Language Selection

English French German Italian Portuguese Spanish

Ubuntu: Snapcraft, Bug, Newsletter Issue 535 and Minimal Ubuntu

Filed under
Ubuntu
  • New business models on their way for IoT hardware [Ed: by Jamie Bennett, VP of Engineering, IoT & Devices at Canonical]

    Snaps are containerised software packages easily managed through Snapcraft, a platform for building and publishing applications to an audience of millions of Linux users. Snapcraft enables authors to push software updates that install automatically and roll back in the event of failure. The likelihood of an errant update breaking a device or degrading the end user experience is, as a result, greatly reduced. If a security vulnerability is discovered in the libraries used by an application, the app publisher is notified so the app can be rebuilt quickly with the supplied fix and pushed out.

    As application packages bundle their runtime dependencies, they work without modification on all major Linux distributions as well as being tamper-proof and easily confined. A snap cannot modify or be modified by another app, and access to the system beyond its confinement must be explicitly granted. Precision definition, therefore, brings simpler documentation for installing and managing applications. Taking into account the automatic updates, which eliminate a long tail of releases, applications perform more intuitively for both the publisher and end-user.

    Snapcraft also gives managers the tools to organise releases into different release grades, or channels. One set of tools can be used to push app updates from automatic CI builds, to QA, beta testers, and finally all users. It visualises updates as they flow through these channels and helps developers track user base growth and retention. In short, they can simplify a developer’s route, and that of their company’s, to engaging with a vast number of Linux users. Streamlining a route to market not only maximises developer worth, it also opens up new revenue drivers in the process.

  • Ubuntu bug allows anyone with physical access to bypass your lock screen

    A bug filed on Ubuntu Launchpad in the middle of June has just been made public. The bug in question appears to allow anyone with physical access to the computer bypass the lock screen by just removing the hard drive. The bug was tested on Ubuntu 16.04.4 and it’s unclear whether it affects other versions of Ubuntu or other distributions but there’s an almost certain chance it affects other distributions based on Ubuntu 16.04, such as Linux Mint 18.

  • Ubuntu Weekly Newsletter Issue 535

    Welcome to the Ubuntu Weekly Newsletter, Issue 535 for the week of July 1 – 7, 2018. The full version of this issue is available here.

  • ​Minimal Ubuntu for containers and clouds

    By default, Linux comes with a lot of extras. Usually, that's a good thing. But, sometimes you want just the bare necessities of Linux life for your server, containers, and clouds. That's where Canonical's latest Ubuntu release, Minimal Ubuntu, comes in.

    When Canonical says "Minimal", they mean minimal. Weighing in at a mere 29MB for the Ubuntu 18.04 Docker image, Minimal Ubuntu could fit on a CD with hundreds of Megabytes to spare.

    This is far from the first time Canonical has offered a small-footprint Ubuntu. The minimal Ubuntu ISO image, about 40 MB, is meant for people who download packages from online archives at installation time.

  • Minimal Ubuntu, on public clouds and Docker Hub

    Today we are delighted to introduce the new Minimal Ubuntu, optimized for automated use at scale, with a tiny package set and minimal security cross-section. Speed, performance and stability are primary concerns for cloud developers and ops.

  • Minimal Ubuntu Can Boot Faster, But Still Not The Fastest Booting On Amazon EC2 Cloud

    Canonical today released new Ubuntu Minimal images for cloud computing. The new images are half the size of the traditional Ubuntu Server and are said to boot up to 40% faster, so I decided to run a quick Amazon EC2 Linux distribution boot time comparison today...

    Using a t2.micro instance type in the EC2 US-WEST2 region, I ran the systemd boot time benchmark on various Linux distributions... Ubuntu 16.04, Minimal Ubuntu 16.04, Ubuntu 18.04, Minimal Ubuntu 18.04, SUSE Linux Enterprise 12 SP3, Red Hat Enterprise Linux 7.5, Amazon Linux 2 AMI, and Clear Linux 23550.

More on Ubuntu today (as above)

  • Minimal Ubuntu For Clouds: 50% Smaller, Up To 40% Faster Boot

    Canonical today announced the new Minimal Ubuntu, which is a "tiny" package set focused for speed, performance, and stability of Ubuntu in cloud deployments.

  • Canonical 'unlikely' to fix bug that allows hackers to bypass Ubuntu's lock screen [Ed: If you want to bypass the lock screen and have physical access, then on most setups you just physically press "Reset"; not as critical as they make it seem.]

    OPEN SOURCE OS Ubuntu has a bug that allows anyone to bypass a machine's lock screen, providing they have physical access to the computer's hard drive.

    Real-world hackers can simply remove the hard drive of a machine they want access to providing it's running Ubuntu 16.04.4 and then skip straight past the lock screen.

    It's a simple-sounding hack and works by exploiting a bug in how the system stores data when Ubuntu it's suspended in low-power mode.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Qt/KDE: Qt for Python, Inkscape Dark Theme on KDE Plasma, Atelier at Maker Faire and QtCon 2018!

  • Python and Qt: 3,000 hours of developer insight
    With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences. [...] The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds. I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said. After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.
  • Inkscape Dark Theme on KDE Plasma
    On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.
  • Atelier at Maker Faire and QtCon 2018!
    On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

Security: Updates, Systematic Evaluation of Transient Execution Attacks and Defenses, New IoT Security Regulations and GPU Side-Channel Attacks

  • Security updates for Thursday
  • A Systematic Evaluation of Transient Execution Attacks and Defenses

    [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

  • New IoT Security Regulations
    Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet. But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.
  • University Researchers Publish Paper On GPU Side-Channel Attacks
    University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown. With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

VirtualBox 6.0 Beta 2

  • Announcement: VirtualBox 6.0 Beta 2 released
    Please do NOT use this VirtualBox Beta release on production machines! A VirtualBox Beta release should be considered a bleeding-edge release meant for early evaluation and testing purposes. You can download the binaries here: http://download.virtualbox.org/virtualbox/6.0.0_BETA2 Please do NOT open bug reports at our public bugtracker but use our VirtualBox Beta Feedback forum at https://forums.virtualbox.org/viewforum.php?f=15 to report any problems with the Beta. Please concentrate on reporting regressions since VirtualBox 5.2! Version 6.0 will be a new major release. Please see the forum at https://forums.virtualbox.org/viewtopic.php?f=15&t=90315 for an incomplete list of changes. Thanks for your help! Michael
  • VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder
    Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features. VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more