Language Selection

English French German Italian Portuguese Spanish

Ubuntu: Snapcraft, Bug, Newsletter Issue 535 and Minimal Ubuntu

Filed under
Ubuntu
  • New business models on their way for IoT hardware [Ed: by Jamie Bennett, VP of Engineering, IoT & Devices at Canonical]

    Snaps are containerised software packages easily managed through Snapcraft, a platform for building and publishing applications to an audience of millions of Linux users. Snapcraft enables authors to push software updates that install automatically and roll back in the event of failure. The likelihood of an errant update breaking a device or degrading the end user experience is, as a result, greatly reduced. If a security vulnerability is discovered in the libraries used by an application, the app publisher is notified so the app can be rebuilt quickly with the supplied fix and pushed out.

    As application packages bundle their runtime dependencies, they work without modification on all major Linux distributions as well as being tamper-proof and easily confined. A snap cannot modify or be modified by another app, and access to the system beyond its confinement must be explicitly granted. Precision definition, therefore, brings simpler documentation for installing and managing applications. Taking into account the automatic updates, which eliminate a long tail of releases, applications perform more intuitively for both the publisher and end-user.

    Snapcraft also gives managers the tools to organise releases into different release grades, or channels. One set of tools can be used to push app updates from automatic CI builds, to QA, beta testers, and finally all users. It visualises updates as they flow through these channels and helps developers track user base growth and retention. In short, they can simplify a developer’s route, and that of their company’s, to engaging with a vast number of Linux users. Streamlining a route to market not only maximises developer worth, it also opens up new revenue drivers in the process.

  • Ubuntu bug allows anyone with physical access to bypass your lock screen

    A bug filed on Ubuntu Launchpad in the middle of June has just been made public. The bug in question appears to allow anyone with physical access to the computer bypass the lock screen by just removing the hard drive. The bug was tested on Ubuntu 16.04.4 and it’s unclear whether it affects other versions of Ubuntu or other distributions but there’s an almost certain chance it affects other distributions based on Ubuntu 16.04, such as Linux Mint 18.

  • Ubuntu Weekly Newsletter Issue 535

    Welcome to the Ubuntu Weekly Newsletter, Issue 535 for the week of July 1 – 7, 2018. The full version of this issue is available here.

  • ​Minimal Ubuntu for containers and clouds

    By default, Linux comes with a lot of extras. Usually, that's a good thing. But, sometimes you want just the bare necessities of Linux life for your server, containers, and clouds. That's where Canonical's latest Ubuntu release, Minimal Ubuntu, comes in.

    When Canonical says "Minimal", they mean minimal. Weighing in at a mere 29MB for the Ubuntu 18.04 Docker image, Minimal Ubuntu could fit on a CD with hundreds of Megabytes to spare.

    This is far from the first time Canonical has offered a small-footprint Ubuntu. The minimal Ubuntu ISO image, about 40 MB, is meant for people who download packages from online archives at installation time.

  • Minimal Ubuntu, on public clouds and Docker Hub

    Today we are delighted to introduce the new Minimal Ubuntu, optimized for automated use at scale, with a tiny package set and minimal security cross-section. Speed, performance and stability are primary concerns for cloud developers and ops.

  • Minimal Ubuntu Can Boot Faster, But Still Not The Fastest Booting On Amazon EC2 Cloud

    Canonical today released new Ubuntu Minimal images for cloud computing. The new images are half the size of the traditional Ubuntu Server and are said to boot up to 40% faster, so I decided to run a quick Amazon EC2 Linux distribution boot time comparison today...

    Using a t2.micro instance type in the EC2 US-WEST2 region, I ran the systemd boot time benchmark on various Linux distributions... Ubuntu 16.04, Minimal Ubuntu 16.04, Ubuntu 18.04, Minimal Ubuntu 18.04, SUSE Linux Enterprise 12 SP3, Red Hat Enterprise Linux 7.5, Amazon Linux 2 AMI, and Clear Linux 23550.

More on Ubuntu today (as above)

  • Minimal Ubuntu For Clouds: 50% Smaller, Up To 40% Faster Boot

    Canonical today announced the new Minimal Ubuntu, which is a "tiny" package set focused for speed, performance, and stability of Ubuntu in cloud deployments.

  • Canonical 'unlikely' to fix bug that allows hackers to bypass Ubuntu's lock screen [Ed: If you want to bypass the lock screen and have physical access, then on most setups you just physically press "Reset"; not as critical as they make it seem.]

    OPEN SOURCE OS Ubuntu has a bug that allows anyone to bypass a machine's lock screen, providing they have physical access to the computer's hard drive.

    Real-world hackers can simply remove the hard drive of a machine they want access to providing it's running Ubuntu 16.04.4 and then skip straight past the lock screen.

    It's a simple-sounding hack and works by exploiting a bug in how the system stores data when Ubuntu it's suspended in low-power mode.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Linux firewalls: What you need to know about iptables and firewalld

A firewall is a set of rules. When a data packet moves into or out of a protected network space, its contents (in particular, information about its origin, target, and the protocol it plans to use) are tested against the firewall rules to see if it should be allowed through. Here’s a simple example... Read more

Mozilla: Firefox GCC/LLVM Clang Dilemma, September 2018 CA Communication and CfP

  • Fedora Firefox – GCC/CLANG dilemma
    After reading Mike’s blog post about official Mozilla Firefox switch to LLVM Clang, I was wondering if we should also use that setup for official Fedora Firefox binaries. The numbers look strong but as Honza Hubicka mentioned, Mozilla uses pretty ancient GCC6 to create binaries and it’s not very fair to compare it with up-to date LLVM Clang 6. Also if I’m reading the mozilla bug correctly the PGO/LTO is not yet enabled for Linux, only plain optimized builds are used for now…which means the transition at Mozilla is not so far than I expected.
  • September 2018 CA Communication
    Mozilla has sent a CA Communication to inform Certification Authorities (CAs) who have root certificates included in Mozilla’s program about current events relevant to their membership in our program and to remind them of upcoming deadlines. This CA Communication has been emailed to the Primary Point of Contact (POC) and an email alias for each CA in Mozilla’s program, and they have been asked to respond to the following 7 action items:
  • Emily Dunham: CFP tricks 1
    Some strategies I’ve recommended in the past for dealing with this include looking at the conference’s marketing materials to imagine who they would interest, and examining the abstracts of past years’ talks.

today's howtos

Security: Quantum Computing and Cryptography, Time to Rebuild Alpine Linux Docker Container

  • Quantum Computing and Cryptography
    Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length. This is why cryptographers are hard at work designing and analyzing "quantum-resistant" public-key algorithms. Currently, quantum computing is too nascent for cryptographers to be sure of what is secure and what isn't. But even assuming aliens have developed the technology to its full potential, quantum computing doesn't spell the end of the world for cryptography. Symmetric cryptography is easy to make quantum-resistant, and we're working on quantum-resistant public-key algorithms. If public-key cryptography ends up being a temporary anomaly based on our mathematical knowledge and computational ability, we'll still survive. And if some inconceivable alien technology can break all of cryptography, we still can have secrecy based on information theory -- albeit with significant loss of capability. At its core, cryptography relies on the mathematical quirk that some things are easier to do than to undo. Just as it's easier to smash a plate than to glue all the pieces back together, it's much easier to multiply two prime numbers together to obtain one large number than it is to factor that large number back into two prime numbers. Asymmetries of this kind -- one-way functions and trap-door one-way functions -- underlie all of cryptography.
  • This New CSS Attack Restarts iPhones & Freezes Macs
  • Time to Rebuild Alpine Linux Docker Containers After Package Manager Patch
  • GrrCon 2018 Augusta15 Automation and Open Source Turning the Tide on Attackers John Grigg