main/en/mirrors.xml
29 6. http://www.gentoo.org/proj/en/releng/installer/index.xml#doc_chap2
30
31 Tor network servers banned on the Forums
32 ----------------------------------------
33
34 The Tor Network[7] is an anonymous Internet communication system that uses
35 a distributed network of servers to bounce communications around. People
36 were able to use tor to browse the Gentoo Forums[8] until some malicious
37 users started abusing the forums. As you might have already guessed, using
38 tor hides your IP address, so it works similarly to a kind of anonymous
39 posting. The gentoo forums staff[9], due to this abusive use of tor
40 servers, has decided to ban all tor servers that have an exit policy
41 allowing connections to forums.gentoo.org on ports 80 (HTTP) and/or 443
42 (HTTPS). We are concerned that our users might want to preserve their
43 anonymity, however there doesn't seem to be a good technical or legitimate
44 reason[10] to use tor on the Gentoo Forums.
45
46 7. http://tor.eff.org
47 8. http://forums.gentoo.org/
48 9. http://www.gentoo.org/proj/en/forums/
49 10. http://forums.gentoo.org/viewtopic-t-365013.html
50
51 In an effort to purge the abuse of the Tor Network generating the least
52 problem to our users, only Tor servers with an exit to forums.gentoo.org
53 on the ports above stated will be banned. If they have those exits
54 removed, they'll automatically be unbanned. Please, notice that this
55 process of retrieving the list of Tor servers is performed automatically
56 and that it might take a while to have the ban-list synced.
57
58 ========================
59 2. Developer of the week
60 ========================
61
62 ”Gentoo is something you learn once and apply wherever you want… just port
63 it there ;)“
64 --------------
65
66 Figure 2.1: Diego Pettenò
67 http://www.gentoo.org/images/gwn/20050808_flameeyes.jpg
68
69 This week's developer special is Diego Pettenò[11], better known as
70 Flameeyes. He is one of the Gentoo/FreeBSD[12] hackers and a media-video
71 and sound bugfixer, so he usually does ebuild maintenance, patches for
72 media apps and of course Gentoo/FreeBSD things in general.
73
74 11. flameeyes@g.o
75 12. http://www.gentoo.org/proj/en/gentoo-alt/bsd/fbsd/index.xml
76
77 Diego lives somewhere near Venice, Italy, where he tries to study Computer
78 Science at the Ca' Foscari university and does translations to pay for his
79 studies. Before he got assimilated into the Gentoo collective he worked on
80 a few small open-source projects, but as he said ”nothing that takes
81 someone else“. Gentoo/BSD is the thing he is most proud of: ”When I joined
82 in march it was an overlay over FreeBSD, now it can be considered a full
83 distribution on its own, so it's the first time I can really see something
84 actually usable where I worked on :)“
85
86 Obviously KDE is the best thing since sliced bread, so Diego uses it and
87 only needs vim and ssh to be happy. The first thing that gets started is
88 usually amaroK to wake up… but usually the computers just keep running
89 24/7.
90
91 Diego uses an Athlon64 3500+, an iBook (with Gentoo/OSX) and an old
92 Athlon-tbird headless for Gentoo/FreeBSD. When not in front of his
93 computers (unlikely as that may appear) he is usually reading fantasy
94 books or doing bricolage.
95
96 Quote: ”I'd like to thank all the devs who allowed me to be here right now :)“
97
98 =========================
99 3. Heard in the community
100 =========================
101
102 gentoo-dev
103 ----------
104
105 Food For Thought: Bugzilla Localization?
106
107 Chris White[13] starts a discussion whether bugzilla should be localized.
108 This would be a great asset for non-English Gentoo users, but it would
109 complicate bug management to the point where it seems unreasonable to
110 implement it. Especially duplicate bugs and translation issues can't be
111 managed sanely.
112
113 13. chriswhite@g.o
114
115 * Food For Thought: Bugzilla Localization? [14]
116 14. http://thread.gmane.org/gmane.linux.gentoo.devel/30111
117
118
119 =======================
120 4. Gentoo International
121 =======================
122
123 Germany: Reminder for the national user meeting
124 -----------------------------------------------
125
126 Just a quick reminder for the national user meeting[15] in Wissen
127 (Westerwald) next weekend. If you like camping and want to meet some other
128 Gentoo users, this is the perfect event for you.
129
130 15. http://gentootreffen2005.deruwe.de/
131
132 ======================
133 5. Gentoo in the press
134 ======================
135
136 Gentoo in Windows
137 -----------------
138
139 This month's issue of the Redmondmag.com, ’The independent voice of the
140 Microsoft IT community‘, features an article entitled ”Make Room for Linux
141 Apps[16]“. The author describes how a Windows user can run Linux
142 application in Windows and describes his experiences with Gentoo in
143 combination with coLinux[17].
144
145 16. http://www.redmondmag.com/features/article.asp?EditorialsID=503
146 17. http://www.colinux.org/
147
148 ==================
149 6. Tips and Tricks
150 ==================
151
152 ulimit and sysctl
153 -----------------
154
155 The ulimit and sysctl programs allow to limit system-wide resource use.
156 This can help a lot in system administration, e.g. when a user starts too
157 many processes and therefore makes the system unresponsive for other users.
158
159 +-------------------------------------------------------------------------+
160 | Code Listing 6.1: |
161 | ulimit example |
162 +-------------------------------------------------------------------------+
163 | |
164 |# ulimit -a |
165 |core file size (blocks, -c) 0 |
166 |data seg size (kbytes, -d) unlimited |
167 |file size (blocks, -f) unlimited |
168 |pending signals (-i) 8191 |
169 |max locked memory (kbytes, -l) 32 |
170 |max memory size (kbytes, -m) unlimited |
171 |open files (-n) 1024 |
172 |pipe size (512 bytes, -p) 8 |
173 |POSIX message queues (bytes, -q) 819200 |
174 |stack size (kbytes, -s) 8192 |
175 |cpu time (seconds, -t) unlimited |
176 |max user processes (-u) 8191 |
177 |virtual memory (kbytes, -v) unlimited |
178 |file locks (-x) unlimited |
179 | |
180 +-------------------------------------------------------------------------+
181
182 All these settings can be manipulated. A good example is this bash
183 forkbomb that forks as many processes as possible and can crash systems
184 where no user limits are set:
185
186 Warn: Do not run this in a shell! If no limits are set your system will
187 either become unresponsive or might even crash.
188
189 +-------------------------------------------------------------------------+
190 | Code Listing 6.2: |
191 | A bash forkbomb |
192 +-------------------------------------------------------------------------+
193 | |
194 |$ :(){ :|:& };: |
195 | |
196 +-------------------------------------------------------------------------+
197
198 Now this is not good - any user with shell access to your box could take
199 it down. But if that user can only start 30 processes the damage will be
200 minimal. So let's set a process limit:
201
202 Note: A too small number of processes can break the use of portage. So,
203 don't be too strict.
204
205 +-------------------------------------------------------------------------+
206 | Code Listing 6.3: |
207 | Setting a process limit |
208 +-------------------------------------------------------------------------+
209 | |
210 |# ulimit -u 30 |
211 |# ulimit -a |
212 |… |
213 |max user processes (-u) 30 |
214 |… |
215 | |
216 +-------------------------------------------------------------------------+
217
218 If you try to run the forkbomb now it should run, but throw error messages
219 "fork: resource temporarily unavailable". This means that your system has
220 not allowed the forkbomb to start more processes. The other options of
221 ulimit can help with similar problems, but you should be careful that you
222 don't lock yourself out - setting data seg size too small will even
223 prevent bash from starting!
224
225 sysctl is a similar tool: It allows to configure kernel parameters at
226 runtime. If you wish to keep settings persistent across reboots you should
227 edit /etc/sysctl.conf - be aware that wrong settings may break things in
228 unforeseen ways.
229
230 +-------------------------------------------------------------------------+
231 | Code Listing 6.4: |
232 | Exploring sysctl variables |
233 +-------------------------------------------------------------------------+
234 | |
235 |# sysctl -a |
236 |… |
237 |vm.swappiness = 60 |
238 |… |
239 | |
240 +-------------------------------------------------------------------------+
241
242 The list of variables is quite long (367 lines on my system), but I picked
243 out vm.swappiness here. It controls how aggressive swapping will be, the
244 higher it is (with a maximum of 100) the more swap will be used. This can
245 affect performance a lot on systems with little memory, depending on load
246 and other factors.
247
248 +-------------------------------------------------------------------------+
249 | Code Listing 6.5: |
250 | Reducing swappiness |
251 +-------------------------------------------------------------------------+
252 | |
253 |# sysctl vm.swappiness=0 |
254 |vm.swappiness = 0 |
255 | |
256 +-------------------------------------------------------------------------+
257
258 The effects of changing this setting are usually not felt instantly. But
259 you can change many settings, especially network-related, this way. For
260 servers this can offer a nice performance boost, but as with ulimit
261 careless usage might cause your system to misbehave or slow down. If you
262 don't know what a variable controls, you should not modify it!
263
264 ===========================
265 7. Moves, adds, and changes
266 ===========================
267
268 Moves
269 -----
270
271 The following developers recently left the Gentoo team:
272
273 * Benjamin Judas (beejay) (Gentoo/X86 Release manager)
274
275 Adds
276 ----
277
278 The following developers recently joined the Gentoo Linux team:
279
280 * New developer: Christian Heim (phreak) (vserver)
281 * New forums staff: Jonathan Coome (Maedhros)
282 * New forums staff: Anders Hellgren (Kallamej)
283 * New forums staff: Robert Muchacki (Muchar)
284
285 Changes
286 -------
287
288 The following developers recently changed roles within the Gentoo Linux
289 project:
290
291 * Mike Doty (kingtaco) (stepped back from Arch Tester lead)
292 * Homer Parker (hparker) (New Arch Tester lead)
293
294 ==================
295 8. Gentoo Security
296 ==================
297
298 Compress::Zlib: Buffer overflow
299 -------------------------------
300
301 Compress::Zlib is vulnerable to a buffer overflow which could potentially
302 lead to execution of arbitrary code.
303
304 For more information, please see the GLSA Announcement[18]
305
306 18. http://www.gentoo.org/security/en/glsa/glsa-200508-01.xml
307
308 ProFTPD: Format string vulnerabilities
309 --------------------------------------
310
311 Under specific circumstances, ProFTPD is vulnerable to format string
312 vulnerabilities, potentially resulting in the execution of arbitrary code.
313
314 For more information, please see the GLSA Announcement[19]
315
316 19. http://www.gentoo.org/security/en/glsa/glsa-200508-02.xml
317
318 nbSMTP: Format string vulnerability
319 -----------------------------------
320
321 nbSMTP is vulnerable to a format string vulnerability which may result in
322 remote execution of arbitrary code.
323
324 For more information, please see the GLSA Announcement[20]
325
326 20. http://www.gentoo.org/security/en/glsa/glsa-200508-03.xml
327
328 Netpbm: Arbitrary code execution in pstopnm
329 -------------------------------------------
330
331 The pstopnm utility, part of the Netpbm tools, contains a vulnerability
332 which can potentially result in the execution of arbitrary code.
333
334 For more information, please see the GLSA Announcement[21]
335
336 21. http://www.gentoo.org/security/en/glsa/glsa-200508-04.xml
337
338 Heartbeat: Insecure temporary file creation
339 -------------------------------------------
340
341 Heartbeat is vulnerable to symlink attacks, potentially allowing a local
342 user to overwrite arbitrary files.
343
344 For more information, please see the GLSA Announcement[22]
345
346 22. http://www.gentoo.org/security/en/glsa/glsa-200508-05.xml
347
348 ===========
349 9. Bugzilla
350 ===========
351
352 Summary
353 -------
354
355 * Statistics
356 * Closed bug ranking
357 * New bug rankings
358
359 Statistics
360 ----------
361
362 The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and
363 track bugs, notifications, suggestions and other interactions with the
364 development team. Between 30 July 2005 and 06 August 2005, activity on the
365 site has resulted in:
366
367 23. http://bugs.gentoo.org
368
369 * 725 new bugs during this period
370 * 459 bugs closed or resolved during this period
371 * 38 previously closed bugs were reopened this period
372
373 Of the 8042 currently open bugs: 107 are labeled 'blocker', 200 are
374 labeled 'critical', and 539 are labeled 'major'.
375
376 Closed bug rankings
377 -------------------
378
379 The developers and teams who have closed the most bugs during this period
380 are:
381
382 * AMD64 Porting Team[24], with 34 closed bugs[25]
383 * Xavier Neys[26], with 26 closed bugs[27]
384 * Gentoo Linux Gnome Desktop Team[28], with 19 closed bugs[29]
385 * Gentoo KDE team[30], with 17 closed bugs[31]
386 * Gentoo's Team for Core System packages[32], with 17 closed bugs[33]
387 * Gentoo Linux bug wranglers[34], with 14 closed bugs[35]
388 * Gentoo Security[36], with 12 closed bugs[37]
389 * media-gfx herd[38], with 12 closed bugs[39]
390 24. amd64@g.o
391 25. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=amd64@g.o
392 26. neysx@g.o
393 27. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=neysx@g.o
394 28. gnome@g.o
395 29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=gnome@g.o
396 30. kde@g.o
397 31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=kde@g.o
398 32. base-system@g.o
399 33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=base-system@g.o
400 34. bug-wranglers@g.o
401 35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=bug-wranglers@g.o
402 36. security@g.o
403 37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=security@g.o
404 38. graphics@g.o
405 39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-30&chfieldto=2005-08-06&resolution=FIXED&assigned_to=graphics@g.o
406
407
408 New bug rankings
409 ----------------
410
411 The developers and teams who have been assigned the most new bugs during
412 this period are:
413
414 * Default Assignee for New Packages[40], with 35 new bugs[41]
415 * Portage Utitilities Team[42], with 16 new bugs[43]
416 * AMD64 Porting Team[44], with 16 new bugs[45]
417 * Text-Markup Team[46], with 11 new bugs[47]
418 * Default Assignee for Orphaned Packages[48], with 11 new bugs[49]
419 * Java team[50], with 10 new bugs[51]
420 * Mozilla Gentoo Team[52], with 9 new bugs[53]
421 * Gentoo Toolchain Maintainers[54], with 8 new bugs[55]
422 40. maintainer-wanted@g.o
423 41. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=maintainer-wanted@g.o
424 42. tools-portage@g.o
425 43. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=tools-portage@g.o
426 44. amd64@g.o
427 45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=amd64@g.o
428 46. text-markup@g.o
429 47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=text-markup@g.o
430 48. maintainer-needed@g.o
431 49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=maintainer-needed@g.o
432 50. java@g.o
433 51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=java@g.o
434 52. mozilla@g.o
435 53. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=mozilla@g.o
436 54. toolchain@g.o
437 55. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-30&chfieldto=2005-08-06&assigned_to=toolchain@g.o
438
439
440 ================
441 10. GWN feedback
442 ================
443
444 Please send us your feedback[56] and help make the GWN better.
445
446 56. gwn-feedback@g.o
447
448 ================================
449 11. GWN subscription information
450 ================================
451
452 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
453 gentoo-gwn+subscribe@g.o.
454
455 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
456 gentoo-gwn+unsubscribe@g.o from the email address you are
457 subscribed under.
458
459 ===================
460 12. Other languages
461 ===================
462
463 The Gentoo Weekly Newsletter is also available in the following languages:
464
465 * Danish[57]
466 * Dutch[58]
467 * English[59]
468 * German[60]
469 * French[61]
470 * Japanese[62]
471 * Italian[63]
472 * Polish[64]
473 * Portuguese (Brazil)[65]
474 * Portuguese (Portugal)[66]
475 * Russian[67]
476 * Spanish[68]
477 * Turkish[69]
478 57. http://www.gentoo.org/news/da/gwn/gwn.xml
479 58. http://www.gentoo.org/news/nl/gwn/gwn.xml
480 59. http://www.gentoo.org/news/en/gwn/gwn.xml
481 60. http://www.gentoo.org/news/de/gwn/gwn.xml
482 61. http://www.gentoo.org/news/fr/gwn/gwn.xml
483 62. http://www.gentoo.org/news/ja/gwn/gwn.xml
484 63. http://www.gentoo.org/news/it/gwn/gwn.xml
485 64. http://www.gentoo.org/news/pl/gwn/gwn.xml
486 65. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
487 66. http://www.gentoo.org/news/pt/gwn/gwn.xml
488 67. http://www.gentoo.org/news/ru/gwn/gwn.xml
489 68. http://www.gentoo.org/news/es/gwn/gwn.xml
490 69. http://www.gentoo.org/news/tr/gwn/gwn.xml
491
492
493 Ulrich Plate <plate@g.o> - Editor
494 Patrick Lauer <patrick@g.o> - Author
495 Ioannis Aslanidis <deathwing00@g.o> - Author
496 Lars Weiler <pylon@g.o> - Author
497
498 --
499 gentoo-gwn@g.o mailing list
Report Message
Find on MARC Find on Google Groups