Gentoo Archives: gentoo-gwn

From: Lars Weiler <pylon@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 8 August 2005
Date: Mon, 08 Aug 2005 00:32:36
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 8 August 2005.

1. Gentoo News

First alpha release of the Gentoo Installer

Gentoo Installer Project[1] lead Andrew Gaffney[2] did an announcement[3]
this week about version 0.1 of GLI! This is a milestone in Gentoo's
history as it was installer-free before and the user had to do every step
manually with the help of the Gentoo Handbook[4].

 2. agaffney@g.o

There will be an x86 LiveCD with the installer included in the
/experimental branch on the mirrors[5]. More information are available in
the Installer Project's website[6]


Tor network servers banned on the Forums

The Tor Network[7] is an anonymous Internet communication system that uses
a distributed network of servers to bounce communications around. People
were able to use tor to browse the Gentoo Forums[8] until some malicious
users started abusing the forums. As you might have already guessed, using
tor hides your IP address, so it works similarly to a kind of anonymous
posting. The gentoo forums staff[9], due to this abusive use of tor
servers, has decided to ban all tor servers that have an exit policy
allowing connections to on ports 80 (HTTP) and/or 443
(HTTPS). We are concerned that our users might want to preserve their
anonymity, however there doesn't seem to be a good technical or legitimate
reason[10] to use tor on the Gentoo Forums.


In an effort to purge the abuse of the Tor Network generating the least
problem to our users, only Tor servers with an exit to
on the ports above stated will be banned. If they have those exits
removed, they'll automatically be unbanned. Please, notice that this
process of retrieving the list of Tor servers is performed automatically
and that it might take a while to have the ban-list synced.

2. Developer of the week

”Gentoo is something you learn once and apply wherever you want… just port
it there ;)“

Figure 2.1: Diego Pettenò

This week's developer special is Diego Pettenò[11], better known as
Flameeyes. He is one of the Gentoo/FreeBSD[12] hackers and a media-video
and sound bugfixer, so he usually does ebuild maintenance, patches for
media apps and of course Gentoo/FreeBSD things in general.

 11. flameeyes@g.o

Diego lives somewhere near Venice, Italy, where he tries to study Computer
Science at the Ca' Foscari university and does translations to pay for his
studies. Before he got assimilated into the Gentoo collective he worked on
a few small open-source projects, but as he said ”nothing that takes
someone else“. Gentoo/BSD is the thing he is most proud of: ”When I joined
in march it was an overlay over FreeBSD, now it can be considered a full
distribution on its own, so it's the first time I can really see something
actually usable where I worked on :)“

Obviously KDE is the best thing since sliced bread, so Diego uses it and
only needs vim and ssh to be happy. The first thing that gets started is
usually amaroK to wake up… but usually the computers just keep running

Diego uses an Athlon64 3500+, an iBook (with Gentoo/OSX) and an old
Athlon-tbird headless for Gentoo/FreeBSD. When not in front of his
computers (unlikely as that may appear) he is usually reading fantasy
books or doing bricolage.

Quote: ”I'd like to thank all the devs who allowed me to be here right now :)“

3. Heard in the community


Food For Thought: Bugzilla Localization?

Chris White[13] starts a discussion whether bugzilla should be localized.
This would be a great asset for non-English Gentoo users, but it would
complicate bug management to the point where it seems unreasonable to
implement it. Especially duplicate bugs and translation issues can't be
managed sanely.

 13. chriswhite@g.o

 * Food For Thought: Bugzilla Localization? [14]

4. Gentoo International

Germany: Reminder for the national user meeting

Just a quick reminder for the national user meeting[15] in Wissen
(Westerwald) next weekend. If you like camping and want to meet some other
Gentoo users, this is the perfect event for you.


5. Gentoo in the press

Gentoo in Windows

This month's issue of the, ’The independent voice of the
Microsoft IT community‘, features an article entitled ”Make Room for Linux
Apps[16]“. The author describes how a Windows user can run Linux
application in Windows and describes his experiences with Gentoo in
combination with coLinux[17].


6. Tips and Tricks

ulimit and sysctl

The ulimit and sysctl programs allow to limit system-wide resource use.
This can help a lot in system administration, e.g. when a user starts too
many processes and therefore makes the system unresponsive for other users.

| Code Listing 6.1:                                                       |
| ulimit example                                                          |
|                                                                         |
|# ulimit -a                                                              |
|core file size          (blocks, -c) 0                                   |
|data seg size           (kbytes, -d) unlimited                           |
|file size               (blocks, -f) unlimited                           |
|pending signals                 (-i) 8191                                |
|max locked memory       (kbytes, -l) 32                                  |
|max memory size         (kbytes, -m) unlimited                           |
|open files                      (-n) 1024                                |
|pipe size            (512 bytes, -p) 8                                   |
|POSIX message queues     (bytes, -q) 819200                              |
|stack size              (kbytes, -s) 8192                                |
|cpu time               (seconds, -t) unlimited                           |
|max user processes              (-u) 8191                                |
|virtual memory          (kbytes, -v) unlimited                           |
|file locks                      (-x) unlimited                           |
|                                                                         |

All these settings can be manipulated. A good example is this bash
forkbomb that forks as many processes as possible and can crash systems
where no user limits are set:

Warn: Do not run this in a shell! If no limits are set your system will
either become unresponsive or might even crash.

| Code Listing 6.2:                                                       |
| A bash forkbomb                                                         |
|                                                                         |
|$ :(){ :|:& };:                                                          |
|                                                                         |

Now this is not good - any user with shell access to your box could take
it down. But if that user can only start 30 processes the damage will be
minimal. So let's set a process limit:

Note: A too small number of processes can break the use of portage. So,
don't be too strict.

| Code Listing 6.3:                                                       |
| Setting a process limit                                                 |
|                                                                         |
|# ulimit -u 30                                                           |
|# ulimit -a                                                              |
|…                                                                        |
|max user processes              (-u) 30                                  |
|…                                                                        |
|                                                                         |

If you try to run the forkbomb now it should run, but throw error messages
"fork: resource temporarily unavailable". This means that your system has
not allowed the forkbomb to start more processes. The other options of
ulimit can help with similar problems, but you should be careful that you
don't lock yourself out - setting data seg size too small will even
prevent bash from starting!

sysctl is a similar tool: It allows to configure kernel parameters at
runtime. If you wish to keep settings persistent across reboots you should
edit /etc/sysctl.conf - be aware that wrong settings may break things in
unforeseen ways.

| Code Listing 6.4:                                                       |
| Exploring sysctl variables                                              |
|                                                                         |
|# sysctl -a                                                              |
|…                                                                        |
|vm.swappiness = 60                                                       |
|…                                                                        |
|                                                                         |

The list of variables is quite long (367 lines on my system), but I picked
out vm.swappiness here. It controls how aggressive swapping will be, the
higher it is (with a maximum of 100) the more swap will be used. This can
affect performance a lot on systems with little memory, depending on load
and other factors.

| Code Listing 6.5:                                                       |
| Reducing swappiness                                                     |
|                                                                         |
|# sysctl vm.swappiness=0                                                 |
|vm.swappiness = 0                                                        |
|                                                                         |

The effects of changing this setting are usually not felt instantly. But
you can change many settings, especially network-related, this way. For
servers this can offer a nice performance boost, but as with ulimit
careless usage might cause your system to misbehave or slow down. If you
don't know what a variable controls, you should not modify it!

7. Moves, adds, and changes


The following developers recently left the Gentoo team:

 * Benjamin Judas (beejay) (Gentoo/X86 Release manager)


The following developers recently joined the Gentoo Linux team:

 * New developer: Christian Heim (phreak) (vserver)
 * New forums staff: Jonathan Coome (Maedhros)
 * New forums staff: Anders Hellgren (Kallamej)
 * New forums staff: Robert Muchacki (Muchar)


The following developers recently changed roles within the Gentoo Linux

 * Mike Doty (kingtaco) (stepped back from Arch Tester lead)
 * Homer Parker (hparker) (New Arch Tester lead)

8. Gentoo Security

Compress::Zlib: Buffer overflow

Compress::Zlib is vulnerable to a buffer overflow which could potentially
lead to execution of arbitrary code.

For more information, please see the GLSA Announcement[18]


ProFTPD: Format string vulnerabilities

Under specific circumstances, ProFTPD is vulnerable to format string
vulnerabilities, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement[19]


nbSMTP: Format string vulnerability

nbSMTP is vulnerable to a format string vulnerability which may result in
remote execution of arbitrary code.

For more information, please see the GLSA Announcement[20]


Netpbm: Arbitrary code execution in pstopnm

The pstopnm utility, part of the Netpbm tools, contains a vulnerability
which can potentially result in the execution of arbitrary code.

For more information, please see the GLSA Announcement[21]


Heartbeat: Insecure temporary file creation

Heartbeat is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.

For more information, please see the GLSA Announcement[22]


9. Bugzilla


 * Statistics
 * Closed bug ranking
 * New bug rankings


The Gentoo community uses Bugzilla ([23]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 30 July 2005 and 06 August 2005, activity on the
site has resulted in:


 * 725 new bugs during this period
 * 459 bugs closed or resolved during this period
 * 38 previously closed bugs were reopened this period

Of the 8042 currently open bugs: 107 are labeled 'blocker', 200 are
labeled 'critical', and 539 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

 * AMD64 Porting Team[24], with 34 closed bugs[25]
 * Xavier Neys[26], with 26 closed bugs[27]
 * Gentoo Linux Gnome Desktop Team[28], with 19 closed bugs[29]
 * Gentoo KDE team[30], with 17 closed bugs[31]
 * Gentoo's Team for Core System packages[32], with 17 closed bugs[33]
 * Gentoo Linux bug wranglers[34], with 14 closed bugs[35]
 * Gentoo Security[36], with 12 closed bugs[37]
 * media-gfx herd[38], with 12 closed bugs[39]
 24. amd64@g.o
 26. neysx@g.o
 28. gnome@g.o
 30. kde@g.o
 32. base-system@g.o
 34. bug-wranglers@g.o
 36. security@g.o
 38. graphics@g.o

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

 * Default Assignee for New Packages[40], with 35 new bugs[41]
 * Portage Utitilities Team[42], with 16 new bugs[43]
 * AMD64 Porting Team[44], with 16 new bugs[45]
 * Text-Markup Team[46], with 11 new bugs[47]
 * Default Assignee for Orphaned Packages[48], with 11 new bugs[49]
 * Java team[50], with 10 new bugs[51]
 * Mozilla Gentoo Team[52], with 9 new bugs[53]
 * Gentoo Toolchain Maintainers[54], with 8 new bugs[55]
 40. maintainer-wanted@g.o
 42. tools-portage@g.o
 44. amd64@g.o
 46. text-markup@g.o
 48. maintainer-needed@g.o
 50. java@g.o
 52. mozilla@g.o
 54. toolchain@g.o

10. GWN feedback

Please send us your feedback[56] and help make the GWN better.

 56. gwn-feedback@g.o

11. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@g.o from the email address you are
subscribed under.

12. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

 * Danish[57]
 * Dutch[58]
 * English[59]
 * German[60]
 * French[61]
 * Japanese[62]
 * Italian[63]
 * Polish[64]
 * Portuguese (Brazil)[65]
 * Portuguese (Portugal)[66]
 * Russian[67]
 * Spanish[68]
 * Turkish[69]

Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
Ioannis Aslanidis <deathwing00@g.o> - Author
Lars Weiler <pylon@g.o> - Author

gentoo-gwn@g.o mailing list