Language Selection

English French German Italian Portuguese Spanish

Ubuntu

The Ubuntu 20.04 LTS Codename Has Been Revealed…

Filed under
Ubuntu

Following Ubuntu 19.10 ‘Eoan Ermine’, the next version of Ubuntu will, as expected, be based around the letter “F”.

But it’s not going to be Feral Ferret, Famous Fox or Finicky Falcon. No, Ubuntu 20.04 LTS is codenamed the “Focal Fossa“.

And I think it’s a fabulously fitting title.

Most of us have barely had time to explore the exuberant excesses of the Eoan Ermine release and yet, development never stops.

As convention dictates, each Ubuntu codename combines an adjective and an animal (real or otherwise), alliteratively.

And for Ubuntu 20.04 LTS that combination is “focal”, and “fossa” — but what do these words mean?

Read more

Ubuntu 19.10: Complete Screenshot Tour

Filed under
Ubuntu

Wondering what the Ubuntu 19.10 release will look like? I’ve put together a screenshot tour to illustrate the changes and new features it brings.

Part spoiler, part pre-install prep; if sampling the Eoan Ermine through the medium of compressed .jpeg sounds like your thing, you’ve landed in the right place!

Remember: you can upgrade to Ubuntu 19.10 from 19.04 directly, but not if you’re on 18.04 LTS. If you’re on the LTS you’ll need to wait and upgrade to Ubuntu 20.04 LTS in April of next year.

Read more

Freespire 5.0 Linux OS Is Out with Linux Kernel 5.0, Based on Ubuntu 18.04.3 LTS

Filed under
Linux
Ubuntu

Based on the latest Ubuntu 18.04.3 LTS operating system, Freespire 5.0 is here to respond to users' accusations of a bloated system. Freespire doesn't aim to become a bloatware, so Freespire 5.0 only ships with the best-of-breed apps and packages and nothing else.

Among these, we can mention the KDE Plasma 5.12.9 LTS desktop environment, Chromium 77 web browser, Calligra office suite, Amarok music player, DragonPlayer video player, KolourPaint paint software, Kpatience and DreamChess games, Ice 6.0.4 browser installer, as well as Synaptic Package Manager, Boot Repair, and Kamerka.

Read more

Configuring Automatic Login and Lock Screen on Ubuntu 19.10

Filed under
Ubuntu
HowTos

Whether it’s Linux or Windows, Ubuntu, or Fedora, I am not an ‘automatic’ type of guy. That is to say, and I don’t want my login automated, nor do I want my updates automatically installed. This preference directly results from over thirty years in Information Technology, prudence, habit, and experience. Plus, it’s just plain smart security sense.

However, I further realize that as Linux users get younger and younger, I am increasingly in the minority in this sense. While I strongly disagree with automatic logins and updates, I can understand the desire for it.

So, with that understanding, let’s go about the business of instituting automated logins in Ubuntu. We will also take the time to address the Ubuntu Lock Screen setting. Configuring automatic Ubuntu software updates is much more in-depth. We will discuss this in a separate dedicated article at a later date.

Read more

Canonical/Ubuntu: Design and Web Team, Ubuntu ZFS Support, Weekly Newsletter

Filed under
Ubuntu
  • Design and Web team summary – 11 October 2019

    This was a fairly busy two weeks for the Web & design team at Canonical. This cycle we had two sprints. The first was a web performance workshop run by the amazing Harry Roberts. It was a whirlwind two days where we learned a lot about networking, browsers, font loading and more. We also spent a day working on implementing a lot of the changes. Hopefully our sites will feel a bit faster. More updates will be coming over the next few months. The second sprint was for the Brand and Web team, where we looked at where the Canonical and Ubuntu brands need to evolve. Here are some of the highlights of our completed work.

  • Ubuntu ZFS support in 19.10: ZFS on root

    This is part 2 of our blog post series on our current and future work around ZFS on root support in ubuntu. If you didn’t yet read the introductory post, I strongly recommend you to do this first!

    Here we are going to discuss what landed by default ubuntu 19.10.

  • Ubuntu Weekly Newsletter Issue 600

    Welcome to the Ubuntu Weekly Newsletter, Issue 600 for the week of October 6 – 12, 2019.

Ubuntu 19.10 (Eoan Ermine) Enters Final Freeze Ahead of October 17th Release

Filed under
Ubuntu

As of October 10th, the Ubuntu 19.10 release is officially in Final Freeze, the last step of its development stage, which means that only release critical bugs affecting the ISO images or the installers will be accepted in the archives. Release Candidate images are also now available for testing to ensure an uneventful and smooth release.

"We will shut down cronjobs and spin some RC images late Friday or early Saturday once the archive and proposed-migration have settled a bit, and we expect everyone with a vested interest in a flavour (or two) and a few spare hours here and there to get to testing to make sure we have another uneventful release next week," said Adam Conrad.

Read more

Debian and Ubuntu Patch Critical Sudo Security Vulnerability, Update Now

Filed under
Security
Debian
Ubuntu

Discovered by Joe Vennix, the security vulnerability (CVE-2019-14287) could be exploited by an attacker to execute arbitrary commands as the root user (system administrator) because sudo incorrectly handled certain user IDs when it was configured to allow users to run commands as an arbitrary user through the ALL keyword in a Runas specification.

"Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID- -1 or 4294967295," reads Debian's security advisory.

Read more

Debian and Ubuntu Leftovers

Filed under
Debian
Ubuntu
  • Ritesh Raj Sarraf: Bpfcc New Release

    bpfcc version 0.11.0 has been uploaded to Debian Unstable and should be accessible in the repositories by now. After the 0.8.0 release, this has been the next one uploaded to Debian.

  • Utkarsh Gupta: Joining Debian LTS!

    Back during the good days of DebConf19, I finally got a chance to meet Holger! As amazing and inspiring a person he is, it was an absolute pleasure meeting him and also, I got a chance to talk about Debian LTS in more detail.

    [...]

    I had almost no idea what to do next, so the next month I stayed silent, observing the workflow as people kept committing and announcing updates.
    And finally in September, I started triaging and fixing the CVEs for Jessie and Stretch (mostly the former).
    Thanks to Abhijith who explained the basics of what DLA is and how do we go about fixing bugs and then announcing them.
    With that, I could fix a couple of CVEs and thanks to Holger (again) for reviewing and sponsoring the uploads! Big Grin

  • Ubucon Europe 2019 in local media

    News from the new Ubuntu distribution, the exploration of the several platforms and many “how to”, rule the 4-days agenda where the open source and open technologies are in the air.

    The Olga Cadaval Cultural centre in Sintra, is the main stage of a busy agenda filled with several talks and more technical sessions, but at Ubucon Europe there’s also room for networking and cultural visits, a curious fusion between spaces full of history, like the Pena Palace or the Quinta da Regaleira, and one of the youngest “players” in the world of software.

    For 4 days, the international Ubuntu Community gathers in Sintra for an event open to everyone, where the open source principles and open technology are dominating. The Ubucon Europe Conference begun Thursday, October 10th, and extends until Sunday, October 13th, keeping an open doors policy to everyone who wants to

    Afterall, what is the importance of Ubucon? The number of participants, which should be around 150, doesn’t tell the whole story of what you can learn during these days, as the SAPO TEK had the opportunity to check this morning.

    Organised by the Ubuntu Portugal Community, with the National Association for Open Software, the Ubuntu Europe Federation and the Sintra Municipality, the conference brings to Portugal some of the biggest open source specialists and shows that Ubuntu is indeed alive, even if not yet known by most people, and still far from the “world domain” aspired by some.

Canonical/Ubuntu: MaaS and Travis CI

Filed under
Ubuntu

Ubuntu 19.10 Provides Good Out-Of-The-Box Support For The Dell XPS 7390 Icelake Laptop

Filed under
Reviews
Ubuntu

For those not following on Twitter, recently I picked up one of the new Dell XPS 7390 laptops for finally being able to deliver Linux benchmarks from Intel Ice Lake! Yes, it's real and running under Linux! For those eyeing the Dell XPS 7390 with this being the first prominent laptop with Ice Lake, here is a brief look at the initial experience with using Ubuntu 19.10.

The Dell XPS 7390 laptop that's being used for testing features the Intel Core i7 1065G7 processor, an Icelake quad-core processor with 1.3GHz base frequency and 3.9GHz peak turbo frequency. This Ice Lake processor features Gen11 Iris Plus Graphics, which we are eagerly testing with the latest Linux graphics drivers.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.