Language Selection

English French German Italian Portuguese Spanish

Ubuntu

Bill Wear, Developer Advocate for MAAS: foo.c

Filed under
OS
Development
Ubuntu

I remember my first foo. It was September, 1974, on a PDP-11/40, in the second-floor lab at the local community college. It was an amazing experience for a fourteen-year-old, admitted at 12 to audit night classes because his dad was a part-time instructor and full-time polymath.

I should warn you, I’m not the genius in the room. I maintained a B average in math and electrical engineering, but A+ averages in English, languages, programming, and organic chemistry (yeah, about that….). The genius was my Dad, the math wizard, the US Navy CIC Officer. More on him in a later blog — he’s relevant to what MAAS does in a big way.

Okay, so I’m more of a language (and logic) guy. But isn’t code where math meets language and logic?

Research Unix

Fifth edition UNIX had just been licensed to educational institutions at no cost, and since this college was situated squarely in the middle of the military-industrial complex, scoring a Hulking Giant was easy. Finding good code to run it? That was another issue, until Bell Labs offered up a freebie.

It was amazing! Getting the computer to do things on its own — via ASM and FORTRAN — was not new to me. What was new was the simplicity of the whole thing. Mathematically, UNIX and C were incredibly complex, incorporating all kinds of network theory and topology and numerical methods that (frankly) haven’t always been my favorite cup of tea. I’m not even sure if Computer Science was a thing yet.

But the amazing part? Here was an OS which took all that complexity and translated it to simple logic: everything is a file; small is beautiful; do one thing well. Didn’t matter that it was cranky and buggy and sometimes dumped your perfectly-okay program in the bit bucket. It was a thrill to be able to do something without having to obsess over the math underneath.

Read more

Also: How to upgrade to Ubuntu 20.04 Daily Builds from Ubuntu 19.10

Canonical Donates More Ubuntu Phones to UBports and You Can Get One Right Now

Filed under
Ubuntu

Once again, Canonical decided to donate even more Ubuntu Touch devices to UBports, but this time there's even better news for those interested in contributing to the development of Ubuntu Touch, the mobile OS created by Canonical for Ubuntu Phones, which is now entirely maintained by the UBports Foundation.

This time, UBports decided to donate the Ubuntu Touch devices, which consists of two dozen BQ Aquaris E4 phones, two BQ Aquaris M10 tablets, one Meizu MX4 phone, and several other we can't identify, to any developer interested in joining the Ubuntu Phone movement and contribute to the development of Ubuntu Touch.

Read more

Canonical Outs Major Linux Kernel Security Updates for All Supported Ubuntu OSes

Filed under
Security
Ubuntu

As announced the other day, Canonical was quick to respond to the latest security vulnerabilities affecting Intel CPU microarchitectures, so they now published Linux kernel updates to mitigate them. These are CVE-2019-11135, CVE-2018-12207, CVE-2019-0154, and CVE-2019-0155, which could allow local attackers to either expose sensitive information or possibly elevate privileges or cause a denial of service.

On top of these security issues affecting Intel CPUs, the new Linux kernel security updates also address three vulnerabilities (CVE-2019-15791, CVE-2019-15792, and CVE-2019-15793) discovered by Google Project Zero's Jann Horn in the shiftfs implementation, which could allow a local attacker to either execute arbitrary code, cause a denial of service (system crash), or bypass DAC permissions.

Read more

Volla Phone Promises to Support Ubuntu Touch, Gets Kickstarter Campaign

Filed under
Ubuntu

Founded by Dr. Jörg Wurzer, an experienced entrepreneur with more than 20 years of experience in research and development in user experience, machine learning, natural language processing, artificial intelligence, and product management, Volla Phone promises to be a privacy-focused mobile phone powered by a free and open source operating system.

At its heart, the Volla Phone device will use Nemo Mobile, an OS based on the Android Open Source Project (AOSP) promising increased security and privacy features, as well as simplicity for the everyday user. For developers, Volla Phone also promises to support an alternative, free, and open-source operation system like Ubuntu Touch.

Read more

Also: Ubuntu 18.04.4 LTS- Expected Release Date & More

Open-spec, dual-port router offers a choice of Allwinner H3 or H5

Filed under
Linux
Ubuntu

FriendlyElec’s Linux-driven, $20 “NanoPi R1S-H3” router uses a modified version of the Allwinner H3-based NanoPi R1, upgrading the second LAN port to GbE while removing a USB port. There’s also a similar, $23 “NanoPi R1S-H5” with a quad -A53 H5.

Back in February, FriendlyElec launched the community-backed NanoPi R1 router SBC, which still sells for $29. Now it has followed up with two more affordable NanoPi R1S routers based on upgraded versions of the NanoPi R1 that that give you dual GbE ports instead of 10/100Mbps and 10/1000/1000Mbps. The mainboards are smaller than the R1 at 55.6 x 52mm, and the board and the case have been entirely redesigned.

Read more

Canonical at TechWeek Frankfurt and Open Infrastructure Summit Shanghai

Filed under
Ubuntu
  • Canonical at TechWeek Frankfurt

    The TechWeek Frankfurt trade show will explore solutions to technology challenges organisations face across cloud computing and security, DevOps practices, Big Data management and more.

  • Open Infrastructure Summit Shanghai 2019: the highlights

    OpenStack remains a big thing and its adoption is constantly growing. According to the 451 Research Market Monitor (Open Source Software, OpenStack) from September 2019, its combined market size worldwide is $7.7B. This is much more than the combined market size of application containers which is $4.38B.

    During that last development cycle for OpenStack Train, 1,125 developers from 165 organisations contributed their patches and 25,500 of them were accepted. This makes OpenStack one of the three most active open source projects in the world.

    Moreover, by coming to China the OpenStack Foundation clearly declares its openness for the Asia markets and cooperation with local organisations on driving the future of the OpenStack project.

Firewalla Gold Intel-based Ubuntu Router Enables Multi-Gigabit Cyber Security (Crowdfunding)

Filed under
Ubuntu

We covered Firewalla based on NanoPi NEO board in mid-2018. The device is a tiny firewall, parental control, ad-blocker, and VPN appliance for end-users.

Since then they’ve launched Firewalla Blue based on NanoPi NEO2 SBC with Gigabit Ethernet and a faster processor, and now the company has just introduced the even more powerful Intel-based Firewalla Gold.

The device runs Ubuntu Linux so the users will have full access to the operating system with SSH, and will be allowed to install their own packages. Just like the original Firewalla (now Firewalla Red) and Firewalla Blue, Firewalla Gold comes with a web interface to let users easily control what happens on their networks with features such as cyber threats protections, VPN, DDNS, SSH, Adblocker configuration. Additionally, the Firewalla app for Android or iOS enables users to set-up parental control, VPN, monitor bandwidth usage (Monthly / Daily / Hourly), and more…

Read more

Ubuntu 18.04.4 LTS (Bionic Beaver) Slated for Release on February 6th, 2020

Filed under
Ubuntu

Released in April 2018, Ubuntu 18.04 LTS (Bionic Beaver) is the latest LTS (Long Term Support) version of the popular Ubuntu Linux operating system, supported by Canonical with software and security updates for 5 years, until 2023, but reaching end of life in April 2028.

As all Ubuntu LTS series, the Bionic Beaver will receive up to five point releases that bring a new installation medium with up-to-date components to make the deployment of the operating system less painful. The latest point release in the series being Ubuntu 18.04.3 LTS, released on August 8th, 2019.

Read more

Ubuntu-Based Linux For All Distro Gets New Release Powered by Linux Kernel 5.4

Filed under
Linux
Ubuntu

LFA (Linux For All) Build 191111 is now available to download based on Canonical's latest Ubuntu 18.04.3 LTS (Bionic Beaver) operating system, but shipping with a much newer kernel, namely Linux 5.4 RC6. As such, LFA is one of the first distros to adopt the upcoming Linux 5.4 kernel series.

LFA (Linux For All) Build 191111 is not just an update to previous releases of the Ubuntu-based GNU/Linux distribution, but a total rebuild that now uses packages from the latest Ubuntu LTS (Long Term Support) release instead of those used in the latest Ubuntu Linux release.

Read more

Ubuntu 20.04 LTS and Debian GNU/Linux 11 "Bullseye" Progress on Python 2 Removal

Filed under
Ubuntu

The removal of an older Python implementation from an entire operating system system and its software repositories is a major deal for any OS vendor as it raises many severity issues due to the fact that numerous packages have not been ported to a newer branch, in this case we're talking about the removal of Python 2 and its replacements with Python 3.

For Debian and Ubuntu, whose communities work closely together since the latter is based on the former, the transition from Python 2 to Python 3 started a few years ago, but now it's time for their next major release to ship without any Python 2 packages, though this appears to be a major deal even for some of the biggest GNU/Linux distributions in the world.

Read more

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.