Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 13 December 2004
Date: Mon, 13 Dec 2004 00:25:58
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 13 December 2004.
1. Gentoo News
New Chinese Gentoo Forum
A long-standing request has finally been fulfilled: The official Gentoo 
Forums, according to our user survey the single most popular support 
platform, now have a shiny new Chinese language forum[1]. Requests for 
this language to be supported at the Forums had been brought forward for a 
very long time already, but were growing substantially over the past few 
Enabling Chinese turned out to be trickier than anticipated. The language 
packs for phpBB, the software that powers the Gentoo Forums, are normally 
available in separate encodings, which would have mandated two forums for 
traditional (i.e. the Taiwanese and Hong Kong user base) and simplified 
(mainland) Chinese characters. Splitting the forum into two was out of the 
question for the Forum administrators, but thanks to Christian Hartmann 
(ian![2]) who finally set out to implement a recommendation from Chinese 
users, the language packages and headers were patched, and all files 
transcoded into UTF-8. ian! then released his changes on a few testers 
first, since being unable to read Chinese himself, he had to rely entirely 
on user feedback. Testing this way is similar to mooring an oil tanker 
using your ears only, but nevertheless it appears to work, didn't bring 
the ceiling crashing down or the Forum hardware to falter, and the two 
initial moderators are now eagerly waiting for the massive influx of 
Chinese users to put the platform under yet some more endurance tests.
The encoding to be used is UTF-8, which allows for both simplified and 
traditional Chinese in postings to the new forum. EricHsu[3] and akar[4], 
will be the inaugural moderators to deal with the first wave of Chinese 
users to join the Gentoo Forums starting from today. Many Chinese 
Gentooists have been frequenting the[5] forums, but are 
expected to adopt the new, officially Gentoo-driven platform, too. The 
freshly appointed moderators are able to read both character sets, but 
EricHsu is operating in GB2312 (simplified) and akar in Big5 (traditional 
Chinese) on their own PCs, and will share the supervision of forum posts 
Figure 1.1: Chinese Gentoo Forum editing window, with encoding set to 
UTF-8 and autodetection to Chinese
Note: While the content of the forum can be posted in either Big5 or 
GB2312, the board languages, e.g. the interface, the menu items and 
messages, can be set to each of the styles the user prefers: Both 
traditional and simplified Chinese are available as board languages now, 
2. Future zone
Linux virtualization techniques
For some types of applications (development, service separations, 
simulated environments) it is preferrable to "hide" parts of the hardware 
or the operating system behind a virtualized machine. There are three 
major approaches to achieve this:
 * Hardware Emulators: These programs emulate the complete hardware 
step-by-step. Bochs, PearPC, coLinux and QEMU belong to this group. 
 * Hardware Virtualization: VMWare, UML, plex86 and XEN do this. They only 
emulate certain system calls and Interrupts. 
 * Limited Virtualization: vServers only hide parts of the OS. Only one 
kernel is running, but system calls are intercepted and modified according 
to access privileges etc. 
All these techniques have their advantages and shortcomings, as hardware 
emulators for example are platform independent and just make-believe in 
parts or subsystems, but are extremely slow compared to hardware 
virtualizers. The latter are also mostly OS-independent, but limited to 
specific hardware (VMWare only runs on x86), and their performance isn't 
quite optimal yet. The limited virtualizers are optimized for speed and 
low overhead, and are perfectly integrated into the operating system, but 
of course completely dependent on it, and not all functions can be 
expected to work as usual. 
Today's future zone looks at some of the candidates for virtual machines 
and emulations, and sheds a little light on their availability and status 
in Gentoo Linux:
This program is developed at the University of Cambridge. Guest operating 
systems need some changes applied, but XEN in return offers extremely high 
performance compared to other solutions.
Gentoo integration: There are experimental ebuilds at Gentoo's bugzilla[7] 
UML - User Mode Linux[8]
This is a Linux-specific virtualization. It uses a patched kernel for the 
guest OS, and needs a patched host for better performance. Some versions 
also support nested UMLs, e.g. booting a UML instance in another UML 
instance. It is completely encapsulated from the host OS and usually uses 
files for its "virtual harddisks". Therefore performance tends to be lower 
than XEN, but since it emulates a whole kernel, its uses tend to be 
different, for example honeynets, network testing, distributed computing 
Gentoo integration: The patched kernel is available as usermode-sources in 
Portage. A Howto exists at the Gentoo website[9]. 
This commercial program allows to run any x86 OS "in a window" on Linux 
and Windows. It is quite mature, and reasonably fast. Even stacked 
instances are possible, such as Linux in VMWare on Windows in VMWare on 
Linux, for example. The hardware emulation presents a S3 graphics card, so 
some special applications like Windows DirectX games will be unable to 
run. Different versions of VMWare are available, ESX Server targeted for 
large server installations, and VMWare Workstation for desktop use.
Gentoo integration: app-emulation/vmware-workstation is a 30-day demo 
version. It can be upgraded to the full version by aquiring a key from 
MOL - Mac-on-Linux[11]
The PowerPC equivalent of VMWare, but non-commercial and free. Near-native 
performance, runs Mac OS > 7.5, Mac OS X and Linux in windows or 
full-screen modes. Its only drawback is the inability to operate on the 
new G5 64-bit CPU Macintosh, but it does work on PegasosPPC, for example, 
even with Mac OS X.
Gentoo integration:MOL is available in Portage.
BOCHS is one of the oldest emulators available. It is an x86 CPU-emulator 
written in C++, thus completely portable. Compared to virtualization, the 
performance is extremely low, but it still has its moments - or do you 
know any other program that allows you to boot FreeDOS on an UltraSPARC?
Gentoo integration:BOCHS is available in Portage. Disk images for booting 
can be found on the BOCHS website.
The newcomer among the emulators. It is still in rapid development, but 
already allows to boot a virtual MacOS X on any supported platform 
(including Win32!). The speed is about 1/500th of a real processor, but 
the coolness factor of running bochs in pearpc in vmware is hard to beat.
Gentoo integration: PearPC is available in Portage.
Plex86 wants to be seen as the Open Source alternative to VMWare. It is 
x86 only, but offers acceptable performance. The project seems to have 
little activity at the moment. A fork with slightly different goals can be 
found here[15] but this is a Linux only virtualization. 
Gentoo integration: Plex86 is available in Portage. 
Cooperative Linux is the first working free method for running Linux on 
Microsoft Windows natively. It can boot any Linux loopback filesystem, and 
even has limited network support through the TUN/TAP driver. It is not a 
replacement for Cygwin (which itself isn't a virtualizer, only an API 
translator), but offers the full bandwidth of Linux applications in 
Gentoo integration:A Gentoo boot image can be downloaded from the project 
This nice program is not one, but many emulators. It can emulate different 
architectures on a wide range of hardware, thus giving it the edge in 
flexibility. It is supposed to be much faster than other emulators, but 
the real performance will still be quite low. 
Gentoo integration:QEMU is available in portage.
3. Gentoo security
PDFlib: Multiple overflows in the included TIFF library
PDFlib is vulnerable to multiple overflows, which can potentially lead to 
the execution of arbitrary code. 
For more information, please see the GLSA Announcement[18] 
imlib: Buffer overflows in image decoding
Multiple overflows have been found in the imlib library image decoding 
routines, potentially allowing execution of arbitrary code. 
For more information, please see the GLSA Announcement[19] 
Perl: Insecure temporary file creation
Perl is vulnerable to symlink attacks, potentially allowing a local user 
to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[20] 
mirrorselect: Insecure temporary file creation
mirrorselect is vulnerable to symlink attacks, potentially allowing a 
local user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[21] 
PHProjekt: setup.php vulnerability
PHProjekt contains a vulnerability in the setup procedure allowing remote 
users without admin rights to change the configuration. 
For more information, please see the GLSA Announcement[22] 
4. Heard in the community
Too many mailing lists?
Are there too many (low traffic) Gentoo mailinglists? How do you get all 
relevant info without subscribing to a dozen mailinglists? And finally, is 
there a better solution? Find out what other Gentooists have to say to 
those questions. 
 * Too many mailing lists[23] 
Small notes on developer policy
Mike Frysinger[24] posted two reminders on how to do things the right way: 
1) Only apply patches arch-specific if absolutely neccessary, and 2) don't 
dump your bugs in gcc-porting (or some of the other defenseless bugzilla 
aliases). He suggests that if everyone sticks to some basic rules, 
bugfixing and updating will be easier and more efficient. And, if bugs are 
assigned to the right people, they might even get fixed ... 
 24. vapier@g.o
 * arch-apecific patches[25] 
 * a note about gcc-porting team[26] 
5. Gentoo International
Japan: Gentoo Bonenkai in Tokyo 
GentooJP developer-at-large Masatomo Nakano, currently based in London, is 
coming back to Japan for a few days around New Year's Eve. As on previous 
occasions, this serves as the perfect excuse for the Japanese Gentooists 
to hold a Bonenkai, the usually raucous Japanese year-end party. Check the 
Japanese user mailing list[27] for details on the exact location, so far 
the plan is to meet in Tokyo's Shibuya district on 28 December 2004, at 
around 18:00.
Germany: Christmas party photos
The Christmas bowling event on Friday 10 December, organized by and for 
Germany's most weathered Gentooists in the Ruhr region that we announced 
two weeks ago, appears to have gone down quite well, and in perfect 
harmony, according to the impressive photo gallery[28] available at the 
German Gentoo website. Depicted are some of the finest developers around, 
but frankly, their bowling skills are not on the same level. The 
scorecards aren't much to write home about, but on the upside of things no 
harm was done to the inventory. 
6. Gentoo in the press
Heise online (7 December 2004)
Germany's leading IT magazine reports about the upcoming 21c3 conference 
in Berlin, in an article titled "More than the usual suspects."[29] Based 
on an interview with Gentoo developer and Chaos Computer Club spokesman 
Lars Weiler[30], the article specially mentions the Gentoo developer 
conference to be held during the 21c3.
 30. pylon@g.o
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([31]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 05 December 2004 and 12 December 2004, activity 
on the site has resulted in: 
 * 742 new bugs during this period 
 * 443 bugs closed or resolved during this period 
 * 31 previously closed bugs were reopened this period 
Of the 7590 currently open bugs: 126 are labeled 'blocker', 237 are 
labeled 'critical', and 548 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo Games[32], with 36 closed bugs[33]  
 * Portage Utitilities Team[34], with 22 closed bugs[35]  
 * Gentoo Linux Gnome Desktop Team[36], with 19 closed bugs[37]  
 * Gentoo's Team for Core System packages[38], with 17 closed bugs[39]  
 * AMD64 Porting Team[40], with 16 closed bugs[41]  
 * PPC Porters[42], with 14 closed bugs[43]  
 * SpanKY[44], with 13 closed bugs[45]  
 * Gentoo KDE team[46], with 13 closed bugs[47]  
 32. games@g.o
 34. tools-portage@g.o
 36. gnome@g.o
 38. base-system@g.o
 40. amd64@g.o
 42. ppc@g.o
 44. vapier@g.o
 46. kde@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * AMD64 Porting Team[48], with 23 new bugs[49]  
 * Perl Devs @ Gentoo[50], with 15 new bugs[51]  
 * Gentoo's Team for Core System packages[52], with 11 new bugs[53]  
 * Gentoo Sound Team[54], with 9 new bugs[55]  
 * Net-Mail Packages[56], with 8 new bugs[57]  
 * Mozilla Gentoo Team[58], with 8 new bugs[59]  
 * Text-Markup Team[60], with 7 new bugs[61]  
 * PHP Bugs[62], with 7 new bugs[63]  
 48. amd64@g.o
 50. perl@g.o
 52. base-system@g.o
 54. sound@g.o
 56. net-mail@g.o
 58. mozilla@g.o
 60. text-markup@g.o
 62. php-bugs@g.o
8. Tips and Tricks
Fresh USE flag and profile editors
ufed has served its purpose of providing an overview and editing USE flag 
settings in Gentoo systems for quite a while. Its ncurses-based interface 
wasn't exactly pretty, and it hasn't seen much development over the past 
few months. 
Enter the alternatives: Damien Krotkine[64] has just brought his new 
"Profuse" up to speed and into Portage. It is meant to be particularly 
good at dealing with cascading profiles, has a GTK+-2 interface that's 
generally pleasing to the eye, and is easily available by simply emerging 
 64. dams@g.o
| Code Listing 8.1:                                                       |
|Emerge                                                                   |
|                                                                         |
|# echo "app-portage/profuse ~x86" >> /etc/portage/package.keywords (if   |
|# emerge profuse                                                         |
|                                                                         |
Figure 8.1: Damien Krotkine's profuse, the profile and USE editor
profuse defaults to whatever is linked to /etc/make.profile, but it can 
already work on cascading profiles, too, with the profile editing GUI 
currently still under development:
| Code Listing 8.2:                                                       |
|Invoke profuse with a cascading                                          |
|                                                                         |
|# profuse --profile-dir=/usr/portage/profiles/default-linux/ppc/2004.3   |
|                                                                         |
For Gentoo on Mac OS X users, Michael Hanselmann[65] has created 
app-portage/portage-prefpane that works as a plugin to the standard System 
Preferences application of Mac OS X. It serves as an editor for the 
make.conf file and can manipulate USE-flags, features and mirrors. 
Additionally, it provides an interface to edit all variables in make.conf. 
It runs only on Mac OS X, of course:
 65. hansmi@g.o
Figure 8.2: Portage-prefpane fully integrated into Mac OS X System 
9. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * Michael Boman 
The following developers recently joined the Gentoo Linux team:
 * Torsten Veller (tove) - net-mail, net-dialup 
 * Aaron Kulbe (SuperLag) - net-mail 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 66. gwn-feedback@g.o
11. GWN feedback
Please send us your feedback[67] and help make the GWN better.
 67. gwn-feedback@g.o
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[68] 
 * Dutch[69] 
 * English[70] 
 * German[71] 
 * French[72] 
 * Japanese[73] 
 * Italian[74] 
 * Polish[75] 
 * Portuguese (Brazil)[76] 
 * Portuguese (Portugal)[77] 
 * Russian[78] 
 * Spanish[79] 
 * Turkish[80] 
Ulrich Plate <plate@g.o> - Editor
Michael Hanselmann <hansmi@g.o> - Author
Damien Krotkine <dams@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Lars Weiler <pylon@g.o> - Author

gentoo-gwn@g.o mailing list