October 22, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

Full Circle Magazine: Full Circle Weekly News #232

Geany 1.38 IDE:

Redo Rescue 4.0.0, backup and recovery distribution:

Arkime 3.1 network traffic indexing system:

Release of ROSA Fresh 12 on the new rosa2021.1 platform:
http://wiki.rosalab.ru/ru/index.php/ROSA_Fresh_12 (IN RUSSIAN)

The author of cdrtools passed away:

Lutris Platform 0.5.9 Released:

Release of assembly tools Qbs 1.20:

Open Source Security Improvement Foundation Receives $ 10 Million Funding:

LanguageTool 5.5, a grammar, spelling, punctuation and style corrector, released

KDE Plasma 5.23 Desktop Release

Ubuntu 21.10 released:

Ubuntu 21.10 released:

Devuan 4.0 release, Debian fork without systemd

Microsoft ported Sysmon to Linux and made it open source:

OpenBSD 7.0 released:

Ubuntu Web 20.04.3 Released:

Full Circle Magazine
Host: @bardictriad, @zaivala@hostux.social
Bumper: Canonical
Theme Music: From The Dust - Stardust

22 October, 2021 05:53PM

hackergotchi for GreenboneOS


Full CVSSv3x Coverage in the Greenbone Feeds

With the help of Greenbone products, known vulnerabilities in an IT infrastructure can be detected and subsequently eliminated. Assessing the severity of a vulnerability is an essential tool for planning and prioritizing subsequent remediation actions. CVSS provides such an assessment according to a metrics system. Since 2021, Greenbone’s current solutions also support CVSS versions 3.0 and 3.1, and at the same time, Greenbone started to provide all vulnerability tests for which a respective rating is available with it. As of October 2021, this work is now complete and there is – as far as possible – full CVSSv3x coverage in the Greenbone feeds.

Helpful Severity Metrics

Every cyber attack needs a vulnerability to be successful. Most vulnerabilities, namely 999 out of 1,000, have already been known for more than a year and can therefore be proactively detected and eliminated. For detection, a Greenbone vulnerability scanner is used, which finds the known vulnerabilities in an IT infrastructure.

If vulnerabilities are discovered, they can subsequently be eliminated using a wide variety of measures. The most urgent vulnerabilities to be eliminated are those that pose a critical risk to the IT system. Prioritization is required for selecting the measures and the order.

The severity is an essential tool for prioritization. However, we will take a closer look at how vulnerabilities are assigned a severity level in the first place and how it is calculated.

How Severity Ratings Are Created

In the past, different organizations and security research teams discovered and reported vulnerabilities at the same time and named them with different names. This resulted in the same vulnerability being reported by, for example, multiple scanners under different names, making communication and comparison of results difficult.

To address this, MITRE founded the Common Vulnerabilities and Exposures (CVE) project. Each vulnerability was given a unique identifier as a central reference, consisting of the year of publication and a simple number. The CVE database is used to link vulnerability databases with other systems and to allow comparison of security tools and services.

CVEs thus do not contain any detailed, technical information or information regarding the risks, effects or elimination of a vulnerability. In some cases, the version in which the vulnerability was removed is stored.

Further information about a vulnerability can be found in the National Vulnerability Database (NVD). The NVD – a U.S. government vulnerability management data repository – supplements CVEs with information regarding remediation, potential impact, affected products, and also the severity of a vulnerability.

How is the Severity of a Vulnerability Calculated?

The Common Vulnerability Scoring System (CVSS) was developed to enable the assessment of vulnerabilities. CVSS is an industry standard for describing the severity of security risks in IT systems. It was developed by the CVSS Special Interest Group (CVSS-SIG) of the Forum of Incident Response and Security Teams (FIRST). The latest CVSS version is 3.1.

The CVSS score evaluates vulnerabilities according to various criteria, so-called “metrics”: base-score metrics, temporal-score metrics and environmental-score metrics.

  • Base-score metrics: base-score metrics represent the basic characteristics of a vulnerability that are independent of time and the IT environment: how well can the vulnerability be exploited and what is the impact?
  • Temporal-score metrics: temporal-score metrics represent characteristics that can change over time but are the same in different IT environments. For example, the deployment of a patch by the deploying organization would lower the score.
  • Environmental-score metrics: environmental-score metrics represent the characteristics that apply to a specific IT environment. Relevant here are how well the affected organization can intercept successful attacks or what status a particular vulnerable system has within the IT infrastructure.

Since, in general, only the base score metrics are meaningful and can be determined permanently, only these are usually published and used.

CVSSv3.0/v3.1 Support Since GOS 21.04

Since GOS 21.04, which was released in April 2021, versions 3.0 and 3.1 of CVSS are also supported. Although some CVEs – and thus also the associated vulnerability tests – still contain version 2 CVSS data, this mainly affects older CVEs from the year 2015 and earlier, for which no CVSSv3.0/v3.1 score is yet stored in the NVD.

Let’s look at the biggest changes that versions 3.0 and 3.1 include.

Compared to CVSS version 2.0, version 3.0 retains the main groups of metrics – base, temporal, and environmental – but adds new criteria. For example, the metrics “Scope (S)”, which indicates whether a vulnerability can also affect other components of an IT network, and “User Interaction (UI)”.

Some existing criteria have also been replaced by newer ones: “Authentication (Au)” has become “Privileges Required (PR)”. It is no longer measured how often attackers have to authenticate themselves to a system, but what level of access is required for a successful attack.

In addition, the severity levels were subdivided more finely. In version 2.0, the values from 0 to 10 were divided into three severity levels: “Low” (0.0 – 3.9), “Medium” (4.9 – 6.9) and “High” (7.0 – 10.0). Since version 3.0, there are five levels: “None” (0.0), “Low” (0.1 – 3.9), “Medium” (4.0 – 6.9), “High” (7.0 – 8.9) and “Critical” (9.0 – 10.0).

CVSS version 3.1 did not bring any changes to the metrics or the calculation formulas. Instead, the focus was on emphasizing that CVSS measures the severity of a vulnerability rather than the risk it poses. A common mistake was to view the CVSS score as the sole characteristic of a vulnerability’s risk, rather than performing a fully comprehensive risk assessment.

In the course of this, the definitions of the metrics were formulated more clearly and the glossary was expanded.

Full CVSSv3.0/v3.1 Coverage in the Feed

With CVSSv3.0/v3.1 support in April 2021, Greenbone began updating all vulnerability tests assigned a CVSSv3.0/v3.1 score in the NVD to include a CVSSv3.0/v3.1 score.

This was done in daily stages of 500 – 600 vulnerability tests. The update and conversion were thoroughly reviewed and tested. Since October 2021, this work has now been completed. Thus, there is – as far as possible – full CVSSv3x coverage in the Greenbone feeds.

22 October, 2021 10:17AM by Kristin Schlosser

hackergotchi for Purism PureOS

Purism PureOS

Purism and Linux 5.14 and Linux 5.15

The Purism team is continuously working on improving the hardware and software support for the Librem 5. These innovations contribute directly to the mainline, upstream kernel so that the hardware can be supported as part of the development community in the future. Following up on our report for Linux 5.13 this summarizes the progress on […]

The post Purism and Linux 5.14 and Linux 5.15 appeared first on Purism.

22 October, 2021 08:32AM by Martin Kepplinger

October 21, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: 5 Things to Check Out in Ubuntu Impish Indri

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/0KhkUUnHmhWzGZOs_rHfEgJcSLs-e4FJich3g8V30_nZ9lYJBHVDJG_HhCB6p5WAaQBLIt_y4TjrsS1KotuGoZwOOcEJzirFtJoLYMDW6MCJvQ3_MPQScKT0uZYjbmRmrZ5KiUYB=s0" width="720" /> </noscript>

Last week, we celebrated the Ubuntu 21.10 release on the Ubuntu On Air channel, where a wide range of guests discussed their Impish Indri highlights as well as some thoughts for the future. Today we thought we would share ours! 

For Linux desktop users, Impish Indri contains a number of new features plus a preview or two for you to try out ahead of our LTS release next year with 22.04.

So here are our top 5 must try for Ubuntu Desktop 21.10:

1. Test the Ubuntu Impish Indri alternate installer

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/u2epvjbY1lEPyMKdhW9QQzlyUOkN3LGWT6wgTXsVYQ8w3HovXLHKAAs1_NRM1F_h4XZIqcdJLw_9DyaGW3WyzQ0miFCP0J1zi8ibCzcZlrXDSmFko0GpPGbnNPdmpU54dWnaF5gS=s0" width="720" /> </noscript>

In 2020, Canonical announced that it had partnered with Google to bring the Flutter app ecosystem to Linux and make it the default choice for future Canonical desktop and mobile applications.

Our new desktop installer is just the start of that journey with a stylish new first time user experience for Ubuntu. To test it out, you’ll need to download the alternate Impish Indri build here to get a preview of what will ultimately become the default flow in 22.04.

2. Explore GNOME 40

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh6.googleusercontent.com/njTfhn1rJZ2E9zzzUuk9S_hT7R1RHZoI6fKMkKP0iAAAPtZyWYzyMDLsfLctuRylKY_cPCgk2BeDm5wJK5O0tQnsO47o2TZLu_7ry2s-lmFAVKh6AFkx3av4DIyqxTTJkB9SMb3X=s0" width="720" /> </noscript>

Impish officially brings GNOME 40 to Ubuntu. The latest version of the desktop environment features a horizontal workspace layout, corresponding touchpad gestures, and interactive thumbnails. Combined with a variety of additional quality of life improvements, GNOME 40 delivers an intuitive experience that makes navigating your desktop smoother than ever.

3. Share feedback on the Firefox Snap

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/TW_7RzuBcjQTs0Pz0X9nV_eda8pcZbeTRC73DFX0UX1aAIttiPP2p-gKHZ6YBPBY2a7dcljoIqjaKzCInlm3V-FtRpq4TfpHtXnMEFt2KxTUfuVvWDiYcVuO3paNtf7b5xh8Ke6o=s0" width="720" /> </noscript>

For this release, we’ve partnered with Mozilla to package Impish with an official Firefox snap. The new snap is maintained by Mozilla, so users can be confident they’re getting the latest updates as soon as they’re available.

If you’d like to know more about the Firefox Snap or give feedback, check out the Discourse post.

4. Sense your surroundings with the Raspberry Pi

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh4.googleusercontent.com/Hy_istNcbc8RUhgdnJcQAyz4DrOhJRv43QIG2E9QMGbS1QUKLzMZPEyMp-xwoFMKth4DH08PI_9SO-WpI71oPUIeoOvDl7pcB6mLqpbzeqNcu_Iu2pVjAJE9stTNnk6uFAI-u6g1=s0" width="720" /> </noscript>

It’s been one year since Groovy Gorilla brought Ubuntu Desktop to the Raspberry Pi. Since then it’s been great to see the community embracing the opportunities this combination enables, from micro-clouds to mini-desktops. In 21.10, we enabled support for the Sense HAT, which contains a number of environmental sensors and an 8×8 LED matrix. The Sense HAT was designed especially for the Astro Pi mission which enabled students to submit programs to be run on the International Space Station.

Check out this post for some tips on how to get started with the Sense HAT on Ubuntu Impish Indri.

As usual, you can download Ubuntu Impish Indri from the Raspberry Pi imager

5. Catch up with the community

One of the most rewarding aspects of developing Ubuntu Desktop is our amazing global community. From writing tutorials and documentation to testing early releases or just hanging out with like-minded users, there’s a way for everyone to get involved – regardless of experience level.

For ongoing development discussions, check out the Desktop category on the Ubuntu discourse, or reach out on Twitter. You can also tune into Ubuntu on Air for regular news and interviews as well as community office hours and game nights. We’re looking forward to hearing from you!

21 October, 2021 05:07PM

Podcast Ubuntu Portugal: Ep 165 – Hacktoberfest II – Impish Indri

O Firefox fez as pazes com o Constantino, já o contrário… O Carrondo irritou-se com o OBS, saiu uma nova versão do Ubuntu – Impish Indri, sabiam? – e a comunidade global continua a dar ares da sua graça.

Já sabem: oiçam, subscrevam e partilhem!

  • https://hacktoberfest.digitalocean.com/
  • https://www.pine64.org/pinepowerdesktop/
  • https://www.humblebundle.com/books/infrastructure-and-ops-oreilly-books?partner=PUP
  • https://www.humblebundle.com/books/ai-machine-learning-toolkit-books?partner=PUP
  • https://www.humblebundle.com/software/javascript-software?partner=PUP
  • https://keychronwireless.referralcandy.com/3P2MKM7
  • https://shop.nitrokey.com/shop/product/nk-pro-2-nitrokey-pro-2-3?aff_ref=3
  • https://shop.nitrokey.com/shop?aff_ref=3
  • https://youtube.com/PodcastUbuntuPortugal


Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

21 October, 2021 03:00PM

Daniel Holbach: Mixtape: DJ Support: GitOps One Stop-Shop Event (Oct 2021)


In my day job (in the IT world) we staged an online event in Oct 2021. As with past events like these, it makes the event a lot more fun if you have music in between quite technical talks and folks can get up from your desk and dance while you grab a new cup of tea.

On Mixcloud it’s my first mix using a DJ controller - it’s a very recent development for me. A lot of fun though. I enjoyed the whole event, but it was also sensory overload as I was watching 3 laptops to e.g. catch cues when new speakers would come on or if there was audience feedback, so excuse these moments of distraction - along with the breaks! I’ll get a distraction-free mix out soon again - promise! So without further ado, here’s the music folks from the event as people asked for it. Enjoy!

  1. jiony - Sincretismo
  2. Notorious B.I.G. - Hypnotize (Benedikt Frey Edit)
  3. okuma - Garnatxa
  4. Daniel Hokum - Burn (Paul Traeumer’s Shuffled Remix)
  5. Johannes Klingebiel - Latewood
  6. Canu, Nu, Alejandro Castelli - Mariposa (Viken Arman Remix)
  7. The Tribe Of Good - Heroes (edit)
  8. Noir & Haze - Around (Solomon remix)

  1. Nachtbraker - Hamdi
  2. Sam Shure - Mirage
  3. Vijay & Sofia Zlatko - Rap A Verse (Cassimm Remix)
  4. Sanoi & Rattler - Walking

  1. Malaa - Paris 96'
  2. Afgo - Someone
  3. Kurd Maverick - Dancing To (Extended Mix)
  4. Efdemin - Just a Track

  1. Andi Otto - Gianna Anna (Paradise Hippies Remix)
  2. Thornato - Chapinero

  1. Tony Adams - Estou Livre
  2. Fibre - I’ll Go Back
  3. Psychemagik - Mink & Shoes feat Navid Izadi
  4. Sam Shure - Mirage
  5. Super Flu - Watching The Stars (Super Flu´s Watching A Piano RMX)
  6. The Sunburst Band - He Is (Jimpster Remix)

21 October, 2021 08:52AM

October 20, 2021

Olivier Fraysse: Impish Indri Ubuntu-fr t-shirt

Ocelot did it again! The French speaking Ubuntu community is happy to present you his splendid Impish Indri t-shirt. :) You can buy it before the end of October for €15 (+ shipping costs) and receive it at the end of November 2021. You can try to buy it later but it will be more expensive and you will not have any garanty of stock.

20 October, 2021 10:10PM

Kubuntu General News: Plasma 5.23 available for Kubuntu 21.10 (Impish Indri) in backports PPA

We are pleased to announce that Plasma 5.23.1 is now available in our backports PPA for Kubuntu 21.10 (Impish Indri).

The release announcement detailing the new features and improvements in Plasma 5.23 can be found here.

To upgrade:

Add the following repository to your software sources list:


or if it is already added, the updates should become available via your preferred update method.

The PPA can be added manually in the Konsole terminal with the command:

sudo add-apt-repository ppa:kubuntu-ppa/backports

and packages then updated with

sudo apt full-upgrade


Please note that more bugfix releases are scheduled by KDE for Plasma 5.23, so while we feel these backports will be beneficial to enthusiastic adopters, users wanting to use a Plasma release with more rounds of stabilisation/bugfixes ‘baked in’ may find it advisable to stay with Plasma 5.22 as included in the original 21.10 (Impish Indri) release.

The Kubuntu Backports PPA for 21.10 also currently contains newer versions of KDE Gear (formerly Applications) and other KDE software. The PPA will also continue to receive updated versions of KDE packages other than Plasma, for example KDE Frameworks.

Issues with Plasma itself can be reported on the KDE bugtracker [1]. In the case of packaging or other issues, please provide feedback on our mailing list [2], IRC [3], and/or file a bug against our PPA packages [4].

1. KDE bugtracker: https://bugs.kde.org
2. Kubuntu-devel mailing list: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
3. Kubuntu IRC channels: #kubuntu & #kubuntu-devel on irc.libera.chat
4. Kubuntu ppa bugs: https://bugs.launchpad.net/kubuntu-ppa

20 October, 2021 07:18PM

Ubuntu Blog: Help Us Chart the Ubuntu Community Roadmap

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://ubuntu.com/wp-content/uploads/a778/jon-tyson-82ZEOTntP8g-unsplash.jpg" width="720" /> </noscript>

It hasn’t even been a week since the release of Impish Indri, and we already are gearing up for the journey to Jammy Jellyfish. If releases were a roadtrip, this is when we pull over, have some snacks, and find the best way to get to our next destination. The Desktop and Community Team want to know what your priorities are to be better advocates for the community and to make a better Ubuntu community roadmap, together!

What’s a roadmap?

Canonical’s product engineering teams meet every six months to plan what’s called a roadmap. This roadmap describes the overall goals for the release and the steps and tasks each teams will take to achieve them. During a week-long sprint at the start of each cycle, all the teams share their parts of the roadmap with each other, which gives us a chance to sync up before the journey starts. However, there can be unexpected detours between the beginning and end of the development cycle. People on teams can leave the company, or move to other teams, and these changes make goals harder to accomplish. We want everyone in the Ubuntu community to find that happy place between optimistic and realistic in the roadmap process.

Even with hazards ahead, we still want to hear from all the passengers in the car. When everyone weighs in on the roadmap, the journey is much better! Oli Smith is our new Product Manager for the Desktop developer and community experience. He’s focused on developing clear narratives around how you use (and would like to use) Ubuntu and championing those stories during planning and prioritisation. Likewise, the Community Team is the Ubuntu community’s support team. When you get a metaphorical flat tire, we want to get you back on the road. And you should be the ones who shape a roadmap that supports your goals and priorities, not the team’s guesses on what those goals and priorities are.

What kind of feedback do these teams want?

For the Desktop Team, it’s about how you use Ubuntu, and how you wish you could use it. What are the common activities we should be polishing, or the new opportunities we should be exploring? We want to hear what frustrates you when you use Ubuntu and what you’re most excited about going forward. For the Community Team, we want to know about the contributor experience. What would make it easier to become a new contributor, and to grow and thrive in the community? We want to know what makes contributing difficult, and also what makes it wonderful.

How can you help craft the roadmap?

The first way to help us craft our roadmaps is to come to this week’s Ubuntu Community Office Hours. We will be streaming on our Twitch channel and on our YouTube channel at 17:30 on Thursday, 21 October. Representatives from the Desktop and Community Teams will both be there to listen to your suggestions and get your feedback. If you aren’t able to make the Office Hours, don’t worry. Leave your comments for either the Desktop or the Community Team on the Discourse topic all about input for the 22.04 roadmap, and we’ll be sure to let you know we got them.

So dust off your atlases and stock up on your favorite snacks, and let’s make this next leg of the Ubuntu journey a great ride.

20 October, 2021 03:33PM

Ubuntu Blog: Finserv open source security

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://ubuntu.com/wp-content/uploads/6548/alexander-schimmeck-Yo1MijFa1KA-unsplash.jpg" width="720" /> </noscript>

The fintech ecosystem is flourishing and exciting things are happening these days at the intersection of digital technology and financial services – thanks in part to an infusion of global fintech investment that reached US$98 billion across 2,456 deals in H1’21. This far outpaces last year’s annual total of $121.5 billion across 3,520 deals.

Fintech companies are creating and rolling out a wide range of solutions that are impacting nearly everyone, dramatically broadening the reach, flexibility, and level of innovation in financial services. In addition, technology is helping enable enormous progress in bringing financial services to the many people who have previously been excluded from the formal financial system.

Cyberattacks are on the rise

The rapid growth of an ecosystem comes with its own set of challenges. One of the key challenges for the fintech revolution is cybersecurity. According to a cybersecurity report by Boston Consulting Group, banking and financial institutions are 300 times more at risk of cyberattack than other companies. 

In their latest report, the European Central Bank identified the main risk factors that the eurozone banking system is expected to face over the next three years. These risks are increasing with the continued digitization of financial services, the obsolescence of certain banking information systems and the interconnection with third-party information systems.

Given the complexity of the digital financial ecosystem, it is inevitable that some solutions will be insufficiently secure against cyberattacks. And it’s highly likely that those vulnerabilities will be found and exploited. In addition to causing immediate financial losses, breaches can undermine longer term confidence in new solutions, leading to lower adoption rates particularly among users with less experience engaging with digital services. The gap between technology and regulation is acute in fintech and particularly so, with respect to cybersecurity in the fintech context. This is the inevitable result of mixing solutions that are evolving at a rapid pace with regulatory frameworks that change far more slowly. 

Cybersecurity and the API economy 

There will be more interfaces between traditional financial service providers and fintech startups, and therefore, more cyber vulnerabilities as data crosses those interfaces.

As fintech startups grow in number and sophistication, they will establish an increasing number of links with traditional providers through Application Programming Interfaces (APIs). Interfaces between systems are a common source of cyber vulnerabilities arising from mismatched assumptions made by the designers of the systems being connected. To help guard against this, interfaces between digital financial systems should be subject to particularly stringent scrutiny and testing during the product development process, including by people who can take a clean-slate, holistic view of the aggregated system.

Cybersecurity – The journey begins at OS

An operating system that provides security controls, such as continuous vulnerability patching, malware defenses, secure configuration and hardening, will take fintechs a long way towards reducing the risk of security incidents or breaches. 

Ubuntu, the most popular platform among experienced developers and the most widely deployed platform on the public cloud, provides all the above security controls to fintechs and finservs. Ubuntu is designed to provide minimal attack surface, with no open ports by default. It also has one of the smallest container images among enterprise operating systems. It incorporates state-of-the-art malware protection and anti-exploitation mechanisms, such as Address space layout randomization (ASLR), heap and stack protection, non-executable memory, Unified Extensible Firmware Interface (UEFI) secure boot and others as explained on Ubuntu’s security pages.

Furthermore, Ubuntu includes AppArmor, a simple-to-use and easy-to-understand application confinement framework, enabling the confinement of applications by the operator. AppArmor is the engine behind our snap application management system, which enables organisations to run third- party applications confined and isolated, thus decoupling the security of the operating system from that of individual applications.

How Canonical can help fintechs on their cybersecurity journey?

Vulnerability management

Given that vulnerability management is fundamental to any cybersecurity program, Ubuntu’s vulnerability disclosure policy is transparent, and machine readable (OVAL) data is provided to enable the audit of vulnerabilities on Ubuntu. Furthermore, Canonical ensures timely fixes and ships the necessary tools like OpenSCAP to enable automated workflows, such as vulnerability scanning, compliance audits and remediation. 

Secure configuration and hardening

Hardening always involves a tradeoff with usability and performance. The default configuration of Ubuntu LTS releases, as provided by Canonical, balances usability, performance and security. However, systems with dedicated workloads and deployments that are targeting specific platforms or clouds can benefit from hardening. Profiles such as the CIS benchmark enable a hardened operating system that follows the CIS Controls guidance. Canonical works with CIS as well as DISA to enable them to create guides and rules for their respective CIS benchmarks and DISA-STIG.

Attestation and security certifications

Canonical ensures that the Ubuntu operating system is third-party attested. Cryptographic core packages in Ubuntu are regularly certified under NIST’s FIPS 140-2 program. The security mechanisms of the operating system are further certified under the Common Criteria Operating System Protection Profile (OSPP) on the EAL2 level. The Common Criteria (CC) for Information Technology Security Evaluation is an international standard (ISO/IEC IS 15408) for computer security certification used by financial institutions and many other organizations dealing with sensitive data. 

Read this white paper to learn more about security frameworks and how they can benefit your business. 

Canonical’s subscription model

While Canonical’s free standard maintenance of Ubuntu Long Term Release (LTS) is sufficient for many users, Ubuntu Advantage and Ubuntu Pro address financial institutions’ enterprise security needs.

Ubuntu Advantage and Ubuntu Pro provide your organization the necessary tools to comply with cybersecurity requirements by tackling vulnerability management in the long term for the operating system and applications, audit and compliance tooling for secure configuration and hardening, such as CIS benchmarks, as well as third party attestation of the security mechanisms with Common Criteria and a FIPS140-2 validated cryptographic core.

Discover how Canonical can enable your cybersecurity journey

Get in touch

Photo by Alexander Schimmeck on Unsplash

20 October, 2021 12:47AM

October 19, 2021

hackergotchi for Purism PureOS

Purism PureOS

Speak to me!

My trusty laptop’s speakers gave up the ghost. I don’t like to sit around in headphones all the time, I don’t have any other speakers, and the replacements are still being manhandled by the postman. I’d get used to the austerity if I hadn’t started missing calls from a friend. That’s unacceptable! But what am […]

The post Speak to me! appeared first on Purism.

19 October, 2021 04:58PM by Dorota Czaplejewicz

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: Canonical participará en Cloud Expo Europe Madrid 2021

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://ubuntu.com/wp-content/uploads/81c8/madtechshow21-registro-abierto.jpg" width="720" /> </noscript>

La feria, que ha cosechado un gran éxito en Londres, París, Frankfurt y Singapur, inaugurará su primera edición en Madrid para expertos y ejecutivos C-level. Canonical participará en el evento como «Silver Sponsor» y presentará estrategias y tendencias para las empresas líderes en la industria en el entorno de DevOps.

Regístrese para asistir al encuentro

Reserve una reunión

Reduzca el costo de TI automatizando las operaciones de software

Miércoles 27 de octubre de 2021, de 12:00 a 12:20 horas

Empresas de todo el mundo están lidiando con los efectos de la crisis de COVID-19 y enfrentan un desafío cuesta arriba para contener el impacto en sus negocios. Los departamentos de TI de las empresas han demostrado que pueden adaptarse rápidamente a los cambios y proporcionar la columna vertebral de la tecnología que ha permitido que muchas organizaciones permanezcan operativas. Pero los economistas predicen una recuperación lenta y el crecimiento empresarial será un desafío a corto plazo. Esto inevitablemente significa que los presupuestos se verán reducidos.

La velocidad de negocio e innovación son fundamentales para que las empresas mantengan y gestionen el impacto de la crisis. Una parte significativa del gasto en TI todavía se destina al mantenimiento de los sistemas y las operaciones de software existentes. exprimiendo así el presupuesto necesario para el cambio y la innovación empresarial. Por lo tanto, reducir el costo de las operaciones de software y la integración y, al mismo tiempo, brindar nuevos servicios al cliente es una de las estrategias principales para las empresas.

En esta charla principal, Kris Sharma, líder del sector de servicios financieros y Miguel Quesada, gerente de proyectos en Canonical, mostrarán el poder de la comunidad de código abierto y las herramientas de código abierto para abordar los desafíos de las operaciones de software empresarial y reducir los costos de operaciones de TI mediante la automatización de las operaciones de software y mantenimiento.

Soluciones para el entorno multi-cloud

Jueves, 28 de octubre de 2021, 10.50 – 11.10 h.

Este año, el tema principal de Cloud Expo Europe Madrid aborda la mayor adopción de entornos multi-cloud y/o híbridos. El catalizador de la transformación hacia la nube, son las numerosas ventajas de la infraestructura cloud con respecto a los centros de datos convencionales, tales como una mejor economía, escalabilidad y una mayor agilidad de DevOps. Entre las distintas tendencias en la nube, las arquitecturas multi-cloud están ganando impulso últimamente, con un 62 % de las empresas en pos de una estrategia de TI multi-cloud. Pero, ¿cuáles son el enfoque y la solución adecuadas para garantizar de forma efectiva la reducción del coste total de propiedad (TCO) a largo plazo?

Asista al DevOps Theatre para descubrir el enfoque de Canonical con respecto a la arquitectura multi-cloud de la mano de Reg Deraed, Field Sales Lead para EMEA en Canonical.

El stand de Ubuntu y nuestro equipo

Pásese a saludar a nuestro equipo, quienes le recibirán en nuestro stand para hablar sobre:

  • las soluciones OpenStack y Kubernetes de Canonical;
  • la optimización hacia cargas de trabajo Edge;
  • soluciones para lograr operaciones con una gestión completa.

Acceda a multitud de importantes recursos gratuitos y analice las necesidades infraestructurales de su empresa con un miembro de nuestro equipo de ingenieros.

¡Nos vemos allí!

Reserve una reunión

Regístrese para asistir al encuentro

19 October, 2021 10:44AM

Ubuntu Blog: Common Sense – using the Raspberry Pi Sense HAT on Ubuntu Impish Indri

Dave Jones from the Canonical Raspberry Pi team has put together a helpful guide for those getting started with the Raspberry Pi Sense HAT on Ubuntu Impish Indri. We’ve reproduced an edited version below, or you can read the full post on his blog along with other great Raspberry Pi tips!

For more information on Ubuntu Impish Indri check out the release notes.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh6.googleusercontent.com/KV9p_5y8YxgVCI7VEpi3zxrbRtMNIYJo2Qh6VTaLIhPQrvFmb0wdefJw9XlMLTeTtwvYdEnGgOwbCqqAwgtAAwF0OYEf-TIbX7Inlf_XPvOO3C0G7u5XoFAo_tbqMMEfw2ZzI9fD=s0" width="720" /> </noscript>

One of the main new features in Impish Indri for the Raspberry Pi is the addition of packages to support the Raspberry Pi Sense HAT. Specifically:

  • sense-hat — The main Sense HAT package which depends on all the other bits you’ll need (like the Python library detailed below) and a basic configuration with some reasonable calibration figures.
  • python3-sense-hat — The official Python library for interfacing to the Sense HAT. (Note: there’s no corresponding python-sense-hat library for Python 2.x on Ubuntu because Python 2.x is no longer supported.)
  • sense-emu-tools — The Sense HAT desktop emulator package, which includes the GUI desktop emulator and the sense_rec and sense_play tools.

How to set up the Sense HAT desktop emulator

We’ll start with the Sense HAT desktop emulator package for a couple of reasons (full disclosure: these reasons have nothing whatsoever to do with my having written it … no sir!). Firstly, you can play with it even if you don’t have a Sense HAT. Secondly, if you do have a Sense HAT, then you can use all the demo scripts that come with it!

Let’s get started with installing the HAT. This is my Sense HAT, mounted on a Pimoroni Black HAT Hacker board (because it makes it far easier to wiggle around without worrying about HDMI cables and such):

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/jZ7aQOIAFOJFFV9Smxw6LDzDwGRq0QvuCxdj9VTYYvN2YazhCb11CgVKOYzVRgVg9RhI8WyJcBZAop5nfbCIGA4kt7rz1v-CiJTliioQXx_bRPkCzW1EtaAag-ro1pinjrT_jtZt=s0" width="720" /> </noscript>

When you switch on the Pi, you should see a rainbow image on the Sense HAT (after an initially blinding flash, if you happen to be on a Pi 4 — don’t worry, this is normal!). Once the kernel starts, the rainbow on the Sense HAT will go blank.

Once you’re logged in and at a terminal prompt, install the packages we want:

$ sudo apt install sense-emu-tools sense-hat

Next, install a code editor. For this demo I’m using geany:

$ sudo apt install geany

Next, start the desktop emulator, which you should find under Gnome’s application menu (or you can hit the Super key and just type “Sense”):

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/HqPyksvL7hx8afKtgXNh_C-dMvPHJEiwyqczAj55m5Pe9V48GsibxpHwfoLCAouETkKNACEWp8QhLczk6bGRYyWDPjljjO47feGSjnYJYZfYnDWDlNKDmb-B5bx_1Ix2_6rhxrgQ=s0" width="720" /> </noscript>
<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh6.googleusercontent.com/dp-80BrMc6vh3zEVoIgjrtGNY7BgMZZ0uxAb8e0491WAGvQ7DjVC_JXplvHWWaADnlxzYgOuPZ9TBa-PKXe8WFYguCg_LzK64VoK3FR_hskcO9mm4_PWw8s6igcaAugKM4-HWT62=s0" width="720" /> </noscript>

Finally, configure it to use “geany” (or your-choice-of-editor-here) because the default, “thonny”, isn’t in the Ubuntu archive … yet:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh4.googleusercontent.com/xjm_vsRZ20bCcE1zsNYq_WlBkAQvbHZVWunH9F0cuuXJuK2edIIkNFESUq3xcwuFF2bQ-xZ9XX_7lFl-vjUIn65h4I2dd2CDbbT5fZvi6hqDQbmfj32mE7wYTPauImS0GCENxlxX=s0" width="720" /> </noscript>

While you’re at it, I’d suggest activating the “Simulate environment sensors” and “Simulate inertial measurement unit” options too, as these make the emulation of these sensors more “realistic”.N


The Sense HAT emulator runs on any machine, not just the Raspberry Pi. But the emulator’s demo scripts can be used with the real Sense HAT too.

The Sense HAT emulator runs on any machine, not just the Raspberry Pi. But the emulator’s demo scripts can be used with the real Sense HAT too.

Let’s open up the humidity.py demo script. Go to File > Open example > Simple > humidity.py in the menus. This should fire up your chosen editor with a copy of this script, written to your home directory with a timestamp appended so that you can edit it as much as you’d like. Subsequent selections of that entry will generate a fresh copy of the original:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/-PsbJtJoVsTULFINeFxaeJODveEwtbWI3PVTt7PoXNCR8QATTpSMJNIZlr_-cwqfiUZC3pEWeKQK_El6lJRT8tQY_njxW3UXrvuYvsq1GETvi88SLVo-FCmJv7ihlCJy_xj6_NtD=s0" width="720" /> </noscript>
<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh4.googleusercontent.com/Fk5B7Cp07Br5ix5e5Zroz0PATERHHr98B8g2YVMi7zh59h5XUTOdhNy8f_or6OAkb3IisEnCRO0ktfeCw5ccTK-vYiuPfC-tV3AfnczWGoC1VTL6Nl9hNEOpQt0uLDKuzTYC56yH=s0" width="720" /> </noscript>

If you’re using Geany (as suggested), there’s one more thing we need to do. Geany still defaults to trying to call python rather than python3 when running Python scripts. Since Ubuntu no longer ships Python 2.x, the only interpreter is python3, so we need to tell it to use this instead. Select Build > Set Build Commands from the Geany menu and change the Execute command to python3:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh6.googleusercontent.com/Z5LxejRQK-4C_87JFwJoQPCIj344P4MAhXrrQqg79irPWR4K4Ff1WG-mJ3m9csVK2shWjRKB5il9awzIvAroHjReIb3F6FEZ-faXL9cdZyKOBzWMwGDifuQdj6MAg677A08dVCNI=s0" width="720" /> </noscript>

Finally, we can run our demo script. Select Build > Execute from the menu, or click the cogs icon in the toolbar. You should see the display on the emulated Sense HAT turn partly white and partly green. The number of green elements indicates the current humidity. If you drag the humidity slider up and down you should see the number of green elements change accordingly.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/1kjoc7G0YpH93ZxAvom5IjAOD4zQQLnW99sBmZhOGAUS21WA0WG2kS0N9PoZRvKGbPGwP3n-6C_ABEGY_ozF87CK8oZ_-5tF5KuFQMKfpN64mb13LKTmuqJsdOq_SuT42v4Li5dk=s0" width="720" /> </noscript>


If you activated environment simulation earlier, there may be some delay between you dragging the slider and the display updating. This is because the real sensor typically displays a certain delay in responding to changing humidity which the simulation emulates.

When you want to stop the script, press CTRL+C in the terminal window that appeared when you ran the script (that terminal contains the Python interpreter running your script). Feel free to modify the script and see what difference it makes when you run it. A simple change could be modifying the colours used. A more complex one could change the orientation or appearance of the “graph”.

How to use the Raspberry Pi Sense HAT

What about running our humidity script on the real Sense HAT though? Firstly, edit the script to import from sense_hat instead of sense_emu. This is the only code change that’s necessary:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/e469kkmW83s2d3eZ6dW8vtumjgUrGgJXkbSPsv2hfx3gytNeGW40ZUU4sXgt26r-wLEELg9uxkX23uwd2MMd_ZbOkdyYKGIKEVfeSdIWXPZF1qUOp6JWHCLMQJox3NOCyBbyZzoH=s0" width="720" /> </noscript>

Next, we need to ensure our script starts as “root”. This is because the I2C bus that the Sense HAT uses is only accessible to root by default under Ubuntu currently. Bring up Geany’s Build > Set Build Commands dialog, and change the Execute command to include a “sudo” prefix (i.e. it should read sudo python3 “%f”:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/ByKR79psBdizjeHSNI_wkPz3oRAujBp9aWK3MIx6yj0FU2GeRHn7mF-VaqK0eAJMS1mWVoxUr7DI7g_NBp1NbPBrHwlkAYzfHHm_LSo7EaQY7VZljWYRZAFmCZNYTJ40tua0uoI9=s0" width="720" /> </noscript>

Once again, select Build > Execute from the menu. This time, the terminal that appears will prompt for your password (which sudo needs to run things as root). Once entered, you should see the script running on the actual Sense HAT on your Pi:

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/N_Suvx8vQ9XZEN_O9cT8ks4W4W2G5SgoZAlFG2s3z7p8UI6NO0pCn-oUD_e3R89bxzq0QiK6na-Cr_dK33FthF0ALQlIbthKMtQPg4rkXWqtZqgsi_aQYag87wyIBNH32lQUElcO=s0" width="720" /> </noscript>

In the image above, the reading is quite high as I’ve just breathed on the HAT. You can try the same and watch the reading spike up before falling back down.

At this point, I’d suggest having a play with the other demo scripts available in the emulator. There’s plenty in there that deal with the various environmental sensors, the display, the joystick, and the IMU on the HAT. Have fun!

Advanced tip – going rootless

If you want to use the Sense HAT without resorting to sudo or root, you need to add some udev rules to permit access to regular users. Add the following content to a file named /etc/udev/rules.d/99-user-sense.rules (you will need to be root to create/edit this file):

SUBSYSTEM=="i2c-dev", KERNEL=="i2c-[0123456]", GROUP="plugdev", MODE="0660"

SUBSYSTEM=="input", ENV{LIBINPUT_DEVICE_GROUP}=="*:rpi-sense-joy", GROUP="plugdev", MODE="0660"

SUBSYSTEM=="graphics", ENV{ID_PATH}=="*-rpi-sense-fb", GROUP="plugdev", MODE="0660"

If you’re typing this instead of copying and pasting, pay close attention to the subtle distinctions between “==” and “=”. The first entries on a line use “==” as they’re matching events; the latter entries use “=” as they’re assigning values to the device.

After creating/editing this file, reboot the machine and you should find that you can access your Sense HAT without “sudo”.

Click here to find out more about getting started with Ubuntu 21.10 on the Raspberry Pi.

19 October, 2021 08:26AM

Ubuntu Blog: What’s new in security for Ubuntu 21.10?

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://ubuntu.com/wp-content/uploads/88fb/gabriel-heinzer-4Mw7nkQDByk-unsplash.jpg" width="720" /> </noscript>
Photo by Gabriel Heinzer on Unsplash

Ubuntu 21.10 is the latest release of Ubuntu and comes as the last interim release before the forthcoming 22.04 LTS release due in April 2022. As the interim releases are often proving grounds for upcoming features in the LTS releases, this provides a good opportunity to take stock of some of the latest security features delivered in this release, on the road to 22.04 LTS. In this blog post, we will take a look at those features and improvements that add to the overall security of an Ubuntu system and which help to enable your Linux cybersecurity strategy.

5.13 Linux kernel

The Linux kernel is the foundation for all Ubuntu systems. Ubuntu 21.10 uses the upstream 5.13 kernel as it’s baseline and so takes advantage of a number of improvements since the 5.11 kernel which is used in Ubuntu 21.04. These include the following new features.

Detect active exploitation attempts with KFENCE memory error detector

Memory corruption vulnerabilities are still one of the most problematic types of security issues for the Linux kernel. Detecting these can be done at both compile time via static analysis, and at run-time through instrumentation of various memory allocation routines. Traditionally, instrumenting memory operations to detect errors at runtime has been too computationally intensive to use in production systems, and so has been restricted to use in CI environments and the like. Kernel Electric Fence (KFENCE) is a new, low overhead run-time memory error detector which is designed to be used in production environments. Rather than instrument all memory routines, KFENCE uses a sampling approach so that only a subset of operations are measured, keeping the overhead low whilst still allowing to detect the most common memory errors that may be encountered over a long enough sampling period. This is enabled by default in Ubuntu 21.10 which should enable detection of various runtime memory errors, which in turn could indicate the presence of active exploitation attempts of these systems.

Impede kernel exploitation with Kernel stack offset randomisation

Exploitation of the Linux kernel often involves a local user making multiple system-calls to first leak a kernel memory address and then to overwrite that memory on a subsequent call. One way to try and counter this exploitation method is to ensure that the kernel stack is located in a different memory region from one system-call to another, such that a stack memory address which can be leaked from one system-call becomes invalid if used in a subsequent call. The 5.13 kernel introduces the ability to randomise the location of the kernel stack at each system-call entry to the kernel for both the amd64 and arm64 architectures. This work was inspired by the PaX RANDKSTACK project, and so brings to the mainline Linux kernel and hence Ubuntu 21.10 a much desired security hardening feature. The performance impact of this new feature is minimal, and so this has been enabled by default for Ubuntu 21.10 and so makes all Ubuntu users safer by frustrating would-be attackers by closing another attack technique.

Experiment with application sandboxing via the Landlock security module

Security vulnerabilities can be present in the most trusted of applications. To try and limit the impact these can have, Mandatory Access Control (MAC) systems have been used to sandbox applications so they can only access the specific resources needed. AppArmor and SELinux are both examples of MAC systems and both are implemented as Linux Security Modules within the Linux kernel. Each allows the system administrator to define policy about what applications should be allowed to access. In more recent years, a trend towards allowing applications to sandbox themselves has been seen, with the introduction of seccomp filters and now the Landlock LSM. Landlock is similar to AppArmor in that it allows policy to be created which limits what files an application can access, but unlike AppAmor which is designed to be configured by the system administrator, Landlock allows applications to define their own security policy. The use of LSM stacking allows Landlock to be used in conjunction with AppArmor, and so has been enabled in Ubuntu 21.10 as a preview of this new technology so that application developers can start exploring the use of Landlock in addition to AppArmor for enhanced application isolation.

Reduce kernel attack surface by disabling unprivileged BPF

The use of the Berkeley Packet Filter (BPF) in-kernel virtual machine has grown since its original use within the networking subsystem of the kernel. It is now used by control groups for filtering device accesses, tracing and profiling to gather  performance information, and observability and monitoring of the system just to name a few use-cases to which this technology has been applied. As the use-cases for BPF have grown, so has the appetite for making this ubiquitous system available to all users. Since the 4.4 kernel, unprivileged users have been able to load BPF programs into the kernel, trusting that the in-kernel BPF verifier will ensure no untoward actions can be performed as a result. Unfortunately, due to a range of security issues that have been (and continue to be) discovered in the BPF verifier, this has resulted in a number of high priority vulnerabilities within the kernel, that allow an unprivileged user to escalate their privileges to root, by loading BPF programs that bypass various checks within the BPF verifier. As a result, for Ubuntu 21.10, this default has been changed so that only privileged users may load BPF programs, but that trusting system administrators may allow unprivileged users to also load BPF programs by changing the associated sysctl setting. This change aims to strike a balance between the increased usability of universal BPF whilst also protecting the system against attackers who would aim to abuse this feature for their own gain, overall making Ubuntu 21.10 more secure against this type of attack.

Improved static analysis with GCC 11

Ubuntu is widely recognised as the most popular Linux distribution for developers and is used by development teams in more than 100 countries across a wide array of industries to build world-leading applications and services. There are many reasons why developers choose Ubuntu, including unparalleled hardware and software support, familiarity of a common platform between development and production environments and the long term support offered by Canonical. However, another additional benefit includes the ability for developers to ship more secure code by using Ubuntu as their development platform. Ubuntu 21.10 includes the latest release of GCC, the venerable and defacto C/C++ compiler. GCC 10 introduced the ability to run more intensive static analysis checks during compilation via the -fanalyzer command-line option. In GCC 11, additional checks have been added to detect defects such as trying to modify string literals, or trying to shift a type by a value greater than it can represent and hence causing an overflow. By developing on Ubuntu 21.10 and enabling the use of these features, developers can detect and hence ship more secure code by using Ubuntu as their development platform of choice.

In all, the range of security features and additional hardening measures implemented in Ubuntu 21.10 make it the most secure Ubuntu release to date. They also feed into the development of Ubuntu 22.04 LTS, the next long-term supported release of Ubuntu. Security updates and kernel livepatching for 22.04 LTS will both be provided for ten years via an Ubuntu Advantage subscription, continuing the benchmark of Ubuntu LTS releases serving as the most secure foundation on which to both develop and deploy Linux applications and services.

19 October, 2021 05:02AM

October 18, 2021

The Fridge: Ubuntu Weekly Newsletter Issue 705

Welcome to the Ubuntu Weekly Newsletter, Issue 705 for the week of October 10 – 16, 2021. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

18 October, 2021 09:42PM

hackergotchi for Purism PureOS

Purism PureOS

How Purism Funds Free Software

Free software isn’t free. Free software geeks love to correct people by saying that the “free” in “free software” refers to freedom (libre), not cost (gratis). We even join in this word play at Purism by naming our laptops Librem–a combination of the words libre (freedom) and librum (book). Whether free software is written as […]

The post How Purism Funds Free Software appeared first on Purism.

18 October, 2021 05:41PM by Kyle Rankin

hackergotchi for VyOS


VyOS 1.3.0-epa2 release

Hello Community!

VyOS 1.3.0-epa2 release is available now. The generic ISO image is available publicly, while subscribers can access additional flavors through the support portal. This is mainly a bugfix release that corrects a number of issues found in the earlier 1.3.0-epa1 release.  However, in addition to bug fixes, it includes a few features and updates, including DNS forwarding support for reverse zones and Linux kernel 5.4.154. It also will not be the last EPA (early production access) release—there are a few work-in-progress bug fixes now, so stay tuned for updates.

18 October, 2021 05:04PM by Daniil Baturin (daniil@sentrium.io)

hackergotchi for ZEVENET


What to do before and after a Cybersecurity breach

“You have been hacked!” These are the words that no one wants to hear. But we all know these words are common in the world of digital transformation. Cybersecurity can happen any time, with anyone, and even large companies can become a victim of a cybersecurity breach. So, with the increase of cybersecurity threats throughout the world, it’s important to take important measures to avoid these...


18 October, 2021 10:14AM by Zevenet

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: “Industrial Pi” Use Cases with Ubuntu and AMD

<noscript> <img alt="" height="378" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_379,h_378/https://ubuntu.com/wp-content/uploads/54a1/Screen-Shot-2021-10-18-at-5.11.18-PM.png" width="379" /> </noscript>

DFI’s GHF51 mini industrial-grade motherboard, and the EC90A-GH mini fanless industrial computer, are the world’s first industrial computer products that have passed the Ubuntu IoT hardware certification and are equipped with high-performance AMD processors. The 1.8-inch motherboard of the Ryzen R1000 processor has the same small size as the Raspberry Pi but brings unprecedented powerful computing performance, powerful expansion capabilities, and durability tailored for industrial applications. Combining the online update mechanism of the Ubuntu Certified Hardware and the online application store, the breakthrough development of “Industrial Pi” will redefine the future of the Industrial Internet of Things.

In this webinar, you’ll hear from Taiten Peng (IoT Solution Architect at Canonical) and Waterball Liu (DFI Product Manager) on

1. DFI “Industrial Pi” Use Cases on computer vision
2. The Basis Of Industrial Pi: AMD Embedded Ryzen
3. Ubuntu Core Refined For IoT
4. Get ready for another 30 years of Linux

Join our upcoming webinar and live Q&A on 27 October!

Register for the webinar

For more information, visitUbuntu Certified Hardware:

18 October, 2021 09:23AM

October 17, 2021

Sean Davis: Xubuntu 21.10 Released

Xubuntu 21.10 Released

Xubuntu 21.10 "Impish Indri" was released on October 14, 2021. Check out the release announcement and release notes. I&aposve expanded on both below.

New Features

GNOME Disk Usage Analyzer

GNOME Disk Usage Analyzer (baobab) scans folders, devices, and remote locations to provide an in-depth report on disk usage. It can quickly identify large files and folders wasting disk space and enable users to act on them. A tree-like and graphical representation are used to display disk usage.

Xubuntu 21.10 ReleasedDisk Usage Analyzer makes it much easier to recover lost disk space.


GNOME Disks provides an easy way to inspect, format, partition, and configure disks. You can view SMART data, manage devices, benchmark physical disks, and image flash drives using GNOME Disks. Another benefit is that it can mount partitions on-demand or automatically.

Xubuntu 21.10 ReleasedGNOME Disks is an all-in-one solution for managing physical disks and partitions.


Rhythmbox is a music-playing application. It features a media library, podcast feeds, and live internet radio stations. It integrates with the Xfce PulseAudio Plugin in Xubuntu, controlling playback and granting easy access to recent playlists. Xubuntu ships with the Alternative Toolbar plugin enabled, making the application layout fit in with the rest of the desktop. Additionally, the Music key on multimedia keyboards will now launch Rhythmbox instead of Parole.

Super Key Support

The Super (or Windows) key will now reveal the application menu, similar to Windows and other desktop environments. This is possible thanks to the inclusion of xcape. xcape is used to configure modifier keys to act as other keys when pressed. For Xubuntu, the left Super key is now mapped to trigger the Ctrl+Escape key combination used for the Whisker Menu. For a peek into the technical reason for this workaround, please see the upstream Xfce bug.

The Super key now works exactly as you&aposd expect.


PipeWire is now included in Xubuntu and the other flavors. PipeWire is a project that improves audio and video handling in Linux. It is used alongside PulseAudio to significantly improve hardware support, particularly for Bluetooth audio devices. For regular usage, PipeWire quietly works in the background. Audio devices are still controlled through the Xfce PulseAudio Plugin and PulseAudio Volume Control (pavucontrol).

Pidgin Removal

Pidgin, “the universal chat client,” is no longer included in Xubuntu. Due to an increasing number of chat services moving to proprietary and restricted protocols, the overall usefulness of Pidgin has diminished significantly over the years. However, if you still use Pidgin, it can be installed from the repository.

Late Night Linux Extra episode 32 featured Gary Kramlich, the lead Pidgin maintainer. In this episode, Gary explained that while many of these services are no longer available within Pidgin by default, existing plugins enable support for those services. Unfortunately, many plugins change rapidly, making it impossible to keep them packaged and up-to-date in Ubuntu.

UX Updates

In continuing our keyboard shortcut clean-up, the long-obsoleted Super+{1,2,3,4} shortcuts were removed. These shortcuts go way back to when Xubuntu had a two-panel layout and launched the first four pinned applications. For a complete list of keyboard shortcuts, click here.

We also made a minor change to our Thunar defaults, updating the title bar to always display the full path of the current directory. This should make navigating and managing the filesystem easier with multiple open windows.

Xubuntu 21.10 ReleasedGo layers deep in your filesystem and never forget where you are with the full path displayed in Thunar at all times.

About the Xubuntu Versions

Xubuntu has three installable versions. Using the main ISO (2.0G), you can pick from the Normal or Minimal installation option, whereas Xubuntu Core (1.0G) will result in a much smaller installation size. Normal includes everything you need to be productive and have fun with Xubuntu. Meanwhile, Minimal and Core are designed to provide the bare essentials, enabling you to tailor Xubuntu to your needs.

Xubuntu 21.10 ReleasedWhen installing from the main ISO, you have an option to perform a "Normal" or "Minimal" installation.

Core and Minimal seem to have the same purpose, but Core has a few advantages. For one, the download size is much smaller and more accessible for those with limited connectivity options. Second, the install size is quite a bit smaller due to how the different versions work. Core installs only the minimal set of packages. Minimal first installs the Normal Xubuntu version and then removes the excess packages. Unfortunately, it’s impossible to reliably identify and remove all of the extra packages, so you end up with another 1.0G of bloat.

Xubuntu 21.10 ReleasedSave nearly 2.0G of disk space by opting for the Xubuntu Core version.

You can learn more about Xubuntu Core here or view the spreadsheet I put together with the package and memory differences here.

Wrapping Up

Xubuntu 21.10 features the work of numerous contributors from the Xfce, GNOME, MATE, Ubuntu, and Debian communities. If you&aposd like to contribute, check out the following links:

Next up, we have the 22.04 "Jammy Jellyfish" LTS cycle. The next six months will be focused primarily on bug fixes and other improvements, building a solid LTS foundation for the next three years. As it is an LTS, we&aposll be running a Wallpaper Contest again, so keep an eye on the Xubuntu website and Twitter for updates.

17 October, 2021 02:30PM

October 16, 2021

Ubuntu Blog: The State of Robotics – September 2021

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/G7cjzqPDMVM9jHJSX4vsfX2YLZ7T1rNHCHKSMFoQKVhDPmZIEKefTSS7uHeCNLmYU7dZMZUCx5VsrWpwg8v_ozg-4VyVrRhvfq_gnDO_M0V_Bek4CUXLtyH_7Z_cwhDMrkA3RyQB=s0" width="720" /> </noscript>

September news is charged with analysis and comment of what has been a month with important announcements for open source robotics. It has been a month to understand that, in a nascent and fragmented market, the actors have a deeper impact upon all the stakeholders. A flop won’t be just a flop, it could be the reason why someone won’t give a robot a chance.


Ok, let’s start.      

Open source robotics events – ROS World 

You still have time to register for the upcoming ROS World virtual conference. The event will take place on October 20th, and 21st and Canonical will be there with our virtual booth and some lightning sessions that you will love. 

So join us for a day charged with groundbreaking talks (such as micro-ROS, the Indy Autonomous Challenge and more). Come to our booth to learn more about Ubuntu Core and real-time, and all our ROS open source tools to deploy and maintain robots in the field. 

Head here to register!

Not another Amazon’s Astro review – its impact to open source robotics 

We are not doing it because it is trending, but because it happened in September. To be more precise, on the 28th of September, Amazon announced its mobile home robot called Astro. A mobile robot equipped with cameras, a telescope, a screen and two cup holders. 

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh3.googleusercontent.com/PoLwRmIOKqh6-aev-vnoPvec4NMJIwCAicwPfiRM3CM9plzqADXARyRjXHvIwoPm1e_XbCzIIKdHa8xAIItl9rXZNegteaASPUZwfkBwZN2d_z853qs28GWkmUHu6YNZCpQmizEG=s0" width="720" /> </noscript>

For a first review of the Astro public release, I do recommend reading the IEEE blog. Because today, we are not talking about the robot, but about its impact on the domestic robotics market. 2 paragraphs with 2 different points of view: 

Let’s start with the positive side. A big company is pushing the use of robotics in our homes. Despite Amazon’s underlying intentions, which we are not discussing, they are venturing into a field that many failed and many are avoiding. A robot assistant platform is not easy to develop or easy to maintain. History has shown us several examples of how companies can fail, such as Jibo. So, it helps the overall market by having market pioneers or champions that are putting their resources to educate consumers of the opportunities of the technology. Startups do not have the time or resources to educate their users and fight tech biases. Amazon has it. So by praising the benefits of Astro, Amazon is raising awareness about the opportunities that robotics unlocks. Think about voice assistants. When they started they faced strong opposition by people saying this is not needed. This wouldn’t have changed without the investment of the big 5 in this technology. 

Ok, let’s jump to the negatives. There has been much speculation about the development of Astro; unhappy engineers pushed to meet a deadline with a technology that was not ready. Many are complaining about the lack of robustness of the device. Plus, yes, who is putting the beer in the robot cup holder? This all raised a big question; what if the robot is a big flop? Well, then we are going to have a bigger debacle than Pepper robots being purchased by healthcare workers. Several healthcare organizations, especially care homes, acquired Pepper robots, just to see that out of the box, there is not much that you can do with it. Several Peppers ended up in rooms, not being used, gathering dust. Many robotics customers were let down, not trusting humanoid robots. We shouldn’t take the impact of negative emerging technologies lightly. Several studies have shown people unconscious bias towards robotics; there is no need to fuel negative views. An unsuccessful Astro robot will delay the overall adoption process of robotic technologies and will impact the image of the technology and the companies driving this innovation. 

The robotics world raised its voice with the release of Astro. There are many other topics we would like to discuss, but we wanted to provide this point of view, which shows us how Astro could impact our work. 

Who is DARPA winner 

September hosted the finals of the DARPA Subterranean Challenge , an edition that searched for novel approaches to rapidly map, navigate, and search underground environments during time-sensitive combat operations or disaster response scenarios. DARPA first announced its Subterranean (SubT) Challenge in 2018 to support open source robotics.

Team CERBERUS was the winner of this three-year-long subterranean challenge! 

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh4.googleusercontent.com/nO4gkLXqm5luRv8Yus04u7VoeWsUiHeX1WR31qe4OJq9t86F5VbQpvWSUPEV8sX4ygzXw8d9z2yR1Ah9UNJG58ZLVvV-fbA8LV7fwo_xUieJ1BOsVlROd3CZCuowS99ECkV3WSOe=s0" width="720" /> </noscript>
CERBERUS team is of course using Ubuntu.

The finals took place at the Louisville Mega Cavern; a massive man-made limestone mine, big enough to house a ropes course, mountain bike park, and tram-guided tours. DARPA finalists had to navigate environments that incorporated elements from all three previous DARPA events, which included confined spaces to simulate underground mines, metropolitan infrastructure, and cave systems. The challenge had its additional complications, including smoke to affect the visual degradation during operation. 

The winner had to explore these environments and find objects of interest that were placed by DARPA organizers. In total, 40 objects were hidden. Once found, the robots had to report the accurate location of the artefact. Each artefact was worth one point.

Team CERBERUS won by finding and locating 23 artefacts out of the 40. Second place went to team CSIRO, who also scored 23 points but in more time than CERBERUS. The third place was for MARBLE, with a score of 18. 

What can autonomous mobile robots learn from the new iRobot j7  

Thoughtfulness. As soon as we are adding a robotics device to a human environment, we really need to consider the underlying rules of the environment. And it seems that iRobot understood that quite well.

Roomba was born in 1990. Since then, that technology, that seemed at first unnecessary, has been winning a space in our day-to-day life. It took them more than 20 years, but today getting a Roomba is more and more mainstream. Yes, it is not for carpets, but it is handy. 

In their attempt to keep integrating their technology with everyday life seamlessly,iRobot announced the release of the j7, alongside a free software update for all Roombas, called Genius 3.0. This update is pushing  3 main features:  

  • Clean While I’m Away: if permission was given, the iRobot app will use your phone’s location services to start cleaning when you leave the house and pause cleaning when you return.
  • Cleaning Time Estimates: Roombas with mapping capability will now estimate how long a job will take them.
  • Quiet Drive: Roomba will turn off its vacuum motor on the way to a vacuuming area and the way back so as not to bother users. 

This is part of a big push that iRobot is pursuing, aiming to change the way people use their devices today; using the remote control “Clean” button to tackle every room at once. iRobot is pushing more frequent and targeted ways of using its devices. This includes vacuuming specific rooms at specific times that make sense within users schedules. 

Why? Because of thoughtfulness. 

Houses are not fabrics, there are spoken and unspoken rules, and robots are not good at interpreting the latter. Take for instance using shoes indoors. Some countries do not have strict rules about it, others do. Some areas are for wearing shoes, others don’t. Some areas need to be vacuumed more frequently, others don’t. Robots need more context to follow rules. But the information is already there, they just need the final feedback that comes through user input, now collected through Genius 3.0. 

The reason why thoughtfulness is important for home robots, is because robots need to learn and follow rules to not disturb the home ecosystem. There is nothing worse than a Roomba eating my charging cable during a meeting, or making noise during a phone call. Robots can’t be annoying. According to iRobot, the most common reason Roombas don’t complete jobs is that a human cancels it partway through. iRobot would prefer that its robots did not annoy you, and Genius 3.0 is trying to make that happen by finding ways for cleaning to happen in a rule-respecting manner; thoughtfulness. 

Open source robotics – video news

We asked what content you would like, and we heard your loud and overwhelming answer; video news! 

So we didn’t have another option than work on this new format and are now releasing our first robotics news video featuring amazing companies doing amazing robotic applications! 

Here it is 

And if you want to feature your robotics application, just send us an email to robotics.community@canonical.com 

Open source robotics – tutorial

Robotics is not only present in big manufacturing environments. It is also changing the way we farm. Agriculture is a key asset for today’s society and robotics is part of its sustainable strategy.

So let’s learn how we can define goal paths for mobile robots so they can complete activities such as harvesting, irrigation or seeding. 

In this tutorial, learn how to send a goal path to a mobile robot and the ROS 2 Navigation Stack using Python code. 

Stay tuned for more robotics news

September was a month for reflection. A 3-year challenge ended, and we look forward to seeing what this brings to the community; Amazon launched a robot for homes, and we hope that is a success for the sake of robotics, while iRobot gave us a lesson on thoughtfulness (yes, I mentioned it 5 times by now, take it as a hint to go meditate if you want).  

As always, we would love to learn from you. So send us a summary of your robotics innovation and project to robotics.community@canonical.com and we will share it in our next robotics newsletter or monthly video. Thanks for reading! 

16 October, 2021 07:43PM

hackergotchi for SparkyLinux


10 years of SparkyLinux!

Exactly 10 years ago, in October 2011, we started a work with a new Linux distribution, and on November 4, 2011 the first beta of our system released.

A bit of history:

Initially, our project began to live under the name ue17r as Ubuntu Enlightenment17 Remix and was a modification of Xubuntu Linux, from which the standard desktop was removed and replaced by Enlightenment 17.
More details on the website (in Polish only): https://linuxiarze.pl/ue17r-b1/

After community voting, on January 15, 2012 ue17r renamed to SparkyLinux.
Details on the website (in Polish only): https://linuxiarze.pl/konkurs-ue17r-koniec/

That’s how it comes.

Sparky 10 years

SparkyLinux is currently based on Debian and had over 30 major releases, not including the beta and rc releases.
About releases on Wikipedia: https://en.wikipedia.org/wiki/SparkyLinux

SparkyLinux enjoys a lot of interest and is appreciated all around the world, as evidenced by positive comments from satisfied users.

So, if you like and use SparkyLinux – please support the project and our work.


There are our archived versions of ue17r beta3 and SparkyLinux 1.0 available on ArchiveOS.org so you can check and see how the project looked 10 years ago. Keep in mind that this is a prototype and not everything may work properly.

Thank you for being with us and supporting our open-source projects – we hope it will be continued for many more years!

Aneta & Paweł

Informacja w języku polskim: https://linuxiarze.pl/10-lat-sparkylinux/

16 October, 2021 01:22PM by pavroo

October 15, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

Kubuntu General News: Kubuntu 21.10 Impish Indri Released

The Kubuntu Team is happy to announce that Kubuntu 21.10 has been released, featuring the ‘beautiful’ KDE Plasma 5.22: simple by default, powerful when needed.

Codenamed “Impish Indri”, Kubuntu 21.10 continues our tradition of giving you Friendly Computing by integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.

The team has been hard at work through this cycle, introducing new features and fixing bugs.

Under the hood, there have been updates to many core packages, including a new 5.13-based kernel, KDE Frameworks 5.86, KDE Plasma 5.22 and KDE Gear 21.08.

Kubuntu 21.10 Desktop Image

Kubuntu has seen many updates for other applications, both in our default install, and installable from the Ubuntu archive.

Krita, Kdevelop, Yakuake, and many many more applications are updated.

Applications for core day to day usage are included and updated, such as Firefox, VLC and Libreoffice.

For a list of other application updates, and known bugs be sure to read our release notes.

Download Kubuntu 21.10, or learn how to upgrade from 21.04.

Note: For upgrades from 21.04, there may a delay of a few hrs to days between the official release announcements and the Ubuntu Release Team enabling upgrades.

15 October, 2021 04:57PM

hackergotchi for Purism PureOS

Purism PureOS

Video Editing with Linux: How to Get the Most Out of Kdenlive

Next in our video editing series for the Librem 14, Gardiner Bryant digs into tuning Kdenlive’s performance and editing high-resolution video. Kdenlive is a multiplatform freedom-respecting and open source video editing solution. This video will also help those who use Kdenlive on any other hardware. We hope you find this series useful and informative, and we hope to do similar projects […]

The post Video Editing with Linux: How to Get the Most Out of Kdenlive appeared first on Purism.

15 October, 2021 04:22PM by Purism

hackergotchi for Ubuntu developers

Ubuntu developers

Corey Bryant: OpenStack Xena for Ubuntu 21.10 and Ubuntu 20.04 LTS

The Ubuntu OpenStack team at Canonical is pleased to announce the general
availability of OpenStack Xena on Ubuntu 21.10 (Impish Indri) and Ubuntu
20.04 LTS (Focal Fossa) via the Ubuntu Cloud Archive. Details of the Xena
release can be found at: https://www.openstack.org/software/xena

To get access to the Ubuntu Xena packages:

Ubuntu 21.10

OpenStack Xena is available by default for installation on Ubuntu 21.10.

Ubuntu 20.04 LTS

The Ubuntu Cloud Archive for OpenStack Xena can be enabled on Ubuntu
20.04 by running the following command:

sudo add-apt-repository cloud-archive:xena

What’s included?

aodh, barbican, ceilometer, ceph (16.2.6), cinder, designate,
designate-dashboard, dpdk (20.11.3), glance, gnocchi, heat,
heat-dashboard, horizon, ironic, ironic-ui, keystone, magnum,
magnum-ui, manila, manila-ui, masakari, mistral, murano,
murano-dashboard, networking-arista, networking-bagpipe,
networking-baremetal, networking-bgpvpn, networking-hyperv,
networking-l2gw, networking-mlnx, networking-odl, networking-sfc,
neutron, neutron-dynamic-routing, neutron-vpnaas, nova, octavia,
octavia-dashboard, openstack-trove, openvswitch (2.16.0),
ovn (21.09.0), ovn-octavia-provider, placement, sahara,
sahara-dashboard, senlin, swift, trove-dashboard, vmware-nsx,vitrage, watcher, watcher-dashboard, zaqar, and zaqar-ui.

For a full list of packages and versions, please refer to:

Known issues

OVN 21.09.0 coming soon:

Reporting bugs

If you have any issues please report bugs using the ‘ubuntu-bug’ tool to
ensure that bugs get logged in the right place in Launchpad:

sudo ubuntu-bug nova-conductor

Thank you to everyone who contributed to OpenStack Xena!

(on behalf of the Ubuntu OpenStack Engineering team)

15 October, 2021 03:06PM

Xubuntu: Xubuntu 21.10 released!

The Xubuntu team is happy to announce the immediate release of Xubuntu 21.10.

Xubuntu 21.10, codenamed Impish Indri, is a regular release and will be supported for 9 months, until June 2022. If you need a stable environment with longer support time we recommend that you use Xubuntu 20.04 LTS instead.

The final release images are available as torrents and direct downloads from xubuntu.org/download/.

As the main server might be busy in the first few days after the release, we recommend using the torrents if possible.

Xubuntu Core, our minimal ISO edition, is available to download from unit193.net/xubuntu/core/ [torrent]. Find out more about Xubuntu Core here.

We’d like to thank everybody who contributed to this release of Xubuntu!

Highlights and Known Issues


  • New Software: Xubuntu now comes pre-installed with GNOME Disk Analyzer, GNOME Disk Utility, and Rhythmbox. Disk Analyzer and Disk Utility make it easier to monitor and manage your partitions. Rhythmbox enables music playback with a dedicated media library.
  • Pipewire: Pipewire is now included in Xubuntu, and is used in conjunction with PulseAudio to improve audio playback and hardware support in Linux.
  • Keyboard Shortcuts: The Super (Windows) key will now reveal the applications menu. Existing Super+ keyboard shortcuts are unaffected.

Known Issues

  • The shutdown prompt may not be displayed at the end of the installation. Instead you might just see a Xubuntu logo, a black screen with an underscore in the upper left hand corner, or just a black screen. Press Enter and the system will reboot into the installed environment. (LP: #1944519)

For more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions, please refer to the Xubuntu Release Notes.

The main Ubuntu Release Notes cover many of the other packages we carry and more generic issues.


For support with the release, navigate to Help & Support for a complete list of methods to get help.

15 October, 2021 11:49AM

hackergotchi for VyOS


Benefits for contributors and long-time customers and more

Hello, Community!

Happy Friday!

The VyOS 1.3.0-epa2 release is underway and we’d like to say thanks to everyone who contributes and makes that possible, by working together with us and by funding the project through purchasing our services.

Big thank you!

15 October, 2021 11:10AM by Daniil Baturin (daniil@sentrium.io)

hackergotchi for Volumio


Let’s make Volumio 3 happen!

Wow! It has been a while since the last time we have spoken or wrote here in our blog. I am really sorry but there is a great reason for it! Behind the scenes, there were too many things we have been working on these past months, many software improvements, fixes and a brand new feature (exciting!). So today we have decided it is time to catch up with all of you and give you the latest exciting news on the biggest update on Volumio this year: the release of Volumio 3!

After more than 2 years of work by Volumio Team and the community, we are really pleased to announce that Volumio3 is in the final stage of development and it will be officially released very shortly.

On the Volumio Forum, you may have seen back in February this year we started the testing of Volumio 3 Buster Beta for our dedicated devices (RPI, Tinkerboard and x86). Before giving more details, we want to say thank you to all contributors of our community who have been helping in the development and fixes for Volumio 3 for all these months, it really takes a village to develop an excellent music player, and we could not have done it without all of your help.

Now let’s get to the fun part, what is Volumio 3? What are the next steps for the official release?

About Volumio 3

Volumio 3 is a next-level upgrade from our current Volumio version (Volumio 2). Thanks to our Volumio developers’ works, Volumio 3 will be faster, better in terms of security and future proof. The newest version of Volumio has left the Debian jesse version and is built based on the newer Debian Buster version. Even if it’s not noticeable to the eyes, the Debian Buster version helps Volumio 3 to be better in terms of performance and compatibility.


Advanced Audio Modular Processing Pipeline

That’s the real deal of Volumio3 and it’s the feature that required the most work. We are very proud of it since, from a mere technological perspective, it makes Volumio probably the most advanced audio player in terms of flexibility and audio processing.
The Advanced Audio Modular Processing Pipeline (AAMPP from now on) is a facility built into Volumio that allows plugins to take any audio (from any service and source) and do processing on it, and chaining to multiple processing modules.
This allows a potential huge customizability of audio processing modules, working with each other.

As an example: audio is played from TIDAL Connect, then fed into a parametric equalizer, then sent to network endpoints for synchronized playback.

Other things that can now be possible with Volumio AAMPP are:

  • Synchronized multiroom playback
  • Adaptive resampling
  • Resampling for all sources
  • Playing silence when audio is not in use
  • DSP and EQ on all sources
  • Playback to Bluetooth headsets
  • Playback to Chromecast or SONOS

And this is possible for all sources: Spotify, Spotify Connect, TIDAL, TIDAL Connect, Radios, Bluetooth, Analog inputs etc.

We’ve built Volumio AAMPP in a way that also plugin developers can take advantage of it, by defining an API to add their processing modules as Volumio plugins.
And the best of it all is that, when no modules are doing DSP or any manipulation, playback stays bit-perfect.

Additionally, the months of testing have been of great importance to remove as many of the annoying bugs as possible in order to release the most stable version of Volumio 3. But besides the many improvements on the backend system, you will find a brand-new feature on Volumio 3.

Multi-Room Sync Playback in Volumio 3

volumio-multiroom-syncYes, you read it correctly. The Multi-room feature will be released in Volumio 3!

Finally, we made it. With Volumio3 you will be able to play in sync ANY source to up to 6 Volumio players (Available for MyVolumio Superstar users).
You will be surprised to hear that we work on this for about 4 years, but we never got something we felt quite up to our expectations.
It took so long because we wanted to be able to synchronize playback, not only for MPD sources, but for all sources, like Bluetooth, TIDAL and so on. And we wanted it to be easy to use and with the ability to switch from single device playback to multiroom playback without interruptions.

This has been made possible by using Volumio AAMPP, by adding a processing module which selectively outputs audio to the audio card or to the network. The rest is handled by the excellent snapcast, which ensures playback is synchronized with a latency of max 0.2 ms.

Adding the multi-room to our list of features will give you the chance to group two or more Volumio devices to fill every room with your favorite music in perfect sync. This feature will be available in one of our premium plans, MyVolumio Superstar.


On the right menu, you can group and sync your devices

New plugins store

One of the things that set Volumio apart is the possibility to extend its functionality via plugins. There are already a whole lot of plugins made by the team and the community and that’s fantastic because it allows to extend Volumio to possibilities that we never dreamt of.
However, that comes at a price: given the complex nature of plugin development and interaction with the core Volumio, sometimes installing one or multiple plugins can make Volumio unstable.
We want to have a better curation of plugins and a better way for plugin developers to test their creation in a safe way, to make plugins available when they are stable and safe for the overall community.
The new plugin store allows to have different stages for plugins (alpha, beta and stable) which allows for broader testing and easier updates.
We are setting up a stricter control procedure and a standardized tests to help developers create top-notch plugins and a facility to rate them.
This is also why, to access the plugin store, a MyVolumio account will be required (of course, the free MyVolumio tier).

New Build System

While our beloved build script worked well for quite some years, it was time for a step up. The whole build system has been refactored to achieve 3 main goals: maintainability, observability and faster builds. While this is something that you will never notice, it means that we will be able to build and deploy faster new Volumio versions, which will mean more updates frequency.

Before the official release…

We understand how the last steps before the release are crucial, so we want to make sure all is stable and working phenomenally before the official release for the public. As I mentioned before, it takes a community to have an excellent audio player, so this is where we want to invite you to help us with the final testing.

To all Volumio users interested in joining us on this final step and help us do the final testing of Volumio 3, please click on the button below and follow the quick steps to participate in the final testing. If you find bugs, imperfections or something not working as it should, please leave a report there.

Thank you to all who helped to make Volumio 3 a reality and we will keep in touch next week with more updates on the testing and official release date.

The post Let’s make Volumio 3 happen! appeared first on Volumio.

15 October, 2021 11:02AM by Monica Ferreira

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu-MM: Ubuntu 21.10 Install Demo

Ubuntu 21.10 Is released. https://releases.ubuntu.com/21.10/ https://youtu.be/pQBL0dDYWxI Estimate: 10 Min Play Speed: x4

15 October, 2021 04:48AM

Ubuntu-MM: Ubuntu 21.10 Release Date and Features

Featured News Ubuntu Ubuntu 21.10 ကတော့ မကြာသေးခင်က ထွက်ရှိထားတဲ့ Gnome 40, GCC11 နဲ့ Flutter toolkit ပိုင်း စုံစုံလင်လင်နဲ့ ထွက်ရှိလာတော့မှာပဲဖြစ်ပါတယ် Release Dates Beta release: 23rd September Release Candidate: 7th October Final Release: 14th October Ubuntu 21.10 codename – ‘Impish Indri’ လို့ အမည်ပေးထားပါတယ်. New Features တွေ ဘာတွေပါ၀င်လာမလဲ Official feature list အနေနဲ့ တိတိကျကျ ထွက်မလာသေးပေမဲ့လည်း ပါ၀င်လာနိုင်တဲ့ features တွေကတော့ 1. Gnome 40 […]

15 October, 2021 04:42AM

hackergotchi for Qubes


QSB-073: Race condition when setting override-redirect flag

We have just published Qubes Security Bulletin (QSB) 073: Race condition when setting override-redirect flag. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB-073 in the qubes-secpack:


In addition, you may wish to:

             ---===[ Qubes Security Bulletin 073 ]===---


         Race condition when setting override-redirect flag

User action required

Users must install the following specific packages in order to address
the issues discussed in this bulletin:

  For Qubes 4.0, in dom0:
  - qubes-gui-dom0 version 4.0.17

  For Qubes 4.1, in dom0 and the template(s) of any GUI qube(s) [1]:
  - qubes-gui-daemon version 4.1.18

These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [2] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [3]

The user session must be restarted afterward in order for the updates to
take effect, e.g., by logging out then logging back in.


An override-redirect flag in the X11 protocol tells the window manager
not to manage a particular window. Windows with such flags do not get
their frames or title bars from the window manger, nor does the window
manager determine their positions. This feature is used for application
menus, tooltips, and similar accessory windows.

Unfortunately, some window managers get confused if the
override-redirect flag is set shortly before making the window visible.
When that happens, the window manager may try to move or resize the
window without respecting any size and position constraints imposed by
the GUI daemon. Normally, every window move and resize action requested
by the VM is validated by the GUI daemon. However, if the action is
initiated by the window manager, it doesn't require the GUI daemon's


A malicious application may try to hide its unspoofable colored frame
off-screen. Hiding all four sides is prevented by another constraint
(forbidding a override-redirect window from covering more than 90% of
the screen), but hiding some sides is possible. The issue is known to
affect XFCE and KDE. Other desktop environments may also be affected.


This is yet another corner case in handling the override-redirect flag.
In the long term, we will try to eliminate use of this flag completely.
As an immediate fix, we are adding additional validation of constraints
placed on windows with the override-redirect flag. This validation is
done whenever a window is moved or resized, regardless of what initiated
the action. If an illegal size or position is detected, the GUI daemon
will try to resize or move the window back to a legal size and position.
While this is a reactive solution (in the sense that it allows windows
to enter illegal states before correcting them), it will cover several
more cases, including the case in which another application resizes a
window behind the GUI daemon's back (which is the case being reported in
this QSB). Moreover, this solution serves as an additional safety check
in case the GUI daemon itself misses any other edge cases.


This issue was discovered by Demi Marie Obenour.


[1] In Qubes 4.1, certain GUI functions historically served by dom0 can
    be delegated to separate template-based "GUI qubes." A single Qubes
    4.1 system can have multiple GUI qubes.
[2] https://www.qubes-os.org/doc/testing/
[3] https://www.qubes-os.org/doc/how-to-update/

The Qubes Security Team

15 October, 2021 12:00AM

October 14, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

The Fridge: Ubuntu 21.10 (Impish Indri) released

Ubuntu 21.10, codenamed “Impish Indri”, is here. This release continues Ubuntu’s proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, partnering with the community and our partners, to introduce new features and fix bugs.

Ubuntu Desktop 21.10 makes wayland sessions available while using the Nvidia proprietary driver. PulseAudio 15 introduces support for Bluetooth LDAC and AptX codecs, as well as HFP Bluetooth profiles providing better audio quality. The recovery key feature at installation time has been improved, with the recovery key now optional, stronger and editable. Ubuntu Desktop 21.10 includes GNOME version 40, with a new and improved Activities Overview design. Workspaces are now arranged horizontally, and the overview and app grid are accessed vertically. Each direction has accompanying keyboard shortcuts, touchpad gestures and mouse actions.

Ubuntu Server 21.10 integrates recent innovations from key open infrastructure projects like OpenStack Xena, QEMU 6.0, PHP8, libvirt 7.6, Kubernetes, and Ceph with advanced life-cycle management tools for multi-cloud and on-prem operations from bare metal, VMWare and OpenStack, to every major public cloud.

The Ubuntu Kernel has been updated to the 5.13 based Linux kernel and our default toolchain has moved to the gcc 11.2.0 release with glibc 2.34.

The newest Ubuntu Budgie, Kubuntu, Lubuntu, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu are also being released today. More details can be found for these at their individual release notes under the Official Flavours section:


Maintenance updates will be provided for 9 months for all flavours releasing with 21.10.

To get Ubuntu 21.10

In order to download Ubuntu 21.10, visit:


Users of Ubuntu 21.04 will be offered an automatic upgrade to 21.10. For further information about upgrading, see:


As always, upgrades to the latest version of Ubuntu are entirely free of charge.

We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:


Find out what’s new in this release with a graphical overview:


If you have a question, or if you think you may have found a bug but aren’t sure, you can try asking in any of the following places:

#ubuntu on irc.libera.chat

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:


About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, IoT, cloud, and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:


More Information

You can learn more about Ubuntu and about this release on our website listed below:


To sign up for future Ubuntu announcements, please subscribe to Ubuntu’s very low volume announcement list at:


Originally posted to the ubuntu-announce mailing list on Thu Oct 14 16:52:36 UTC 2021 by Łukasz ‘sil2100’ Zemczak, on behalf of the Ubuntu Release Team.

14 October, 2021 08:28PM

Podcast Ubuntu Portugal: Ep 164 – Hacktoberfest II – Pedro Silva

No segundo episódio de Outubro, e continuando a nossa série de 4 episódios dedicados a pessoas e projectos ligados ao Hacktoberfest, fiquem com a experiência do Pedro Silva, que nos contou o que já fez em edições anteriores e o que pretende realizar na edição 2021.

Já sabem: oiçam, subscrevam e partilhem!

  • https://www.libreoffice.org/discover/libreoffice-technology/
    • https://web.archive.org/web/20211013212529/https://www.libreoffice.org/discover/libreoffice-technology/
  • https://web.archive.org/web/20211018194022/https://people.gnome.org/~michael/blog/2021-10-15.html
  • https://www.collaboraoffice.com/cool-days-2021-all-about-collabora-online/
    • https://web.archive.org/web/20211018194329/https://www.collaboraoffice.com/cool-days-2021-all-about-collabora-online/
  • https://github.com/CollaboraOnline/CollaboraOnline.github.io
  • https://github.com/CollaboraOnline/slides
  • https://www.youtube.com/watch?v=dnbZzeziYLA&list=PL0pdzjvYW9RFSMB71bqh_bT-SkX5FOS9x
  • https://peertube.opencloud.lu/videos/recently-added
  • https://www.youtube.com/watch?v=RwjE-wqs_8g
  • https://github.com/pedropintosilva/bella
  • https://github.com/CollaboraOnline
  • https://hacktoberfest.digitalocean.com/
  • https://ansol.org/20anos
  • https://www.pine64.org/pinepowerdesktop/
  • https://www.humblebundle.com/books/infrastructure-and-ops-oreilly-books?partner=PUP
  • https://www.humblebundle.com/books/ai-machine-learning-toolkit-books?partner=PUP
  • https://www.humblebundle.com/software/javascript-software?partner=PUP
  • https://keychronwireless.referralcandy.com/3P2MKM7
  • https://shop.nitrokey.com/shop/product/nk-pro-2-nitrokey-pro-2-3?aff_ref=3
  • https://shop.nitrokey.com/shop?aff_ref=3
  • https://youtube.com/PodcastUbuntuPortugal


Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

14 October, 2021 07:00PM

Lubuntu Blog: Lubuntu 21.10 (Impish Indri) Released!

Thanks to all the hard work from our contributors, Lubuntu 21.10 has been released. With the codename Impish Indri, Lubuntu 21.10 is the 21st release of Lubuntu, the seventh release of Lubuntu with LXQt as the default desktop environment. Support lifespan Lubuntu 21.10 will be supported for 9 months until July 2022. Our main focus […]

14 October, 2021 05:57PM

Ubuntu Blog: Ubuntu Server 21.10: What’s new?

Ubuntu Server 21.10 (Impish Indri) expands on edge use cases with a minimised system installation option in the Ubuntu Server Live Installer. It also comes with needrestart enabled by default for automated daemon restarts after applying library updates. In addition, the latest development cycle brings native, certified drivers for NVIDIA vGPU software on Ubuntu 20.04 LTS and 18.04 LTS, fully supporting sophisticated AI/ML workloads.

Ubuntu Server 21.10 will be supported by Canonical until July 2022. All new features will be available in the upcoming Ubuntu Server 22.04 LTS release.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh6.googleusercontent.com/uGneGSLZz41cXzPtwc2MTcACYG3EHvpJ8Z-6xLQvCQ8kYQUhBBAVbPFMMtZAKa1YewbWUx6CSWbUAfBBASx78XolLXLUYCuboVXD546rN9j3l4Ec-On93nhZYRbvCMUvIf8WdDi-=s0" width="720" /> </noscript>

NVIDIA vGPU software drivers

In the world of a constantly growing volume of data, the usage of AI/ML technologies is becoming more and more common. While traditional processors are fully sufficient to get started, running sophisticated workloads in production usually requires using dedicated GPU devices for better performance thanks to their parallel processing architecture.

When running such workloads in a private cloud environment, sharing physical resources, such as GPUs, becomes essential. The NVIDIA vGPU software allows for virtualisation of NVIDIA GPU devices, enabling sharing resources between guest VMs and benefitting from improved efficiency.

In response to growing demands for AI/ML workloads, the latest development cycle brings certified drivers for NVIDIA vGPU software 13.1 on Ubuntu KVM. Both host and guest drivers are now available on Ubuntu 20.04 LTS and 18.04 LTS as Debian packages, jointly tested and validated by Canonical and NVIDIA.

Get in touch for more information >

Minimised system installation option

The growing adoption of edge and IoT technologies has entailed efforts around operating system tinification. Using devices with limited hardware resources enforces smooth provisioning and a small runtime footprint.

While Ubuntu is a lightweight Linux distribution out of the box and already ships with minimal cloud images, in some cases users need to install a minimised version of Ubuntu manually. The legacy Debian Installer, deprecated starting from Ubuntu 20.10, used to provide such an option.

Based on the feedback from the community as well as commercial interest, Canonical decided to re-introduce this feature in the Ubuntu Server Live Installer. Impish Indri users can now choose to proceed with the minimised version on Ubuntu at the installation time which uses less than 100 MB of the disk space.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://ubuntu.com/wp-content/uploads/e2a3/Minimal-OS.png" width="720" /> </noscript>

Needrestart by default

Applying security updates on a regular basis is key to achieving the highest possible level of security. However, upgrading the libraries themselves may not be sufficient as some applications may still use the vulnerable code. Those have to be restarted to make sure they pick up CVE-patched versions of libraries. This is something that the needrestart package solves.

Needrestart checks which daemons need to be restarted after library upgrades and can be further configured to enable automated restarts. The package has been available in the Ubuntu archive for a while, but in response to increasing demands for even more hardened systems on the edge, starting from Ubuntu 21.10 it comes installed by default.

<noscript> <img alt="" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_720/https://lh5.googleusercontent.com/4Z9qg5l8FHCFvpOsk2aGqHYIGJcNR9_RS5UPp3ABUzMF_kEdLvEsJS3k7QevwwUj0H9QwIejpFCTfMTXR-cd_VWn1HcBKm-N_mvC2nLux1X04F7mOtYez5cYvLw7lSaKA7-c-rnr=s0" width="720" /> </noscript>

Other notable changes in Ubuntu Server 21.10

In addition to the major new features described above, Ubuntu Server 21.10 includes many other improvements. Here is a summary of the most notable changes:

  • The latest stable Linux 5.13 kernel for the latest hardware and security updates.
  • Support for all major architectures: x64-64, ARM v7, ARM64, POWER 8, POWER 9, IBM x390x (LinuxONE) and RISC-V.
  • Updates to various applications: QEMU (6.0), libvirt (7.6), PHP (8.0.8), Apache2 (2.4.48), GCC (11.2.0), Python (3.9.4), Bind9 (9.16.15), Open vSwitch (2.16.0) and OpenLDAP (2.5.6).

For more information, refer to the official release notes.

Next steps

Get Ubuntu Server 21.10 through your favourite option. Those include:

14 October, 2021 05:54PM

Ubuntu Studio: Ubuntu Studio 21.10 Released

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 21.10, code-named “Impish Indri”. This marks Ubuntu Studio’s 30th release. This release is a regular release, and as such it is supported for nine months until July 2022.

Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a complete list of changes and known issues.

You can download Ubuntu Studio 21.10 from our download page.

If you find Ubuntu Studio useful, please consider making a contribution.


Due to the change in desktop environment that started after the release of 20.04 LTS, direct upgrades from supported releases prior to 21.04 are not supported.

We have had anecdotal reports of successful upgrades from 20.04 LTS (Xfce desktop) to later releases (Plasma desktop), but this will remain at your own risk.

Instructions for upgrading are included in the release notes.

New This Release

This release includes Plasma 5.22.5, the full-featured desktop environment made by KDE. The theming uses the Materia theme and icons are Papirus icons.


Studio Controls has seen further development as its own independent project and has been updated to version 2.2.7. This version has an all-new layout and features, including JACK over network and MIDI over network.

Ardour 6.9

Ardour has been updated to version 6.9 and includes a ton of bugfixes and enhancements. For more information, check out the official release announcement.

Other Notable Updates

Carla has been upgraded to version 2.4.0 Full release announcement at kx.studio.


OBS Studio

Included this cycle is OBS Studio 27.0.1, which includes support for the upcoming (currently experimental) Wayland compositor via PipeWire. More information at the official release announcement.

For those that would like to use the advanced audio processing power of JACK with OBS Studio, OBS Studio is JACK-aware!

More Updates

There are many more updates not covered here but are mentioned in the Release Notes. We highly recommend reading those release notes so you know what has been updated and know any known issues that you may encounter.

Get Involved!

A great way to contribute is to get involved with the project directly! We’re always looking for new volunteers to help with packaging, documentation, tutorials, user support, and MORE! Check out all the ways you can contribute!

Special Thanks

Huge special thanks for this release go to:

  • Len Ovens: Studio Controls, Ubuntu Studio Installer, Coding
  • Thomas Ward: Packaging, Ubuntu Core Developer for Ubuntu Studio
  • Eylul Dogruel: Artwork, Graphics Design, Website Lead
  • Ross Gammon: Upstream Debian Developer, Guidance, Testing
  • Sebastien Ramacher: Upstream Debian Developer
  • Dennis Braun: Debian Package Maintainer
  • Rik Mills: Kubuntu Council Member, help with Plasma desktop
  • Mauro Gaspari: Tutorials, Promotion, and Documentation, Testing
  • Brian Hechinger: Testing and bug reporting
  • Chris Erswell: Testing and bug reporting
  • Robert Van Den Berg: Testing and bug reporting, IRC Support
  • Krytarik Raido: IRC Moderator, Mailing List Moderator
  • Erich Eickmeyer: Project Leader, Packaging, Direction, Treasurer

14 October, 2021 05:05PM

hackergotchi for Purism PureOS

Purism PureOS

New PureBoot Feature: Scanning Root for Tampering

With the latest PureBoot R19 pre-release we have added a number of new changes including improved GUI workflows and new security features and published a ROM image so the wider community can test it before it turns into the next stable release. To test it, existing PureBoot users can download the R19-pre1 .rom file that […]

The post New PureBoot Feature: Scanning Root for Tampering appeared first on Purism.

14 October, 2021 03:53PM by Kyle Rankin

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu MATE: Ubuntu MATE 21.10 Release Notes

The significant change in Ubuntu MATE 21.10 is the introduction of MATE Desktop 1.26.0 ✨ which was 18 months in the making. Thanks to the optimisations in MATE Desktop 1.26, Ubuntu MATE 21.10 is faster and leaner 💪

Ubuntu MATE 21.10 Ubuntu MATE 21.10 (Impish Indri).

What changed since the Ubuntu MATE 21.04?

Here are the highlights of what’s changed since the release of Hirsute Hippo 🦛

MATE Desktop 🧉

A significant effort 😅 has been invested in fixing bugs 🐛 in MATE Desktop 1.26.0, optimising performance ⚡ and plugging memory leaks. MATE Desktop is faster and leaner as a result and it’s underpinnings have been modernised and updated. This last point mostly benefits developers working on MATE, but is important to highlight to users at it demonstrates MATE Desktop is being maintained to ensure it’s longevity.

Here are some of the other quality of life 💌 improvements in MATE Desktop 1.26:

  • The Control Center features:
    • Improved Window Preferences dialog with a more comprehensive window behaviour and placement options presented.
    • Display preferences now has an option for discrete display scaling.
    • Power Manager has a new option to enable keyboard dimming.
    • Notifications now support for hyperlinks.
  • Caja can format drives and has a new Bookmarks sidebar.
  • Caja Actions, which allows you to add arbitrary programs to be launched through the context menu, is now part of the Desktop.
  • Calculator now uses GNU MPFR/MPC for high precision, faster computation and additional functions.
  • Pluma has a new mini map instant overview, a grid background to turn Pluma into a writing pad and the preferences have been redesigned.
  • Atril is much faster scrolling through large documents and the memory footprint has been reduced.
  • Engrampa, the archive manager, now supports EPUB, ARC and encrypted RAR files.
  • Marco, the windows manager:
    • Correctly restores minimised windows to their original position.
    • Thumbnail window previews support HiDPI.
  • Netspeed applet shows more information about your network interfaces.

While MATE Desktop is not completely ready for Wayland just yet, 1.26.0 represents a significant stepping stone towards that objective with most of the MATE Desktop being able to run on a Wayland compositor. 👍

Ubuntu MATE Enhancements

Ubuntu MATE has tweaked 🔧 the default desktop configuration slighty:

  • Image Extrapolation and Interpolation is disabled by default in Eye of MATE to make image viewing faster and image quality sharper.
  • The Alt-Tab pop-up is now expanded to fit long window titles.
  • If you use the Mutiny layout, session loading is now faster.

Guest Session

Once in a while a friend, family member, or colleague may want to borrow your computer 😱 The Guest Session provides a convenient way, with a high level of security, to lend your computer to someone else. A guest session can be launched either from the login screen or from within a regular session. If you are currently logged in, click the icon at the far right of the menu bar and select Guest Session. This will lock the screen for your own session and start the guest session.

A guest cannot view the home folders of other users, and by default any saved data or changed settings will be removed/reset at logout. It means that each session starts with a fresh environment, unaffected by what previous guests did.


RedShift makes a return, after being temporarily removed in Ubuntu MATE 21.04.

Raspberry Pi images

We will be refreshing our Ubuntu MATE images for Raspberry Pi in the coming weeks.

Major Applications

Accompanying MATE Desktop 1.26.0 and Linux 5.13 are Firefox 93.0, Celluloid 0.20, LibreOffice

See the Ubuntu 21.10 Release Notes for details of all the changes and improvements that Ubuntu MATE benefits from.

Download Ubuntu MATE 21.10

This new release will be first available for PC/Mac users.


Upgrading from Ubuntu MATE 21.04

You can upgrade to Ubuntu MATE 21.10 from Ubuntu MATE 21.04. Ensure that you have all updates installed for your current version of Ubuntu MATE before you upgrade.

  • Open the “Software & Updates” from the Control Center.
  • Select the 3rd Tab called “Updates”.
  • Set the “Notify me of a new Ubuntu version” drop down menu to “For any new version”.
  • Press Alt+F2 and type in update-manager -c -d into the command box.
  • Update Manager should open up and tell you: New distribution release ‘XX.XX’ is available.
    • If not, you can use /usr/lib/ubuntu-release-upgrader/check-new-release-gtk
  • Click “Upgrade” and follow the on-screen instructions.

There are no offline upgrade options for Ubuntu MATE. Please ensure you have network connectivity to one of the official mirrors or to a locally accessible mirror and follow the instructions above.

Known Issues

Here are the known issues.

Component Problem Workarounds Upstream Links
Plank When snaps update, they disappear from Plank.
Ubuntu Ubiquity slide shows are missing for OEM installs of Ubuntu MATE
VTE gdebi can not install .deb packages


Is there anything you can help with or want to be involved in? Maybe you just want to discuss your experiences or ask the maintainers some questions. Please come and talk to us.

14 October, 2021 02:41PM

hackergotchi for Pardus


Pardus 21 Hata Yakalama ve Öneri Yarışmasında Öne Çıkanlar

TÜBİTAK ULAKBİM ve Pardus Projesi’nin de kurucu üyelerinden olduğu Türkiye Açık Kaynak Platformu ve Bilişim Vadisi işbirliğiyle gerçekleştirilen Pardus 21 Hata Yakalama ve Öneri Yarışması’nda dereceye girenler Teknofest’te ödüllerini aldı. Peki ya tüm başvurular nasıldı? Pardus’a katkıları oldu mu? Önerilerden uygulanması düşünülenler var mı? İşte yarışmamız kapsamında gelen taleplerle ilgili genel bir özet…

Pardus kullanımının yaygınlaştırılması, Pardus’un 21 Ağustos 2021’de yayımlanan en son sürümü Pardus 21’in tanıtımı, Pardus ekosisteminin güçlendirilmesine katkı sağlanması ve yeni sürüm Pardus 21 üzerinde hata yakalama ve öneri katkısı alınması hedefiyle gerçekleştirilen yarışma; açık kaynak kodlu yazılımlara ilgi duyan, Pardus 21’i merak eden ve Pardus’a katkı sağlamak isteyen tüm katılımcılara açık olarak gerçekleştirildi.

Katılımcılar yarışma dahilinde; Fonksiyonel hatalar/öneriler, Performans hataları/önerileri, Kullanılabilirlik hataları/önerileri, Güvenlik Zafiyetleri ile Yerelleştirme hata/önerileri kategorilerinde başvurularını gerçekleştirdikleri gibi gibi kendi farklı önerilerini de sundu.

Puanlamalarda hata bildirim/düzeltme taleplerinin belgelendirmesi; hatanın eksiksiz tanımı, ekran görüntüsü olarak sunumu, çözümü ya da çözüm önerisinin belirtilmiş olması fark yarattı. Yarışmacıların hata/öneri talep girişleri, hata ve/ya önerinin türüne, önem derecesine ve hata/öneriyle beraber çözümünün de iyi tanımlanmış olup olmadığına bakarak değerlendirildi. Yarışmacılar önerdikleri çözüm için gerekli yama’ yı geliştirmiş ise daha çok puan kazandı. Bunun yanı sıra raporlanan hata/öneri sayısı da yarışmacılara ek puan kazandırdı.

Rakamsal veriler

Tüm bu kriterlere göre incelenen toplam 187 talebin 46’sı uygulanabilir ve iyileştirme/geliştirme için uygun bulundu. Bu taleplerden 5 tanesi talebin bildirilmesinin ardından acil olarak giderildi. 22 talep sonraki sürümlerde değerlendirilmek üzere iyileştirme listelerimizde yerini aldı. Gelen taleplerden 9 tanesinin ise oldukça önemli olduğu belirlendi. Bunlara yönelik en uygun çözüm metodunun ne olacağına yönelik araştırma çalışmaları devam etmektedir. Tüm bunlara ek olarak gelen taleplerden Pardus dış uygulamalarına yönelik olan 10 taleple ilgili olarak uygulamalarının geliştiricileri bilgilendirilmiştir.

Değerlendirmelerimizde öne çıkan noktalar

Bir yazılımda her zaman çeşitli açıklar ya da iyileştirme ihtiyaçları olabilir. Önemli olan bu açıkların ne hızla giderildiği ve yazılımın bir önceki sürümünden bir sonraki sürümüne geçerken ki kararlılığının korunabilmesidir. Eğer bir işletim sisteminden söz ediyorsak bu durum çok daha büyük önem taşır.

Gerçekleştirmiş olduğumuz Teknofest 2021 Pardus Hata Yakalama ve Öneri Yarışması bizlere, doğru ve net biçimde tanımlanmış ve talep sistemimiz yada çağrı merkezimiz üzerinden bize iletilen hata ve iyileştirmelerin oldukça kısa zamanda giderilebildiğini gösterirken; kullanıcılarımızın iyileştirmelerle ile ilgili beklentilerini görmek adına da çok faydalı oldu. Örneğin; yarışma öncesinde iyileştirme listemizde yer almayan “fare imleç teması” birden çok iyileştirme talebi açıldığı için ihtiyacı fark etmemizi sağladı ve bu konu gelecek sürümlerde iyileştirilmek üzere listemizde yerini aldı.

Tüm katılımcılarımıza gösterdikleri ilgi ve katkıları için teşekkür ediyor; beğenilen etkinlik ve yarışmalarımızın artarak devam edeceğini bildirmekten memnuniyet duyuyoruz.

14 October, 2021 07:49AM

October 13, 2021

hackergotchi for Purism PureOS

Purism PureOS

Updating Librem-EC on your Librem 14

With this (E)mbedded (C)ontroler update, your Librem 14 will have better temperature management; fans will gradually ramp up earlier. You'll also get improved keyboard mapping and better switching between battery and external power supplies.

The post Updating Librem-EC on your Librem 14 appeared first on Purism.

13 October, 2021 04:53PM by David Hamner

hackergotchi for Pardus


Pardus 19 ve 21 için yeni güncellemeler yayınlandı.

Pardus 19 ve 21 için yeni güncellemeler yayınlandı. Yapılan değişiklikleri gözlemlemek için Pardus yüklü sisteminizi güncel tutmanız yeterlidir.

Uçbirim penceresinden güncellemek için aşağıdaki komutu çalıştırarak güncellemeleri yükleyebilirsiniz

sudo apt update && sudo apt full-upgrade -yq

* Pardus 21 sisteminizi Pardus Yazılım Merkezi uygulamasının Güncellemeler menüsünden güncelleyebilirsiniz.
* Pardus 19 sisteminizi  Paket Güncelleyici uygulaması ile güncelleyebilirsiniz.
Pardus Yazılım Merkezi GüncellemelerPardus Yazılım Merkezi Güncellemeler

Pardus 19 Başlıca Değişiklikler

  • Öntanımlı internet tarayıcısı Firefox sürümü 78.15′e yükseltildi.
  • Öntanımlı e-posta istemcisi Thunderbird sürümü 78.14′e yükseltildi.
  • Kernel sürümü 4.19.0-18′e yükseltildi.
  • Güvenlik güncellemeleri yayınlandı.
  • Kurulu sisteme 30‘un üzerinde paket ve yama içeren güncelleştirmeler getirildi.
  • Depoda 100‘ün üzerinde paket güncellendi.

Pardus 21 Başlıca Değişiklikler

  • Öntanımlı internet tarayıcısı Firefox sürümü 78.15′e yükseltildi.
  • Öntanımlı e-posta istemcisi Thunderbird sürümü 78.14′e yükseltildi.
  • Kernel sürümü 5.10.0-9′a yükseltildi.
  • Güvenlik güncellemeleri yayınlandı.
  • Kurulu sisteme 80‘in üzerinde paket ve yama içeren güncelleştirmeler getirildi.
  • Depoda 500‘ün üzerinde paket güncellendi.
Paket Adı Yeni Sürüm Eski Sürüm
apache2-bin 2.4.38-3+deb10u6 2.4.38-3+deb10u5
base-files 11pardus19.5.2 11pardus19.5.1
debconf-i18n 1.5.71+deb10u1 1.5.71
debconf 1.5.71+deb10u1 1.5.71
distro-info-data 0.41+deb10u4 0.41+deb10u3
espeak-ng-data 1.49.2+dfsg-8+deb10u1 1.49.2+dfsg-8
krb5-locales 1.17-3+deb10u3 1.17-3+deb10u2
libatk-wrapper-java-jni 0.33.3-22+deb10u1 0.33.3-22
libatk-wrapper-java 0.33.3-22+deb10u1 0.33.3-22
libcommons-io-java 2.6-2+deb10u1 2.6-2
libcpupower1 4.19.208-1 4.19.194-3
libespeak-ng1 1.49.2+dfsg-8+deb10u1 1.49.2+dfsg-8
libgssapi-krb5-2 1.17-3+deb10u3 1.17-3+deb10u2
libk5crypto3 1.17-3+deb10u3 1.17-3+deb10u2
libkrb5-3 1.17-3+deb10u3 1.17-3+deb10u2
libkrb5support0 1.17-3+deb10u3 1.17-3+deb10u2
libmariadb3 1:10.3.31-0+deb10u1 1:10.3.29-0+deb10u1
libpq5 11.13-0+deb10u1 11.12-0+deb10u1
linux-compiler-gcc-8-x86 4.19.208-1 4.19.194-3
linux-cpupower 4.19.208-1 4.19.194-3
linux-image-amd64 4.19+105+deb10u13 4.19+105+deb10u12
linux-kbuild-4.19 4.19.208-1 4.19.194-3
linux-libc-dev 4.19.208-1 4.19.194-3
mariadb-common 1:10.3.31-0+deb10u1 1:10.3.29-0+deb10u1
psmisc 23.2-1+deb10u1 23.2-1
python3-debconf 1.5.71+deb10u1 1.5.71
tzdata 2021a-0+deb10u2 2021a-0+deb10u1
Paket Adı Yeni Sürüm Eski Sürüm
apache2-bin 2.4.51-1~deb11u1 2.4.48-3.1+deb11u1
base-files 12pardus21.0.1 12pardus21.0.0
desktop-base 11.0.21pardus3 11.0.21pardus2
firefox-esr-l10n-tr 78.15.0esr-1~deb11u1 78.13.0esr-1~deb11u1
firefox-esr 78.15.0esr-1~deb11u1 78.13.0esr-1~deb11u1
ghostscript 9.53.3~dfsg-7+deb11u1 9.53.3~dfsg-7
gir1.2-javascriptcoregtk-4.0 2.32.4-1~deb11u1 2.32.3-1
gir1.2-mutter-7 3.38.6-2~deb11u1 3.38.4-1
gir1.2-webkit2-4.0 2.32.4-1~deb11u1 2.32.3-1
gnome-control-center-data 1:3.38.4-1pardus1 1:3.38.4-1
gnome-control-center 1:3.38.4-1pardus1 1:3.38.4-1
gnome-shell-common 3.38.6-1~deb11u1 3.38.4-1
gnome-shell-extension-desktop-icons-ng 2.23 2
gnome-shell-extension-prefs 3.38.6-1~deb11u1 3.38.4-1
gnome-shell 3.38.6-1~deb11u1 3.38.4-1
krb5-locales 1.18.3-6+deb11u1 1.18.3-6
libapr1 1.7.0-6+deb11u1 1.7.0-6
libatk-wrapper-java-jni 0.38.0-2+deb11u1 0.38.0-2
libatk-wrapper-java 0.38.0-2+deb11u1 0.38.0-2
libbluray2 1:1.2.1-4+deb11u1 1:1.2.1-4
libc6-dev 2.31-13+deb11u2 2.31-13
libc6 2.31-13+deb11u2 2.31-13
libc-bin 2.31-13+deb11u2 2.31-13
libc-dev-bin 2.31-13+deb11u2 2.31-13
libc-devtools 2.31-13+deb11u2 2.31-13
libc-l10n 2.31-13+deb11u2 2.31-13
libgrilo-0.3-0 0.3.13-1+deb11u1 0.3.13-1
libgs9-common 9.53.3~dfsg-7+deb11u1 9.53.3~dfsg-7
libgs9 9.53.3~dfsg-7+deb11u1 9.53.3~dfsg-7
libgssapi-krb5-2 1.18.3-6+deb11u1 1.18.3-6
libjavascriptcoregtk-4.0-18 2.32.4-1~deb11u1 2.32.3-1
libk5crypto3 1.18.3-6+deb11u1 1.18.3-6
libkrb5-3 1.18.3-6+deb11u1 1.18.3-6
libkrb5support0 1.18.3-6+deb11u1 1.18.3-6
libmariadb3 1:10.5.12-0+deb11u1 1:10.5.11-1
libmutter-7-0 3.38.6-2~deb11u1 3.38.4-1
libnautilus-extension1a 3.38.2-1+deb11u1 3.38.2-1
libntfs-3g883 1:2017.3.23AR.3-4+deb11u1 1:2017.3.23AR.3-4
libpam0g 1.4.0-9+deb11u1 1.4.0-9
libpam-modules-bin 1.4.0-9+deb11u1 1.4.0-9
libpam-modules 1.4.0-9+deb11u1 1.4.0-9
libpam-runtime 1.4.0-9+deb11u1 1.4.0-9
libperl5.32 5.32.1-4+deb11u2 5.32.1-4+deb11u1
libpq5 13.4-0+deb11u1 13.3-1
libspeechd2 0.10.2-2+deb11u1 0.10.2-2
libssh-gcrypt-4 0.9.5-1+deb11u1 0.9.5-1
libssl1.1 1.1.1k-1+deb11u1 1.1.1k-1
libwebkit2gtk-4.0-37 2.32.4-1~deb11u1 2.32.3-1
linux-compiler-gcc-10-x86 5.10.70-1 5.10.46-4
linux-headers-5.10.0-8-amd64 5.10.46-5 5.10.46-4
linux-headers-5.10.0-8-common 5.10.46-5 5.10.46-4
linux-image-5.10.0-8-amd64 5.10.46-5 5.10.46-4
linux-image-amd64 5.10.70-1 5.10.46-4
linux-kbuild-5.10 5.10.70-1 5.10.46-4
linux-libc-dev 5.10.70-1 5.10.46-4
locales 2.31-13+deb11u2 2.31-13
mariadb-common 1:10.5.12-0+deb11u1 1:10.5.11-1
mutter-common 3.38.6-2~deb11u1 3.38.4-1
nautilus-data 3.38.2-1+deb11u1 3.38.2-1
nautilus 3.38.2-1+deb11u1 3.38.2-1
ntfs-3g 1:2017.3.23AR.3-4+deb11u1 1:2017.3.23AR.3-4
openssl 1.1.1k-1+deb11u1 1.1.1k-1
pardus-common-desktop 2021.10.0 2021.8.0
pardus-gnome-desktop 2021.10.0 2021.8.0
pardus-gnome-settings 2021.1 2021.8
pardus-gtk-theme 0.1.2 0.1.1
pardus-icon-theme 2.0.0~beta4 2.0.0~beta3
pardus-software 0.1.0~beta13 0.1.0~beta5
pardus-xfce-desktop 2021.10.0 2021.8.0
perl-base 5.32.1-4+deb11u2 5.32.1-4+deb11u1
perl-modules-5.32 5.32.1-4+deb11u2 5.32.1-4+deb11u1
perl 5.32.1-4+deb11u2 5.32.1-4+deb11u1
python3-reportbug 7.10.3+deb11u1 7.10.3
python3-speechd 0.10.2-2+deb11u1 0.10.2-2
reportbug 7.10.3+deb11u1 7.10.3
rsync 3.2.3-4+deb11u1 3.2.3-4
speech-dispatcher-audio-plugins 0.10.2-2+deb11u1 0.10.2-2
speech-dispatcher-espeak-ng 0.10.2-2+deb11u1 0.10.2-2
speech-dispatcher 0.10.2-2+deb11u1 0.10.2-2
thunderbird-l10n-tr 1:78.14.0-1~deb11u1 1:78.13.0-1~deb11u1
thunderbird 1:78.14.0-1~deb11u1 1:78.13.0-1~deb11u1
tzdata 2021a-1+deb11u1 2021a-1
webkit2gtk-driver 2.32.4-1~deb11u1 2.32.3-1

13 October, 2021 10:53AM

hackergotchi for SparkyLinux


Sparky 2021.10

Sparky 2021.10 of the (semi-)rolling line is out; it is based on Debian testing “Bookworm”.

This iso update provides:
– all packages upgraded as of October 12, 2021
– Linux kernel 5.14.9
– Calamares
– i386 libs removed from amd64 iso images
– small improvements

No reinstallation is required if you installed Sparky 2021.09, simply keep it up to date.

New iso images of Sparky semi-rolling can be downloaded from the download/rolling page

13 October, 2021 09:59AM by pavroo

October 12, 2021

hackergotchi for Tails


Tails report for September, 2021


In September, we released 4.22 with updates for Tor Browser and Thunderbird, improvements to the Tor Connection Assistant, and several fixes.

Tails 4.23 is scheduled for October 5.

Highlights of the month

  • We got several reports about folks being unable to download Tails images using Google Chrome, Chromium or Chromium-based browsers, and fixed it. (#18616)

  • We also received reports about a new problem with the Additional Software feature (Splitting of clearsigned file errors), and we're working on it! (#18620)

  • We improved our documentation on Connecting to the Tor network and added a new nice diagram.

    A Tor connection goes through 3 relays with the last one establishing the actual connection to the final destination

  • The documentation style guide is now the single place where we describe how we write our documentation.


  • Tails has been started more than 668 017 times this month. This makes 22 267 boots a day on average.

How do we know this?

12 October, 2021 08:08PM

hackergotchi for Ubuntu developers

Ubuntu developers

Full Circle Magazine: Full Circle Weekly News #231

Canonical introduced Ubuntu Frame shell:
Release of Lakka 3.5:

Lumina Desktop 1.6.1 Release:

Nitrux 1.6.1 with NX Desktop is Released:

Release of OnlyOffice Desktop 6.4:

LLVM Compiler 13.0 Released:

Vulnerability in Apache http server 2.4.49:

IceWM 2.8 window manager released:

IPFire 2.27 firewall:

Mir Display Server 2.5 released:

Canonical introduced Ubuntu Frame shell:

Bottlerocket 1.3, an isolated container distribution released:

OpenSilver 1.0, an open source implementation of Silverlight:

Debian 11.1:

Release of Flatpak 1.12.0:

Release of ScummVM 2.5.0

Full Circle Magazine
Host: @bardictriad, @zaivala@hostux.social
Bumper: Canonical
Theme Music: From The Dust - Stardust

12 October, 2021 05:52PM

October 11, 2021

hackergotchi for Ubuntu


Ubuntu Weekly Newsletter Issue 704

Welcome to the Ubuntu Weekly Newsletter, Issue 704 for the week of October 3 – 9, 2021. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

11 October, 2021 11:28PM by guiverc

hackergotchi for ZEVENET


How 5G Is Changing the Cybersecurity Landscape

5G holds a lot of potential for businesses. The promise of speeds up to 20 Gbps and near-zero latency could help companies become faster and more connected than ever. Despite these benefits, 5G networks also present some new risks. Public fears about radiation or diseases traveling along 5G waves are largely unfounded, but these networks do pose some threats. As they slowly become the standard for...


11 October, 2021 06:52AM by Zevenet

hackergotchi for Qubes


Qubes OS 4.1-rc1 has been released!

After many years of work, the team is pleased to announce the first release candidate for Qubes 4.1!

Qubes 4.1 includes several major new features, each of which is explained in depth in its own article:

This release candidate also includes numerous other improvements and bug fixes, which are listed in the release notes and in the issue tracker.

Finally, Qubes 4.1 features the following updated default components:

  • Xen 4.14
  • Fedora 32 in dom0
  • Fedora 34 template
  • Debian 11 template
  • Whonix 16 Gateway and Workstation templates
  • Linux kernel 5.10

Qubes 4.1-rc1 is available on the downloads page.

How to test Qubes 4.1-rc1

If you’re willing to test this release candidate, you can help to improve the stable release by reporting any bugs you encounter. Experienced users are strongly encouraged to join the testing team!

There are two ways to migrate to 4.1-rc1:

Release candidate planning

As with any initial release candidate, it’s likely that user testing will reveal important bugs that we’ll want to fix before the stable release. Depending on the severity of the bugs discovered and how long it takes to fix them, we expect that it may be anywhere from a few weeks to a few months before we announce the second release candidate.

11 October, 2021 12:00AM

October 10, 2021

hackergotchi for Maemo developers

Maemo developers

QHtmlParser: writing an HTML parser with your brain switched off

While developing MiTubo I've recently felt the need of parsing HTML pages: the first problem I wanted to solve was implementing proper RSS feed detection when the user entered a website URL into MiTubo's search box, so that MiTubo would parse the site's HTML, look for <link rel="alternate"...> URLs in the HEAD section, and let the user subscribe to any video feeds found there.

A quick search in the internet did not provide a clear answer: I found a Qt HTML parser in (stalled) development, and a few other C++ or C parsers (among the latters, lexbor is the most inspiring), but all of them seem to take the approach of parsing the HTML file into a DOM tree, while I was hoping to find a lightweight SAX-like parser. Pretty much like Python's html.parser.

Anyway, I don't remember how it happened, but at a certain point I found myself looking at html.parser source code, and I was surprised to see how compact it was (apart, of course, for the long list of character references for the HTML entities!). Upon a closer look, it also appeared that the code was not making much use of Python's dynamic typing, so, I thought, maybe I could give it a try to rewrite that into a Qt class. And a few hours later QHtmlParser was born.

As this post's title suggests, the process of rewriting html.parser with Qt was quite straightforward, and the nice thing about it is that I didn't have to spend any time reading the HTML standard or trying to figure out how to implement the parser: I just had to translate Python code into C++ code, and thanks to the nice API of QString (which in many ways resembles Python's — or vice versa) this was not too hard. I even left most of the original code comments untouched, and reused quite a few tests from the test suite.

It was time well spent. :-)

If you think you might need an HTML parser for your Qt application, you are welcome to give it a try. It's not a library, just a set of files that you can import into your project; for the time being I only have a build file for QBS, but I'll happily accept contributions to make it easier to use QHtmlParser with projects built using other build systems. You can see here the changes I made in MiTubo to start using it and detect RSS feed in a webpage's HEAD.

That's all for now. And in case you missed the link before, you can find QHtmlParser here.

0 Add to favourites0 Bury

10 October, 2021 07:57PM by Alberto Mardegan (mardy@users.sourceforge.net)

October 08, 2021

hackergotchi for SparkyLinux


Kotatogram Desktop

There is a new application available for Sparkers: Kotatogram Desktop

What is Kotatogram Desktop?

Kotatogram – experimental Telegram Desktop fork.

– Local folders
– Forward to multiple chats and forward without author
– Custom font
– Compact chat list
– Custom text replaces
– Change sticker size
– Adaptive chat bubbles
– and other smaller features.

Installation (Sparky 6 & 7 amd64):
sudo apt update
sudo apt install kotatogram-desktop

Kotatogram Desktop

License: GNU GPL 3.0
Web: github.com/kotatogram/kotatogram-desktop

08 October, 2021 05:51PM by pavroo

hackergotchi for Purism PureOS

Purism PureOS

Video Editing with Linux: Tips and Tricks to Manage Kdenlive’s Settings, Files and More.

Next in our video editing series for the Librem 14, Gardiner Bryant digs into projects files, settings, and keybindings for Kdenlive, an open source video editing solution. This video will help those that use Kdenlive work more efficiently. We hope you find this series useful and informative, and we hope to do similar projects like this in the future, so […]

The post Video Editing with Linux: Tips and Tricks to Manage Kdenlive’s Settings, Files and More. appeared first on Purism.

08 October, 2021 03:35PM by Purism

hackergotchi for Qubes


Reproducible builds for Debian: a big step forward

This is the second article in the “reproducible builds” series. Previously: Improvements in testing and building: GitLab CI and reproducible builds.

In the previous article, Improvements in testing and building: GitLab CI and reproducible builds, we discussed reproducible builds and our current short-term goals for them in Qubes OS. Notably, we aimed to start by building our Debian templates such that packages can be installed only when configured rebuilders confirm that they really came from the source code we publish. Today, we go beyond this expectation.

Reproducible builds: retrieve the past

The challenge in reproducible builds lies in rebuilding a package in the same environment in which it was officially published. This means that we need to retrieve every single package version that was used as dependency to rebuild a given package. For Debian, some packages in the current release were built several releases in the past but not necessarily with the exact same dependencies. In order to retrieve them, there is only one solution: a Debian service called snapshot.debian.org, which is an archive acting as a Wayback Machine that allows access to old packages based on dates and version numbers. It contains all past and present packages that the Debian archive provides. Unfortunately, this service is known to suffer significant blocking issues on usability. For example, watch the DebConf 2021 talk Making use of snapshot.debian.org for fun and profit and have a look at some related Debian issues like #977653, #960304, #969906, #969603, and #782857. To summarize: There are throttling limits and availability issues such as repeatedly cutting off connections, returning partial content, etc. As announced in our previous article, we developed our own rebuilder tool, debrebuild, which is able to rebuild a single Debian package together with a rebuilder orchestrator PackageRebuilder. We started to put it in production in order to actively rebuild Qubes OS and Debian packages, but it quickly ceased to function, as the snapshot.debian.org service was unable to sustain the load of rebuilding even a single Debian package. That said, the question was: How should we proceed in order to make it work? Clearly, those issues are critical and make the snapshot.debian.org service awful or useless for reproducible builds.

Is rebuilding Debian really possible?

The snapshot.debian.org issues have still not been addressed even after several years. The service has existed for more than a decade, yet it still suffers from the aforementioned limitations. It’s either a design problem or a lack of resources, but we still had to do something.

That’s why we decided to create our own snapshot service. Easy to say, but not to do. First, the original snapshot service from Debian is roughly 90 TB of repository data. Second, we cannot download files easily because only HTTP(S) is available, and downloading multiple files means we are impeded by availability issues. In order to work around the huge volume of data, we decided to get repositories from 2017 to today (which corresponds approximately to when Debian “Buster” was released) and only related architectures amd64, source, and all. (all indicates no specific architecture in the Debian world.) For the download part itself, we needed to parse the metadata of each Debian repository in order to get the list of files to download for every timestamp for which a snapshot had been made. Then, we developed resume and retry download functions, which unfortunately are brute force download functions. For storing the data, a simple approach has been employed: storing files as SHA-256 names, then creating symlinks to reconstruct the repository layout. In order to get file information (package and repository metadata), we rely on simply reading a symlink. It took 3-4 months to get 4.2 TB of data, which represents 2017 to the present. Most of the information about the downloaded files and their source repository is stored in a database. In parallel, we added — like the original snapshot.debian.org — an API, snapshot-api, to expose information about repositories. Unlike the original one, we added much more information that rebuilder software, e.g. debrebuild, needs to have when requesting package information, such as the exact location of a given package in terms of Debian archive, timestamp, suite, architecture and component. The service is now publicly exposed at https://snapshot.notset.fr and the API endpoints at https://snapshot.notset.fr/mr. The service is home-hosted by the author.

This is exactly where the dream of rebuilding Debian packages in the same environment in which they were official published became a reality. Thanks to our standalone orchestrator and rebuilder software debrebuild, results of the rebuilding process, links to reproducible attestations called in-toto metadata, and even why a package is not reproducible can all be found at https://rebuild.notset.fr. As of this writing, we have successfully rebuilt more than 80% of the latest Debian packages for the unstable release while doing tests. Since it started, several adjustments have been made, and we have finally reached a stable rebuilding process. That is why, after a few late improvements during this almost first full rebuild, we flushed it all and started again for latest Debian stable release, Bullseye. We will again rebuild unstable after the full rebuild of Bullseye is complete. As time passes, we will have fewer and fewer pending tasks, as there are a couple thousand package rebuilds remaining. Please note that, in addition to the initial package build, the process of rebuilding a package means querying the snapshot.notset.fr API multiple times to get package information and location, set up the same environment as the original published one, and finally, actually build it. All of this is possible thanks to several servers, home-hosted by the author, that intensively build packages non-stop for more than a month.

What’s next?

For Qubes OS, we already track reproducibility status in our continuous integration (CI) tests (see the previous article for details), and they are also rebuilt independently like Debian packages in the same Package Rebuilder instance. We already have most of the reproducible attestations for our specific Debian packages (see https://rebuild.notset.fr/qubesos.html), and we will soon have all the needed ones for Debian. In consequence, we are happy to announce that we have already started the process of integrating the rebuild check status both at the build phase of our Debian templates and when later installing a package in the template itself. That’s the reason we restarted the whole process of a full rebuild for Bullseye.

There is preliminary work for integrating Fedora into the orchestrator, but that deserves a separate effort. The rebuilder rpmreproduce can be used to rebuild Fedora packages, but some discussions with RPM upstream are still needed (see https://github.com/rpm-software-management/rpm/pull/1532). Also, we plan to support input other than a buildinfo file for RPM, such as a Koji build description (which is the build infrastructure used by Fedora and CentOS) or any description piece that would make it clear how an RPM package was built. We also plan to add other distributions pretty easily and quickly, like Arch Linux, which we are going to ship officially soon.


Improved documentation for the orchestrator is in progress to make it easier for others who want to rebuild Qubes OS or Debian in the same way that we are currently doing it. Having more independent rebuilders publishing reproducibility attestations would be especially good for the community.

In all of these efforts, we are really satisfied that the Reproducible Builds Project has decided to use our work and results as an example of what it has been advocating for years, notably for Debian. The official website https://beta.tests.reproducible-builds.org currently mirrors our results website https://rebuild.notset.fr.

The author warmly thanks Marta Marczykowska-Górecka and Marek Marczykowski-Górecki for their moral support and technical discussions throughout this rough and intensive journey while juggling other projects.

08 October, 2021 12:00AM

October 07, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

Stuart Langridge: Grandma

A couple of weeks ago, my grandma died.

This was not wholly unexpected, and at the same time it was completely unexpected. I should probably explain that.

She was ninety, which is a fair age for anyone, but her mother (my great-grandmother) lived to be even older. What’s different is that nobody knew she was ninety, other than us. Most of her friends were in their mid-seventies. Now, you might be thinking, LOL, old, but this is like you in your mid-forties hanging out with someone who’s 30, or you in your late twenties hanging out with someone who’s 13, or you at eighteen hanging out with someone who’s still learning what letters are. Gaps get narrower as we get older, but the thing that most surprised me was that all her friends were themselves surprised at the age she was. She can’t have been that age, they said when we told them, and buried in there is a subtle compliment: she was like us, and we’re so much younger, and when we’re that much older we won’t be like her.

No. No, you won’t be like my grandma.

I don’t want to talk much about the last few weeks. We, my mum and me, we flew to Ireland in the middle of the night, we sorted out her house and her garden and her affairs and her funeral and her friends and her family, and we came home. All I want to say about it is that, and all I want to say about her is probably best said in the eulogy I wrote and spoke for her death, and I don’t want to say it again.

But (and this is where people in my family should tune out) I thought I’d talk about the website I made for her. Because of course I made a website. You know how some people throw themselves into work to dull the pain when something terrible happens to the people they love? I’m assuming that if you were a metalworker in 1950 and you wanted to handle your grief that a bunch of people got a bunch of metal stuff that you wouldn’t ordinarily have made. Well, I am no metalworker; I build the open web, and I perform, on conference stages or for public perception. So I made a website for my grandma; something that will maybe live on beyond her and maybe say what we thought about her.

Firstly I should say: it’s at kryogenix.org/nell because her name was Nell and I made it. But neither of those things are really true. Her name was Ellen, and what I did was write down what we all said and what we all did to say goodbye. I wanted to capture the words we said while they were still fresh in my memory, but more while how I felt was fresh in my memory. Because in time the cuts will become barely noticeable scars and I’ll be able to think of her not being here without stopping myself crying, and I don’t want to forget. I don’t want to lose it amongst memories of laughter and houses and lights. So I wrote down what we all said right now while I can still feel the hurt of it like fingernails, so maybe I won’t let it fade away.

I want to write some things about the web, but that’s not for this post. This post is to say: goodbye, Grandma.

Goodbye, Grandma. I tried to make a thing that would make people think of you when they looked at it. I wanted people to think of memories of you when they read it. So I made a thing of memories of you, and I spoke about memories of you, and maybe people who knew you will remember you and people who didn’t know you will learn about you from what we all said.

Goodbye, Grandma.


07 October, 2021 09:54PM

Podcast Ubuntu Portugal: Ep 163 – Hacktoberfest I – Hugo Peixoto

Este é o primeiro episódio de Outubro, mês de Hacktoberfest! Estamos a preparar uma série de 4 episódios dedicados a pessoas e projectos ligados a este evento global. No primeiro ficamos com a experiência do Hugo Peixoto que nos contou o que já fez em edições anteriores e o que pretende realizar na edição 2021.

Já sabem: oiçam, subscrevam e partilhem!

  • https://conversas.porto.codes/
  • https://hugopeixoto.net/
  • https://twitter.com/hugopeixoto
  • https://github.com/marado/RNID
  • https://hacktoberfest.digitalocean.com/
  • https://ansol.org/20anos
  • https://www.pine64.org/pinepowerdesktop/
  • https://keychronwireless.referralcandy.com/3P2MKM7
  • https://shop.nitrokey.com/shop/product/nk-pro-2-nitrokey-pro-2-3?aff_ref=3
  • https://shop.nitrokey.com/shop?aff_ref=3
  • https://youtube.com/PodcastUbuntuPortugal


Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.

Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino e Tiago Carrondo e editado por Alexandre Carrapiço, o Senhor Podcast.

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da [CC0 1.0 Universal License](https://creativecommons.org/publicdomain/zero/1.0/).

Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

07 October, 2021 09:45PM

Ian Weisser: Installing Ubuntu Core onto 64-bit Bare Metal

I have a re-purposed AMD64 laptop motherboard, ready to become an experimental Ubuntu Core server.

It's in fine condition. You can see that it boots an Ubuntu LiveUSB's "Try Ubuntu" environment just fine. Attached to the motherboard is a new 60GB SSD for testing. The real server will use a 1TB HDD.

But Ubuntu Core doesn't install on bare metal from a Live USB. It's still easy, though.

1. Boot a "Try Ubuntu" Environment on the target system.

  • Test your network connection. The picture shows a wireless connection. This particular laptop has a wireless chip that is recognized out-of-the box, so I didn't need to get out the long network cable.
  • Test that your storage device works. You can see in the picture that Gnome Disks can see the storage device.

2. Terminal: sudo fdisk -l. Locate the storage device that you want to install Ubuntu Core onto.

  • The entire storage device will be erased.
  • My storage device is at /dev/sda today. It might be different next boot. Yours might be different.

3. Open the web browser and download Ubuntu Core.

4. Write Ubuntu Core to the storage device.

  • Warning: This command will erase your entire storage device. If there is anything valuable on your storage device, then you have skipped too many steps!
    xzcat Downloads/<.img.xz file> | sudo dd of=/dev/<target_storage_device> bs=32M status=progress; sync
  • So mine was
    xzcat Downloads/ubuntu-core-20-amd64.img.xz | sudo dd of=/dev/sda bs=32M status=progress; sync
  • Source: https://ubuntu.com/download/intel-nuc

5. Reboot into Ubuntu Core.

  • When prompted by the "Try Ubuntu" environment, remove the LiveUSB so you are booting from your newly-written storage device.
  • Be patient. My first boot into Ubuntu Core led to a black screen for nearly a minute before the system acknowledged that it actually has been working the entire time.
  • After 3-4 minutes of non-interactive setup alternating between blank screens and scrolling setup output, Ubuntu Core finally asked me two questions:  Which network to connect to, and my Ubuntu SSO e-mail address.
  • Finally, the system rebooted again. This time it didn't ask any question - just displayed the new Ubuntu Core system's IP address.

6. Log into Ubuntu Core.

    On my Desktop:
    me@Desktop:~$ ssh me@192.168.1.x
    Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-77-generic x86_64)
Success: A working Ubuntu Core on bare metal.

07 October, 2021 09:29PM by Ian (noreply@blogger.com)

hackergotchi for Qubes


XSAs released on 2021-10-05

The Xen Project has released one or more Xen Security Advisories (XSAs). The security of Qubes OS is not affected. Therefore, no user action is required.

XSAs that affect the security of Qubes OS (user action required)

The following XSAs do affect the security of Qubes OS:

  • (None)

XSAs that do not affect the security of Qubes OS (no user action required)

The following XSAs do not affect the security of Qubes OS, and no user action is necessary:

  • XSA-386 (in practice affects only Xen 4.14.3+ due to another bug that cancels out this security flaw; the other bug was fixed in 4.14.3, which exposed this flaw)

07 October, 2021 12:00AM

October 06, 2021

hackergotchi for Tails


Tails 4.23 is out

Changes and updates

  • Update Tor Browser to 10.5.8.

Known issues

None specific to this release.

See the list of long-standing issues.

Get Tails 4.23

To upgrade your Tails USB stick and keep your persistent storage

To install Tails on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 4.23 directly:

What's coming up?

Tails 4.24 is scheduled for November 2.

Have a look at our roadmap to see where we are heading to.

06 October, 2021 12:34PM

October 05, 2021

hackergotchi for Purism PureOS

Purism PureOS

Qubes OS Intro on the Librem 14

With Qubes OS now fully supported on the Librem 14 and Librem Mini, we thought it was time for a rundown of how containerization in Qubes OS makes it perhaps the most secure software design to date. Your data can be kept safe and locked away from most dangers by being in a separate VM. […]

The post Qubes OS Intro on the Librem 14 appeared first on Purism.

05 October, 2021 05:12PM by David Hamner

October 04, 2021

hackergotchi for Ubuntu developers

Ubuntu developers

Dustin Kirkland: Ubuntu 18.04 LTS Desktop Default Application Survey

Back in March, we asked the HackerNews community, “What do you want to see in Ubuntu 17.10?

A passionate discussion ensued, the results of which are distilled into this post.

In fact, you can see our progress so far this cycle.  We already have a beta code in 17.10 available for your testing for several of those:

And several others have excellent work in progress, and will be complete by 17.10:

In summary -- your feedback matters!  There are hundreds of engineers and designers working for *you* to continue making Ubuntu amazing!

Along with the switch from Unity to GNOME, we’re also reviewing some of the desktop applications we package and ship in Ubuntu.  We’re looking to crowdsource input on your favorite Linux applications across a broad set of classic desktop functionality.

We invite you to contribute by listing the applications you find most useful in Linux in order of preference. To help us parse your input, please copy and paste the following bullets with your preferred apps in Linux desktop environments.  You’re welcome to suggest multiple apps, please just order them prioritized (e.g. Web Browser: Firefox, Chrome, Chromium).  If some of your functionality has moved entirely to the web, please note that too (e.g. Email Client: Gmail web, Office Suite: Office360 web).  If the software isn’t free/open source, please note that (e.g. Music Player: Spotify client non-free).  If I’ve missed a category, please add it in the same format.  If your favorites aren’t packaged for Ubuntu yet, please let us know, as we’re creating hundreds of new snap packages for Ubuntu desktop applications, and we’re keen to learn what key snaps we’re missing.

  • Web Browser: ???
  • Email Client: ???
  • Terminal: ???
  • IDE: ???
  • File manager: ???
  • Basic Text Editor: ???
  • IRC/Messaging Client: ???
  • PDF Reader: ???
  • Office Suite: ???
  • Calendar: ???
  • Video Player: ???
  • Music Player: ???
  • Photo Viewer: ???
  • Screen recording: ???

In the interest of opening this survey as widely as possible, we’ve cross-posted this thread to HackerNews, Reddit, and Slashdot.  We very much look forward to another friendly, energetic, collaborative discussion.

Or, you can fill out the survey here: https://ubu.one/apps1804

Thank you!
On behalf of @Canonical and @Ubuntu

04 October, 2021 11:02PM by Dustin Kirkland (noreply@blogger.com)

hackergotchi for Ubuntu


Ubuntu Weekly Newsletter Issue 703

Welcome to the Ubuntu Weekly Newsletter, Issue 703 for the week of September 26 – October 2, 2021. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

04 October, 2021 10:09PM by guiverc