Language Selection

English French German Italian Portuguese Spanish

Ubuntu

Overview to Ubuntu 19.10 Eoan Ermine

Filed under
Ubuntu

We are excited to welcome the latest Ubuntu called Eoan Ermine that planned to be released this month at Thursday, 17 October 2019. This short overview shows several new things I found in this Ubuntu 19.04 development edition (as per 12 October 2019, frozen status, before official release). Thanks to the daily ISO, we know that Ubuntu Eoan has new features such as grouping apps on start menu, new icons for apps and disks, and latest version of GNOME 3.34 and LibreOffice 6.3. I once again divided the article into only 3 parts so you could enjoy this review easily. Okay, let's go!

Read more

8 Ways Ubuntu Has Changed and Improved Linux

Filed under
GNU
Linux
Ubuntu

Ubuntu is the world’s most prominent Linux distribution. Ubuntu and its developer, Canonical, has caught a lot of flack over the years, but the Linux world is much better off thanks to both.

So let’s stop and take a moment to appreciate some of what Canonical and Ubuntu have given the Linux community.

Read more

A detailed look at Ubuntu’s new experimental ZFS installer

Filed under
Reviews
Ubuntu

Although there isn't any support built into Eoan's apt package manager for automatically taking snapshots yet, we can demonstrate a snapshot—oops—rollback moment manually. In the above gallery, first we take a ZFS snapshot. Eoan has split our root filesystem into tons of little datasets (more on that later), so we use the -r option for zfs snapshot to recursively take snapshots throughout the entire tree.

Now that we've insured ourselves against mistakes, we do something we're going to regret. For the purposes of this demo, we're just removing Firefox—but we could really recover from anything up to and including an rm -rf --no-preserve-root / this way with a little extra legwork. After removing Firefox, we need to roll back our snapshots to restore the system to its original condition.

Since the root filesystem is scattered through a bunch of individual datasets, we need to roll them all back individually. Although this is a pain for the casual user without additional tooling, it does make it possible to do more granular restore operations if we're feeling picky—like rolling back the root filesystem without rolling back /home. Ubuntu will undoubtedly eventually have tooling to make this easier, but for the moment, we do a bit of sysadmin-fu and pipe zfs list to grep to awk to xargs, oh my.

The command line acrobatics might have been obnoxious, but the rollback itself was instantaneous, and Firefox has returned. It still doesn't work quite right, though, due to orphaned filehandles—we rolled back a live mounted root filesystem, which is kind of a cowboy thing to do. To make things entirely right, a reboot is necessary—but after the reboot, everything's the way it once was, and without the need to wait through any lengthy Windows Restore Point-style groveling over the filesystem.

Read more

Chromium in Ubuntu – deb to snap transition

Filed under
Ubuntu

Chromium is a very popular web browser, the fully open source counterpart to Google Chrome. On Ubuntu, Chromium is not the default browser, and the package resides in the ‘universe’ section of the archive. Universe contains community-maintained software packages. Despite that, the Ubuntu Desktop Team is committed to packaging and maintaining Chromium because a significant number of users rely on it.

Maintaining a single release of Chromium is a significant time investment for the Ubuntu Desktop Team working with the Ubuntu Security team to deliver updates to each stable release. As the teams support numerous stable releases of Ubuntu, the amount of work is compounded.

Comparing this workload to other Linux distributions which have a single supported rolling release misses the nuance of supporting multiple Long Term Support (LTS) and non-LTS releases.

Google releases a new major version of Chromium every six weeks, with typically several minor versions to address security vulnerabilities in between. Every new stable version has to be built for each supported Ubuntu release − 16.04, 18.04, 19.04 and the upcoming 19.10 − and for all supported architectures (amd64, i386, armhf, arm64).

Additionally, ensuring Chromium even builds (let alone runs) on older releases such as 16.04 can be challenging, as the upstream project often uses new compiler features that are not available on older releases.

In contrast, a snap needs to be built only once per architecture, and will run on all systems that support snapd. This covers all supported Ubuntu releases including 14.04 with Extended Security Maintenance (ESM), as well as other distributions like Debian, Fedora, Mint, and Manjaro.

Read more

Also: [Older] Packaging Domoticz for Debian, Ubuntu, Raspbian and Fedora

Ubuntu Core: Raspberry Pi 4 and Beyond

Filed under
Hardware
Ubuntu
  • Attaching a CPU fan to a RPi running Ubuntu Core

    When I purchased my Raspberry Pi4 I kind of expected it to operate under similar conditions as all the former Pi’s I owned …

    So I created an Ubuntu Core image for it (you can find info about this at Support for Raspberry Pi 4 on the snapcraft forum)

    Runnig lxd on this image off a USB3.1 SSD to build snap packages (it is faster than the Ubuntu Launchpad builders that are used for build.snapcraft.io, so a pretty good device for local development), I quickly noticed the device throttles a lot once it gets a little warmer, so I decided I need a fan.

  • A reference architecture for secure IoT device Management

    One of the key benefits of IoT is the ability to monitor and control connected devices remotely. This allows operators to interact with connected devices in a feedback loop, resulting in accelerated decisions. These interactions are mediated by a device management interface, which presents data in a user-friendly UI. The interface also serves as a client to remotely control devices in the field. Device management is, therefore, a key component of IoT solution stacks, with a significant impact on the ROI of such deployments.

    However, there is no one size fits all when it comes to device management solutions. IoT solutions are deployed in various contexts. The purpose, the devices, and the users involved vary from one deployment to another, even within the same industry. It is, therefore, challenging to find a ready-made device management solution perfectly suitable to any given deployment.

    Security is the critical requirement that these deployments invariably share, for it must be implemented in line with the best practices. Secure authentication and communication encryption are indispensable for the management of mission-critical device fleets.

Ubuntu Touch OTA-11 Now Available for Testing with Improved, Smarter Keyboard

Filed under
Ubuntu

Originally planned as a small update that was supposed to contain only some bug fixes and improvements, the Ubuntu Touch OTA-11 release appears to bring quite some enhancements for Ubuntu Phones, such as a much-improved and smarter keyboard that introduces a Dvorak keyboard layout option, improvements to the Japanese and Polish layouts, as well as a new way to edit text.

"Using this feature, you can move around your typed text, undo and redo actions, move around a text selection rectangle, and use the cut/copy/paste commands, all from the same overlay. To get started, press and hold the space bar," explained UBports. "We are still unsure about the discoverability of this feature, so stay tuned for changes that will make it even easier to find and use."

Read more

Ubuntu 19.10 Makes It So Easy To Have Your Desktop Running Off A ZFS File-System

Filed under
Linux
Ubuntu

As we reported this weekend, the Ubuntu desktop installer "Ubiquity" has landed the much anticipated ZFS install support. That's now propagated through to the Ubuntu 19.10 daily ISOs and does indeed make for a quick and easy setup of Ubuntu Eoan running off a root ZFS file-system.

This work landed just a week ahead of next week's official Ubuntu 19.10 debut. For Ubuntu 19.10 the Ubiquity installer allows an "experimental" option of doing a full-disk install of Ubuntu 19.10 with ZFS as the root file-system rather than the default EXT4. For the Ubuntu 20.04 LTS cycle they are expected to work on exposing more of the advanced partitioning features with ZFS. Also, Canonical developers are still working on their Zsys bits and other ZFS On Linux integration improvements.

Read more

The State of Robotics

Filed under
Ubuntu

The Ubuntu robotics team presents, The State of Robotics. A monthly blog series that will round up exciting news in robotics, discuss projects using ROS, and showcase developments made by the Ubuntu robotics team and community. Every day, people make contributions to the world of robotics. And every day, work goes unnoticed that could change the course of projects across the globe. This could be anything from a software patch to putting the final touches on a ROS enabled robot dog. But no longer. The hope here is that this will become a highlight reel and a community piece where folks will be able to find out what’s going on in the world of ROS and Ubuntu robotics.

This, our first instalment, will be heavy on the Ubuntu robotics’ teams work. But in the future, if you are working on a project using ROS and or Ubuntu and you want us to talk about it, let us know. Send a summary of your work to robotics.community@canonical.com, and it might feature in next month’s blog! Now, let’s discuss September.

Read more

Ubuntu Weekly Newsletter and Kubernetes Resources

Filed under
Ubuntu
  • Ubuntu Weekly Newsletter Issue 599

    Welcome to the Ubuntu Weekly Newsletter, Issue 599 for the week of September 29 – October 5, 2019.

  • Five Key Kubernetes Resources for IoT

    IoT workloads are moving from central clouds to the edge, for reasons pertaining to latency, privacy, autonomy, and economics. However, workloads spread over several nodes at the edge are tedious to manage. Although Kubernetes is mostly used in the context of cloud-native web applications, it could be leveraged for managing IoT workloads at the edge. A key prerequisite is lightweight and production-grade k8s distributions like MicroK8s, running on Ubuntu Core. In this blog, we describe the most compelling Kubernetes resources for IoT.

Quod Libet review - Sounds of music?

Filed under
Linux
Reviews
Ubuntu

My music requirements are simple. I have many great qualities, but a refined ear isn't among them. With an aural sensitivity of a comodo dragon, my needs come down to a simple player that is pleasing to the eye, comes with a semi-modern layout, and most importantly, will not annoy me with badly arranged albums, titles and tags. The last piece has been my chief music-related woe for years.

When it comes to music players, I'm kind of okay here. VLC does the job, and when you tweak it, it's quite delightful one must say. Then, when I'm feeling adventurous, there's Clementine, which features splendidly on the desktop, with a clean interface and tons of goodies. And yet, now and then, I go about testing music applications, because music collections won't sort themselves, now will they. To wit, Quod Libet.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.