Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 8
Date: Tue, 24 Feb 2004 06:30:15
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of February 23, 2004.
1. Gentoo News
 * FOSDEM Brussels 21 & 22 February 2004 
 * Gentoo Linux still looking for an additional dialup developer 
FOSDEM Brussels 21 & 22 February 2004
What started four years ago as an initiative of a bunch of Brussels 
University students has emerged to a full-blown international developers 
event[1]. Approximately 2000 participants mainly from neighbouring 
European countries (France, Netherlands, UK, Germany), but also from 
Sweden, Hungary or Italy made it to Brussels' Free University[2] this 
year, a fifth more than in 2003. Gentoo was present for the second year in 
a row, except that the booth was a little larger and the developers 
significantly more numerous this time around. Indisputable highlight at 
the Gentoo table was Pieter van den Abeele's dual-processor G5 - compiling 
Vim in six and a half minutes did its fair share of impressing visitors to 
the Gentoo booth. Nobody stayed long enough to wait for the end of an X 
compilation, but at 58 minutes they wouldn't have needed that much stamina 
after all...

Figure 1.1: Skeptical? Nah, not really: picture taken seconds before John 
'maddog' Hall buys two Gentoo LiveCDs, FOSDEM edition
Sadly, the quantum singularity[3] Daniel Robbins and Wout Mertens 
discovered at last year's show seemed to have disappeared. Richard 
Stallman, posing as Saint Richard of the Church of Emacs, had an Assisian 
encounter with a dove, while speakers from Robert Love to Keith Packard 
attracted equally huge crowds to their presentations on the ULB campus. 
And the Gentoo developers used their spare time to do some 
retroengineering and brought drobbins' singularity back! All is well that 
ends well. 

Figure 1.2: Rediscovered quantum singularity at the Gentoo dev sleeping 
quarters (with former beverage containers)
Germany: Reminder for Chemnitzer Linuxtag
The Chemnitzer Linuxtag[4] activists are all set and ready to accomodate 
visitors at the Gentoo booth on 6 and 7 March 2004. A coordination thread 
at the forums is available here[5].

Gentoo Linux Project still looking for an additional dialup developer
Since we didn't get any volunteers when we announced this two weeks ago, 
we're still looking for a developer to join the net-dialup team to help 
quash bugs and maintain ebuilds. We're looking for dedicated devolpers, 
preferably with experience in developing for dialup packages and writing 
ebuilds. If you're not sure you have what it takes, check out this[6] bug 
list. If you're still interested, send an email to Heinrich Wendel[7] with 
some background info. 

 7. lanius@g.o
2. Featured Developer of the Week
Ned Ludd
Figure 2.1: Ned Ludd
Our featured developer for this week is Ned Ludd[8] (solar), a developer 
working on the Hardened Gentoo[9], Gentoo Infrastructure[10] and Embedded 
Gentoo[11]projects, as well as an itinerant dev in the security realm. He 
has been instrumental in establishing (or re-establishing) an organized 
security group amongst the developers, who handle the Gentoo Linux 
Security Announcements as well as identifying, assessing and tracking 
security bugs associated with the distro and its various packages. He has 
also been working on development toolchains, within both the Gentoo base 
system and the new Embedded Gentoo project. 

 8. solar@g.o
Ned started using Linux in 1995, with the venerable Slackware distribution 
and a 1.x series kernel. His interest in computer security prompted him to 
start developing an maintaining kernel security patches with the 2.2.x 
series. He even began his own small security-enhanced distribution 
(linbsd), to implement a BSD-style ports system on Linux. When he 
discovered Gentoo, which had a larger developer community and features 
like grsec support, he decided to move his efforts and support behind it. 
He became an official dev in the usual way - by offering support and 
contributions, particularly in the #gentoo-hardened channel. After 
providing things like the original grsecurity policy examples, he was 
invited to take on a more formal role. In addition to such projects, Ned 
has contributed to other Open-Source security projects such as the 
hogwash[12] packet scrubber and the middle-man[13] filtering proxy. He is 
currently active in the PaX[14] project to provide kernel protection 
against memory-related security faults, such as stack overflow attacks. 

Ned reflected on some of the work he and his team-mates have been 
performing: "I'm really proud of the accomplishments we have made recently 
with PaX and the kernel and userland. It's becoming easier to for the 
novice user to take advantage of these types of protection without having 
to understanding all the inner workings. We also make it easier for the 
advanced user that loves to play with settings and try different security 
modules out." He added that he feels that the work he and the Hardened 
Gentoo herd are doing results in the fact that "we are slowly becoming 
leader in secure kernel and toolchain technologies by putting an end to 
all arbitrary code execution". 
Ned is a partner in a consulting and system integration firm operating out 
of Savannah, Georgia in the United States. Their primary market is the 
provision of secure Linux server solutions and large-scale embedded 
wireless solutions. He is politically active, including membership and 
activism in Earth First[15], Food Not Bombs[16]. He also helped start the 
grass-roots radio station, Radio Free Cascadia[17]. His favorite quote is 
a slogan from the possibly eponymous Luddites: "The machine is the enemy, 
smash it without mercy", which he claims is prompted by the movie "Office 
Space". He concluded with a observation about Gentoo: "it's nice to be 
king of your own hill." 

 17. ttp://
3. Gentoo Security
phpMyAdmin < 2.5.6-rc1: possible attack against export.php
A vulnerability in phpMyAdmin which was not properly verifying user 
generated input could lead to a directory traversal attack. 
For more information, please see the GLSA Announcement[18] 

Updated kernel packages fix the AMD64 ptrace vulnerability
A vulnerability has been discovered by in the ptrace emulation code for 
AMD64 platforms when eflags are processed, allowing a local user to obtain 
elevated priveleges. 
For more information, please see the GLSA Announcement[19] 

Clam Antivirus DoS vulnerability
Oliver Eikemeier has reported a vulnerability in Clam AV, which can be 
exploited by a malformed uuencoded message causing a denial of service for 
programs that rely on the clamav daemon, such as SMTP daemons. 
For more information, please see the GLSA Announcement[20] 

4. Heard in the Community
Web Forums
X No Longer Free?
The XFree team has changed their license policy two weeks ago, to 
something that isn't compatible to the GPL any longer. The Gentoo 
developers have already drawn their own conclusions from this, and will 
refrain from adding XFree86 versions under the new license scheme to the 
portage tree for the time being. There's plenty of room left for 
discussion at this thread:
 * Xfree no longer free ?[21] 

New Forum for AMD64
Opteron users of Gentoo Linux have achieved critical mass to deserve their 
own platform inside Threads that were scattered over 
other forums have been moved to the new one, and any new debate on 64-bit 
x86 architectures will belong here:
 * [forums-announce] New AMD64 Forum![22] 

Bootsplash for 2.6 Kernels Available
One of the most lively long-term debate in the Forums has been the 
bootsplash howto and its companion thread, the support discussion. Since 
last week, 2.6 kernel users can also benefit from the collective effort - 
gently hiding the fine print of a Linux boot process behind shiny handmade 
flash screens:
 * The Gentoo Framebuffer, Bootsplash & Grubsplash How-To[23] 
 * Gentoo Framebuffer, Bootsplash & Grubsplash - SUPPORT[24] 

XFree86 Alternatives 
The XFree86 4.4 is being released under a revised license[25] that isn't 
fully compatible with the GPL[26]. Because of this, several 
distributions--including Gentoo--have users looking at alternatives. One 
of them is Y-Windows[27], which was discussed in this  thread[28]. 

Portage and Bittorrent.
Here is an interesting idea about using bittorrent (or at least some of 
it's code) to share source packages around. Although there obvious 
benefits like sharing bandwidth, faster downloads, and less effects from 
downtime, there are some downsides. These include security, responsibility 
and possible design incompatibilities. Have a look[29] for more infomation.

5. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([30]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 13 February 2004 and 19 February 2004, activity 
on the site has resulted in: 

 * 669 new bugs during this period 
 * 392 bugs closed or resolved during this period 
 * 17 previously closed bugs were reopened this period 
Of the 5160 currently open bugs: 0 are labeled 'blocker', 0 are labeled 
'critical', and 0 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * Java Team[31], with 48 closed bugs[32]  
 * Mozilla Gentoo Team[33], with 38 closed bugs[34]  
 * Gentoo KDE team[35], with 27 closed bugs[36]  
 * Gentoo Linux Gnome Desktop Team[37], with 20 closed bugs[38]  
 * Python Gentoo Team[39], with 14 closed bugs[40]  
 31. java@g.o
 33. mozilla@g.o
 35. kde@g.o
 37. gnome@g.o
 39. python@g.o

New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Core System Packages Team[41], with 19 new bugs[42]  
 * AMD64 Porting Team[43], with 19 new bugs[44]  
 * Media-Video Herd[45], with 13 new bugs[46]  
 * Gentoo KDE Team[47], with 13 new bugs[48]  
 * Portage Team[49], with 12 new bugs[50]  
 41. base-system@g.o
 43. amd64@g.o
 45. media-video@g.o
 47. kde@g.o
 49. dev-portage@g.o
6. Tips and Tricks
Converting Text Files
This week's tip shows you how to convert files from Windows format to UNIX 
format and vice versa. This can be handy if you've ever opened a file that 
was created in Windows and found your screen full of of ^M characters at 
the end of every line.
The easiest way to convert files back and forth is to use the dos2unix and 
unix2dos commands provided by app-text/dos2unix and app-text/unix2dos.
| Code Listing 7.1:                                                       |
| Converting files the easy way                                           |
|                                                                         |
|% dos2unix file.txt                                                      |
|% unix2dos file.txt                                                      |
If you're missing these commands and can't install them, you can also use 
tr and sed
| Code Listing 7.2:                                                       |
| Converting files with tr and sed                                        |
|                                                                         |
|Convert from DOS/windows to unix                                         |
|% tr -d '\015' < win.txt > unix.txt                                      |
|                                                                         |
|Convert from unix to DOS/windows                                         |
|% sed -e 's/$/\r/' unix.txt > win.txt                                    |
7. Moves, Adds, and Changes
The following developers recently left the Gentoo team: 
 * none this week 
The following developers recently joined the Gentoo Linux team:
 * Jason Stubbs (jstubbs) - portage documentation/modularization
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
8. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 51. gwn-feedback@g.o
9. GWN Feedback
Please send us your feedback[52] and help make the GWN better.

 52. gwn-feedback@g.o
10. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
11. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[53] 
 * English[54] 
 * German[55] 
 * French[56] 
 * Japanese[57] 
 * Italian[58] 
 * Polish[59] 
 * Portuguese (Brazil)[60] 
 * Portuguese (Portugal)[61] 
 * Russian[62] 
 * Spanish[63] 
 * Turkish[64] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Luke Giuliani <cold_flame@×××××.com> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
David Nielsen <Lovechild@××××××××.com> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Sven Vermeulen <swift@g.o> - Contributor
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Radoslaw Janeczko <sototh@×××.pl> - Polish Translation
Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation
Michal Drobek <veng@××.pl> - Polish Translation
Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation
Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
João Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gonçalves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
José Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jesús García Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation