Language Selection

English French German Italian Portuguese Spanish

Gentoo Monthly Newsletter: 18 February 2008

Filed under
Gentoo

1. Introduction

This month in the GMN

Welcome to the second issue of the Gentoo Monthly Newsletter. To begin with, we would like to thank the entire community for the overwhelming response to the GMN's inaugural issue. We received a lot of encouraging feedback and hope that you will continue to write in. Remember, the GMN is what its readers want it to be - please see the section on how you can get involved - at the end of the newsletter for more information.

This month's issue implements some of the interesting suggestions we received from our readers. The security statistics have been removed, since it seemed to add a lot of clutter with little value-addition to the newsletter. You can still monitor GLSAs in a variety of ways though - by using glsa-check (part of gentoolkit), by subscribing to the feed on the GLSA page or the gentoo-announce mailing list.

Graphical bugzilla and package statistics is another feature we implemented, don't forget to see the cool graphs and charts! In tune with the feature on our front page announcements, you can now discuss particular issues of the Gentoo Monthly Newsletter in the forum. Discuss this newsletter!

We hope you enjoy reading this edition of the GMN.

2. Gentoo News

Gentoo Trustee Elections

The Gentoo Trustee elections are currently in progress. After nearly a month of nominations, we are left with 8 candidates for the posts. The polls will be open until February 28. Everybody who has ever voted in a trustee election or has been a Gentoo developer for the last 365 days (or more, from the date of close of election poll) is eligible to vote. You can get more information on the election and on each candidate's manifesto on the trustee election page.

Kernel security exploits: Upgrade ASAP
KDE 4.0.1 in the tree

Full Newsletter




More in Tux Machines

Red Hat and Fedora

Linux Kernel News

  • Linux Foundation smushes two smaller projects together to form Open Networking Automation Platform
    The Linux Foundation announced yesterday that it had combined open source ECOMP and the Open Orchestrator Project into ONAP, the Open Networking Automation Platform, with the aim of helping users automate network service delivery, design, and service through a unified standard. Jim Zemlin, executive director of the Linux Foundation, said that ONAP should be a boon to enterprise IT departments, thanks to improved speed and flexibility.
  • Linux Foundation merges Open Source ECOMP, OPEN-O, further harmonizes virtualization group efforts
    Open source ECOMP and the Open Orchestrator Project (OPEN-O) have merged to create the new Open Network Automation Platform (ONAP) Project, further harmonizing the ever-growing array of disparate virtualization groups. ONAP will allow end users to automate, design, orchestrate, and manage services and virtual functions.
  • I am a Cranky, White, Male Feminist
    Today, I was re-reading an linux.com article from 2014 by Leslie Hawthorne which had been reshared by the Linux Foundation Facebook account yesterday in honor of #GirlDay2017 (which I was regrettably unaware of until it was over). It wasn’t so much the specific content of the article that got me thinking, but instead the level of discourse that it “inspired” on the Facebook thread that pointed me there (I will not link to it as it is unpleasant and reflects poorly on The Linux Foundation, an organization which is in most circumstances largely benevolent).
  • encyclopedia snabb and the case of the foreign drivers
    Peoples of the blogosphere, welcome back to the solipsism! Happy 2017 and all that. Today's missive is about Snabb (formerly Snabb Switch), a high-speed networking project we've been working on at work for some years now. What's Snabb all about you say? Good question and I have a nice answer for you in video and third-party textual form! This year I managed to make it to linux.conf.au in lovely Tasmania. Tasmania is amazing, with wild wombats and pademelons and devils and wallabies and all kinds of things, and they let me talk about Snabb.

Security News

  • Security updates for Friday
  • [Older] Microsoft Delays February Patch Tuesday Updates Until Next Month
    It was created by Microsoft as a way to have a standard delivery date/schedule for updates that were being provided for the companies software. This allowed a lot of stability for users and IT Pros so they could be prepared for the monthly distribution oof the updates. Well this month Microsoft has hit a snag with their monthly Patch Tuesday.
  • Watershed SHA1 collision just broke the WebKit repository, others may follow
    The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.
  • Cloudflare Reverse Proxies are Dumping Uninitialized Memory
    Thanks to Josh Triplett for sending us this Google Project Zero report about a dump of unitialized memory caused by Cloudflare's reverse proxies. "A while later, we figured out how to reproduce the problem. It looked like that if an html page hosted behind cloudflare had a specific combination of unbalanced tags, the proxy would intersperse pages of uninitialized memory into the output (kinda like heartbleed, but cloudflare specific and worse for reasons I'll explain later). My working theory was that this was related to their "ScrapeShield" feature which parses and obfuscates html - but because reverse proxies are shared between customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security. "
  • Secure your system with SELinux
    SELinux is well known as the most sophisticated Linux Mandatory Access Control (MAC) System. If you install any Fedora or Redhat operating System it is enabled by default and running in enforcing mode. So far so good.

Android Leftovers