Language Selection

English French German Italian Portuguese Spanish

Ubuntu

Canonical Outs New Ubuntu Kernel Update with Compiler-Based Retpoline Mitigation

Filed under
Ubuntu

New Linux kernel security updates have been released for Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 ESM (Extended Security Maintenance), adding the compiler-based retpoline kernel mitigation for the Spectre Variant 2 vulnerability on amd64 and i386 architectures.

Canonical fixed the Spectre Variant 2 security vulnerability last month on January 22, but only for 64-bit Ubuntu installations. This update apparently mitigates the issue for 32-bit installations too. Spectre is a nasty hardware bug in microprocessors that use branch prediction and speculative execution and it could allow unauthorized memory reads via side-channel attacks.

Read more

Debian and Ubuntu Leftovers

Filed under
Debian
Ubuntu
  • Listing and loading of Debian repositories: now live on Software Heritage

    Software Heritage is the project for which I’ve been working during the past two and a half years now. The grand vision of the project is to build the universal software archive, which will collect, preserve and share the Software Commons.

    Today, we’ve announced that Software Heritage is archiving the contents of Debian daily. I’m reposting this article on my blog as it will probably be of interest to readers of Planet Debian.

    TL;DR: Software Heritage now archives all source packages of Debian as well as its security archive daily. Everything is ready for archival of other Debian derivatives as well. Keep on reading to get details of the work that made this possible.

  • Canonical announces Ubuntu Core across Rigado’s IoT gateways
  • Collecting user data while protecting user privacy

    Lots of companies want to collect data about their users. This is a good thing, generally; being data-driven is important, and it’s jolly hard to know where best to focus your efforts if you don’t know what your people are like. However, this sort of data collection also gives people a sense of disquiet; what are you going to do with that data about me? How do I get you to stop using it? What conclusions are you drawing from it? I’ve spoken about this sense of disquiet in the past, and you can watch (or read) that talk for a lot more detail about how and why people don’t like it.

    So, what can we do about it? As I said, being data-driven is a good thing, and you can’t be data-driven if you haven’t got any data to be driven by. How do we enable people to collect data about you without compromising your privacy?

    Well, there are some ways. Before I dive into them, though, a couple of brief asides: there are some people who believe that you shouldn’t be allowed to collect any data on your users whatsoever; that the mere act of wanting to do so is in itself a compromise of privacy. This is not addressed to those people. What I want is a way that both sides can get what they want: companies and projects can be data-driven, and users don’t get their privacy compromised. If what you want is that companies are banned from collecting anything… this is not for you. Most people are basically OK with the idea of data collection, they just don’t want to be victimised by it, now or in the future, and it’s that property that we want to protect.

    Similarly, if you’re a company who wants to know everything about each individual one of your users so you can sell that data for money, or exploit it on a user-by-user basis, this isn’t for you either. Stop doing that.

Ubuntu vs Linux Mint: Which distro is best for your business?

Filed under
Linux
Ubuntu

Linux is attracting a growing number of users to its enormous selection of distribution systems. These 'distros' are operating systems with the Linux kernel at their foundation and a variety of software built on top to create a desktop environment tailored to the needs of users.

Ubuntu and Linux Mint are among the most popular flavours of these.

Ubuntu's name derives from a Southern Africa philosophy that can loosely be defined as "humanity to others", a spirit its founders wanted to harness in a complete operating system that is both free and highly customisable.

Linux Mint is based on Ubuntu and built as a user-friendly alternative with full out-of-the-box multimedia support. By some measures, Linux Mint has surpassed the popularity of its progenitor, but Ubuntu retains a loyal following of its own.

Read more

Ubuntu Core Embedded Linux Operating System Now Runs on Rigado’s IoT Gateways

Filed under
Ubuntu

Canonical has apparently partnered with Rigado, a private company that provides Bluetooth LE (Low Energy) modules and custom IoT gateways for them, as well as for Wi-Fi, LoRa, and Thread wireless technologies, to deploy its slimmed-down Ubuntu Core operating system across Rigado’s Edge Connectivity gateway solutions.

"Rigado’s enterprise-grade, easily configurable IoT gateways will offer Ubuntu Core’s secure and open architecture for companies globally to deploy and manage their commercial IoT applications, such as asset tracking and connected guest experiences," says Canonical.

Read more

Canonical's Unity 8 Desktop Revived by UBports with Support for Ubuntu 18.04 LTS

Filed under
Ubuntu

As you are aware, last year Canonical decided to stop the development of its futuristic Unity 8 desktop for Ubuntu and the Ubuntu Touch mobile OS. Days after their sad announcement a few community members appeared interested in taking over the development of Unity 8, the most promising one being Yunit.

However, the Yunit project didn't manage to improve Unity 8 for desktops in the last few months as much as the community would have wanted, and, after a long battle, they decided to pass the baton to UBports team, which is announcing the initial build for devs and an official website for Unity 8.

Read more

Canonical Donates Ubuntu Phones to UBports to Continue Ubuntu Touch Development

Filed under
Ubuntu

UBports devs announced today on Twitter that Canonical sent them a few old Ubuntu Phone devices to continue the development of the Ubuntu Touch mobile operating system.

Now that Canonical has ceased the development of its revolutionary Unity 8 user interface for the Ubuntu Touch mobile operating system used on smartphones from Meizu and BQ, the company decided to donate several devices to the UBports community.

UBports is recreating Ubuntu Touch, maintaining, updating, and modifying its code to offer the world a free and open source mobile operating system for those who want to use something else than Android, iOS, and what else is still out there.

Read more

Also: Ubuntu Server 18.04 LTS Will Default To The New Installer

The New Ubuntu 18.04 LTS Server Installer

Ubuntu and Debian/Freexian News

Filed under
Debian
Ubuntu
  • A Simple App Menu Editor for Ubuntu

    If you’re looking for an easy way to edit application launchers and menu entries on Ubuntu you’ll want to check out AppEditor.

    AppEditor is an easy to use

    Alacarte has been the go-to menu editor for almost as long as I’ve been using Ubuntu. It’s still perfectly functional, but it hasn’t really changed since then.

    ‘AppEditor’ would probably be better named Menu Entry Editor or Launcher Editor, or something other than App Editor as, rather than edit apps, it lets you edit app menu entries for apps, rather than the apps itself.

  • Canonical got Juju eyeballs for storage

    Canonical’s is mixing new potions in its Juju charm store.

    Juju is Canonical’s open source modelling tool for cloud software — it handles operations designed to deploy, configure, manage, maintain and scale applications via the command line interface, or through its optional GUI.

  • Freexian’s report about Debian Long Term Support, January 2017

Ubuntu: Unity, Mir, and Snapd

Filed under
Ubuntu
  • Ubuntu Touch Q&A 23

    The developers have been hard at work on Xenial!

    ARM64 now working on Ubuntu Touch, and applications launch! As many modern CPUs don't include 32-bit compatibility mode, ARM64 native mode on UT can start to make use of more modern CPUs.

  • UBports Continues Working On Unity 8, Developer ISO Coming

    While Canonical is no longer involved in Unity 8 development, the community-driven UBports team continues working on their "Unity 8" and "Ubuntu Touch" efforts with a hope to deliver a developer ISO soon.

    Sadly the Yunit project that also forked Unity 8's code-base doesn't seem to be active at least not regularly anymore, but the UBports team is working on delivering. In their latest Q&A session they share that Unity 8 on the desktop is coming together. One of the developers commented, "While it's both good and pretty, it's not 'pretty good'."

  • This Week In Mir (16th Feb, 2018)
  • Snapd 2.31 Better Supports Wayland Via Mir, Canonical Hires Another Mir Developer

    Besides Mir 0.30 being released this week, other Mir progress was also made by these Canonical developers working on forging Mir into a viable Wayland compositor.

    Gerry Boland of Canonical's Mir team has shared that Snapd 2.31 now supports any Snap implementing the Wayland interface. This allows for Mir to be shipped as a Snap and support Wayland clients using Canonical's app sandboxing approach alternative to Flatpaks.

Ubuntu: Data Collection, a Decade at Canonical, Xubuntu 18.04 Community Wallpaper Contest

Filed under
Ubuntu
  • Canonical wants Ubuntu to collect your personal data

    This has gone down like a bucket of cold sick with Linux users. After all, this is the sort of thing that Microsoft does and is precisely the sort of thing that they hate about Windows 10.

  • 10 Amazing Years of Ubuntu and Canonical

    10 years ago today, I joined Canonical, on the very earliest version of the Ubuntu Server Team!

    And in the decade since, I've had the tremendous privilege to work with so many amazing people, and the opportunity to contribute so much open source software to the Ubuntu ecosystem.

  • Xubuntu 18.04 community wallpaper contest

    We’re on our way to the 18.04 LTS release and it’s time for another community wallpaper contest!

Canonical/Ubuntu: Minimalism, Unity, and Snapcraft

Filed under
Ubuntu
  • Ubuntu Adds New “Minimal Installation” Option For Fewer Preinstalled Packages

    The development of the next Ubuntu LTS release, i.e., Ubuntu 18.04 Bionic Beaver, is going on in full swing. The desktop development team has decided to add a new option in the installation process that allows you to perform a lean installation of Ubuntu.

  • Unity 7.4.5 Released for Ubuntu 16.04 LTS

    The Unity 7.4.5 update isn’t big on new features but it is big on bug fixes and general all-round improvements.

  • Snapcraft through the eyes of it’s biggest community contributor

    If you’ve spent any time in the Snapcraft forum, it’s quite likely you’ve come across Dan Llewellyn – a keen community advocate or self-proclaimed Snapcrafter. Dan has always had a passion for computing and is completely self-taught. Outside of the community, Dan is a freelance WordPress developer. After getting into the open source world around 1998, he has switched between various Linux distros including Suse, RedHat, Gentoo before settling on Ubuntu from the 5.04 release onwards. A longtime participant in the UK Ubuntu chatroom – where he met Canonical’s Alan Pope – Dan admits he was never that active before Snapcraft came along.

    It was spending time in the UK chatroom around 2016 that he discovered snaps which piqued his interest. “I saw the movement of changing Clicks to snaps and thought it was an interesting idea. It’s more widely focused than a mobile app delivery system and I’ve always liked things that also worked on the server, IoT and elsewhere” Dan comments. With a previous desire to get into mobile app development and seeing the move away from Ubuntu Touch, Dan was eager to see Snapcraft succeed and felt like it was something he could contribute to.

Syndicate content

More in Tux Machines

NuTyX 10.1-rc1 Available

I'm very please to propose you the first release candidate version of the next version 10.1 stable version of NuTyX As they have been so many security issues, I took the chance to recompile all the collections (1701 packages) for this coming next stable NuTyX version. Read more

Android Leftovers

Events: FOSDEM Samba Talks, USENIX Enigma, LCA (linux.conf.au) and FAST18

  • Authentication and authorization in Samba 4
    Volker Lendecke is one of the first contributors to Samba, having submitted his first patches in 1994. In addition to developing other important file-sharing tools, he's heavily involved in development of the winbind service, which is implemented in winbindd. Although the core Active Directory (AD) domain controller (DC) code was written by his colleague Stefan Metzmacher, winbind is a crucial component of Samba's AD functionality. In his information-packed talk at FOSDEM 2018, Lendecke said he aimed to give a high-level overview of what AD and Samba authentication is, and in particular the communication pathways and trust relationships between the parts of Samba that authenticate a Samba user in an AD environment.
  • Two FOSDEM talks on Samba 4
    Much as some of us would love never to have to deal with Windows, it exists. It wants to authenticate its users and share resources like files and printers over the network. Although many enterprises use Microsoft tools to do this, there is a free alternative, in the form of Samba. While Samba 3 has been happily providing authentication along with file and print sharing to Windows clients for many years, the Microsoft world has been slowly moving toward Active Directory (AD). Meanwhile, Samba 4, which adds a free reimplementation of AD on Linux, has been increasingly ready for deployment. Three short talks at FOSDEM 2018 provided three different views of Samba 4, also known as Samba-AD, and left behind a pretty clear picture that Samba 4 is truly ready for use. I will cover the first two talks in this article, and the third in a later one.
  • A report from the Enigma conference
    The 2018 USENIX Enigma conference was held for the third time in January. Among many interesting talks, three presentations dealing with human security behaviors stood out. This article covers the key messages of these talks, namely the finding that humans are social in their security behaviors: their decision to adopt a good security practice is hardly ever an isolated decision. Security conferences tend to be dominated by security researchers demonstrating their latest exploits. The talks are attack-oriented, they keep a narrow focus, and usually they close with a dark outlook. The security industry has been doing security conferences like this for twenty years and seems to prefer this format. Yet, if you are tired of this style, the annual USENIX Enigma conference is a welcome change of pace. Most of the talks are defense-oriented, they have a horizon going far beyond technology alone, and they are generally focused on successful solutions.
  • DIY biology
    A scientist with a rather unusual name, Meow-Ludo Meow-Meow, gave a talk at linux.conf.au 2018 about the current trends in "do it yourself" (DIY) biology or "biohacking". He is perhaps most famous for being prosecuted for implanting an Opal card RFID chip into his hand; the Opal card is used for public transportation fares in Sydney. He gave more details about his implant as well as describing some other biohacking projects in an engaging presentation. Meow-Meow is a politician with the Australian Science Party, he said by way of introduction; he has run in the last two elections. He founded BioFoundry, which is "Australia's first open-access molecular biology lab"; there are now two such labs in the country. He is also speaks frequently as "an emerging technology evangelist" for biology as well as other topics.
  • Notes from FAST18

    I attended the technical sessions of Usenix's File And Storage Technology conference this week. Below the fold, notes on the papers that caught my attention.

Security: Vista10 and uTorrent Holes Found by Google

  • Google drops new Edge zero-day as Microsoft misses 90-day deadline

    Google originally shared details of the flaw with Microsoft on 17 November 2017, but Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days to do this” period.

  • Google Goes Public with Another Major Windows 10 Bug
    After revealing an Edge browser vulnerability that Microsoft failed to fix, Google is now back with another disclosure, this time aimed at Windows 10 Fall Creators Update (version 1709), but potentially affecting other Windows versions as well. James Forshaw, a security researcher that’s part of Google’s Project Zero program, says the elevation of privilege vulnerability can be exploited because of the way the operating system handles calls to Advanced Local Procedure Call (ALPC). This means a standard user could obtain administrator privileges on a Windows 10 computer, which in the case of an attack, could eventually lead to full control over the impacted system. But as Neowin noted, this is the second bug discovered in the same function, and both of them, labeled as 1427 and 1428, were reported to Microsoft on November 10, 2017. Microsoft said it fixed them with the release of the February 2018 Patch Tuesday updates, yet as it turns out, only issue 1427 was addressed.
  • uTorrent bugs let websites control your computer and steal your downloads

    The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.

  • BitTorrent Client uTorrent Suffers Security Vulnerability (Updated)

    BitTorrent client uTorrent is suffering from an as yet undisclosed vulnerability. The security flaw was discovered by Google security researcher Tavis Ormandy, who previously said he would reveal a series of "remote code execution flaws" in torrent clients. BitTorrent Inc. has rolled out a 'patch' in the latest Beta release and hopes to fix the stable uTorrent client later this week.