Language Selection

English French German Italian Portuguese Spanish

Ubuntu

Linspire 8.5 Linux Operating System Released, Based on Ubuntu 18.04.3 LTS

Filed under
Linux
Ubuntu

Linspire 8.5 "Swordfish 2" is a major release compared to the previous versions, bringing numerous updated components and various new features for a full-fledged Linux desktop experience. Just like its little brother Freespire 5.0, Linspire 8.5 is based on Ubuntu 18.04.3 LTS (Bionic Beaver) and uses the Linux 5.0 kernel.

Similar to Freespire 5.0, the goal for Linspire 8.5 was to address the bloatware complaints from the community and make the distribution slimmer by including only the "best of breed" applications. Of course, this means that, if users want to replace the default apps or install more, they can use the software center utility.

Read more

Direct: Linspire 8.5 Released

And They Scream: “OMG! He Doesn’t Even Use Ubuntu?!”

Filed under
Ubuntu

A hair raising shrill startled the deadened air last night as thousands of long-time omg! ubuntu! readers woke, suddenly, with a fear soaking sweat on their brow and a pounding heart in their chest.

Shallow breath stifled the terrifying thought that was troubling their mind from escaping their mouth.

Each thump of the body’s hardest working muscle hammered down hard on the realisation that, despite many years passing, they still know nothing about the Linux setup used to develop and maintain the omg! ubuntu! website..

Read more

Pop!_OS 19.10 is a wonder that makes me wonder

Filed under
GNU
Linux
Ubuntu

I make no bones about being a big fan of System76. Not only do they walk the open source walk, but their in-house hardware (the Thelio) might well be the single best desktop computer I have ever owned, and their laptops are high on the list. That hardware is made even more impressive with Pop!_OS running on top.

For those that aren't in the know, Pop!_OS is System76's in-house take on Linux. Built on a foundation of Ubuntu, the operating system includes a few tweaks, geared specifically toward System76 hardware. Those tweaks make Pop!_OS truly sing on the Thelio (it runs fine on non-System76 hardware as well).

Recently, in accordance with Ubuntu 19.10, System76 released the latest iteration of Pop!_OS, and I'm here to tell you that this release is truly a wonder…. One that makes me wonder.

Let me explain.

First I want to discuss what makes this new release so good.

Read more

My transition to an Ubuntu workstation.

Filed under
Reviews
Ubuntu

I've been using Ubuntu as my workstation OS for several months now. Ubuntu Server with the i3 window manager to be specific. I love it, and I've had to change my workflow a lot to make it work for me. But now that I've made the switch to it from Mac and Windows, I'm very happy with it.

I'll be honest, there's not a ton of hard evidence that working on a Linux distro is objectively better than working on Windows or Mac. I have almost equal amounts of time spent working on each of these platforms, and I think each one excels at something different. With that in mind, I think Ubuntu just feels right for the priorities I have now.

So what have I gained, what have I lost, and what did I learn along the way?

My physical computer now feels entirely replaceable.

There's pretty much nothing on this laptop I'm typing on right now that I wouldn't be able to recover if it suddenly stopped working. This document hasn't been pushed to git yet, and the contents of my ~/Downloads/ folder would be gone. That's it. Everything else lives somewhere online where I can easily get it back from.

Read more

Ubuntu: LXD Security, ROS EOL and More

Filed under
Ubuntu
  • Testing CVE-2019-11043 (php-fpm security vulnerability) with LXD system containers

    CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution. There is an exploit at PHuiP-FPizdaM that targets certain nginx and php-fpm configurations. On their page, the describe how to use Docker to test this exploit. In this post, we use LXD to test the exploit and verify whether it actually works.

    Note that php-fpm is vulnerable when nginx is configured to handle php-fpm by a specific way. Apparently, the configuration instructions for Nextcloud suggest to use this bad way. In this post, we try to achieve this bad configuration without installing Nextcloud but rather using what is minimally required for the demonstration.

    In the following we create two system containers, vulnerable and hacker. In the first container, we setup nginx and php-fpm (latest version, buffer overflow still present) and configure as required at the exploit page. In the other container, we run the exploit code, targeting the first container.

  • The Fridge: Ubuntu Weekly Newsletter Issue 602

    Welcome to the Ubuntu Weekly Newsletter, Issue 602 for the week of October 20 – 26, 2019.

  • The masters speak: Forward-thinking Ubuntu users gather to share their experiences

    Comprised primarily of engineers and developers, the group convened at the NVIDIA campus in Santa Clara, CA, on October 8th to listen to speakers from Netflix, Adobe, Roblox, NVIDIA, and Canonical. The event was a unique opportunity for attendees to ask questions, share their own experiences, and network, while hearing about specific use cases from the keynote speakers.

    The gathering took place as Ubuntu approaches a milestone - the 15th anniversary of the first Ubuntu release this month. Stephan Fabel, Director of Product at Canonical, said Ubuntu has become one of the most powerful and flexible platforms available today for a wide range of modern applications in the data center and cloud, including artificial intelligence (AI) and machine learning (ML), robotics, the Internet of Things, edge computing and more.

  • PSA for ROS users: Some things to know as Python 2 approaches EOL

    We recently got an interesting question from a customer, and I think the answer might be helpful to a wider audience. Python 2 will reach end of life in two months. This shouldn’t be news to anyone who hasn’t been living under a rock, and plans are in place to use Python 3 in Noetic (whereas ROS 2 has always used Python 3). However, the question from our customer was this: What does that mean for existing ROS 1 distributions (Kinetic and Melodic)? They are still using (and will continue to use) Python 2.

    The answer really depends on where you’re getting Python 2. Tl;dr: If you’re using Ubuntu Xenial (16.04) or Bionic (18.04), please know that Python 2 from the Ubuntu repositories will continue to be supported for the lifetime of the Ubuntu release, regardless of Python 2’s upstream support status.

Ubuntu 20.04 LTS (Focal Fossa) Is Now Officially Open for Development

Filed under
Ubuntu

Ubuntu 20.04 LTS will be the next long-term supported version of the world's most popular GNU/Linux distribution, slated for release on April 23rd, 2020. It's dubbed "Focal Fossa" to keep it in tone with the FOSS (Free and Open Source Software) movement, and will most probably ship with well-tested components.

While the daily ISO builds have appeared on Canonical's download servers since last week, the development cycle started on October 24th with the toolchain upload, which consists of some upgraded components, such as Python 3.8 (the goal is to offer Python 3.8 as the only Python3 version), Perl 5.30, and support for IBM z13 systems on s390x builds.

Read more

Also: Ubuntu 20.04 LTS "Focal Fossa" Formally Opens For Development

And We’re Off: Ubuntu 20.04 Development Officially Begins

Ubuntu Yaru Theme in 11 Colors

Filed under
Ubuntu

The default Ubuntu Yaru theme, is the default desktop theme for Ubuntu 19.10 and most probably in upcoming releases. Yaru theme is a GNOME shell theme based on Adwaita theme supports both GTK2 and GTK3. It consists of a light and dark version at the moment.

Yaru’s default icon theme derived from Suru icon themes. However, now you can enjoy multi color Yaru theme from this package – called Yaru-Colors.

Read more

Ubuntu 19.10 Makes it Easier to Share Media to Your TV, Games Consoles, Etc

Filed under
Ubuntu

Ubuntu 19.10’s new ‘Media Sharing’ toggle in Settings > Sharing means there’s no need to download and install a separate DLNA server client to share media photos, videos and music over your local network.

Once enabled you can, for example, forage through the photos you downloaded on your laptop from the biggest screen in your house, namely your TV.

Similarly, you can stream music and video files kept on your main machine via a games console or web-enabled set-top box like the Roku.

And it all works using the ubiquitous DLNA/UPnP protocols and your local network — no third-party cloud server or media centre set-up required.

Read more

How Ubuntu Advantage for Infrastructure delivers top-notch Linux security

Filed under
Ubuntu

Every two years in April, a Long Term Support (LTS) release is published. Ubuntu LTS releases are commonly used in enterprise environments, with more than 60% of large-scale production clouds running Ubuntu LTS images.

Ubuntu 18.04 LTS (Bionic Beaver) is the latest Ubuntu LTS release, with Ubuntu 20.04 LTS coming in April 2020. Each new LTS release is supported for ten years total; five years of standard support, and five additional years of support under Ubuntu Advantage for Infrastructure (UA-I). UA-I provides users and organisations access to key security fixes and patches, including Canonical’s Extended Security Maintenance (ESM) and Kernel Livepatch services.

Twice every year, in April and October, interim releases are published. They are commonly used by those interested in the latest features and capable of upgrading more frequently.

Our latest interim release, which arrived last week, is Ubuntu 19.10 (Eoan Ermine). Its enhanced capabilities include the latest OpenStack Train release for live-migration assistance, improved security for Kubernetes deployments at the edge and significant updates to desktop performance. Standard support for an interim release is provided for nine months with no additional support extension offered.

Read more

How Ubuntu Helped Make GNOME Shell Faster (And Why The Work Continues)

Filed under
GNOME
Ubuntu

We’re talking a high-level over-view on effort undertaken to ‘boost’ the real time functioning of GNOME Shell, benefitting not just Ubuntu 19.10 users, but other Linux distros too.

For those unaware, a fair chunk of Ubuntu’s engineering effort of late has focused on ameliorating performance issues across key areas, from video accelerated playback to compositing fixes (i.e. nixing the terror of screen tearing) to improving GNOME Shell performance.

And it’s this latter endeavour, issues affecting GNOME Shell and related components, that Daniel’s discourse digest get in too.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.