SmartNICs, the programmable network adapters that make data centre networking, security and storage efficient, scalable and modular, have started to play a significant role in the industry. Combining traditional NIC capabilities with advanced processing power, smartNICs allow many infrastructure capabilities to be offloaded from CPU, thus enabling CPU to focus on useful application workloads which can yield significant savings for enterprise data centres. Canonical believes that SmartNICs are an integral part of cloud infrastructure and we work with partners to integrate our cutting-edge products, such as Ubuntu, MAAS, Charmed Openstack, and Charmed Kubernetes with smartNICs to deliver value to the customers and the industry.
Join Canonical at the second SmartNICs Summit in San Jose, California from June 13-15 to connect with engineers and managers who are interested in this field.
As a leading sponsor we are excited to present the panel discussion and share our insights in the software track.
C-102: Panel on Next Great Breakthrough in SmartNICs (Panel Track)
Wednesday, June 14th, 2023, 3:10 p.m. – 4:10 p.m.
Moderator: Roy Chua, Principal, AvidThink
Panel Members:
Panelist: Jon Sreekanth, Architect, Achronix
Panelist: Eric Hibbard, Director Product Planning – Security, Samsung Semiconductor
Description: Many major changes will surely occur in the emerging SmartNIC arena. They include the addition of standard slots for GPUs and DPUs, faster processors, more canned applications (perhaps available via an app store), more standards, better operating system support, and greater use of processors other than Arm cores. Other possible advances could include the integration of on-board optics, higher frequency versions of Ethernet, the use of persistent memory, and the use of higher-speed interfaces such as CXL. A new form factor with a large power budget (such as the one suggested by SNIA) would be welcome as well.
B-103: Provisioning and Commissioning a DPU at the Bare-Metal Level (Software Track)
Wednesday, June 14th, 2023, 4:20 p.m. – 5:20 p.m.
Presenters:
Bjorn Tillenius, Senior Engineer, Canonical
Frode Nordahl, Senior Engineer, Canonical
Session description:
Operating systems play a large role in SmartNIC applications. The SmartNIC or DPU needs an operating system to run applications, but most Linux distributions are very large and contain features not used in devices that have a simple run-time environment. One solution is to use a minimal kernel specially designed for such situations. Another approach is to employ a bare-metal (unshared) server that dispenses with virtualization (no hypervisor).
The Canonical Table & Team
Canonical is inviting customers and partners to explore our trusted and secure software products for SmartNICs. We will present a few demos to showcase our solutions in smartNICs.
Networking offload onto smartNICs: Charmed Openstack solution from Canonical enables offloading of both network control(OVN) and data plane(OVS) onto smartNICs.
Provisioning of DPU: Canonical bare metal provisioning service MAAS enables provisioning of DPU/smartNICs.
Infrastructure solution: Canonical LXD enables clustering of smartNICs along with the host machines thus allowing workloads to be easily migrated from host to smartNICs.
Visit Canonical at table 16 and discuss your organisation’s networking needs with our smartNIC experts.
Between 2021 and 2023 Tails, Tor, and the Guardian
Project partnered to organize training and
usability tests in Ecuador, Mexico, and Brazil. Our goals were to:
Promote our digital security tools and train human rights defenders in the
Global South.
Learn from their experiences and needs to help us prioritize future work.
Improve the usability of our tools based on their feedback.
Usability tests and improvements
We conducted 4 rounds of in-person moderated usability tests in Mexico, Brazil,
and Ecuador to identify usability issues in the features of Tails that are most
important to new users:
The detailed methodology for each of the usability tests is explained in the
corresponding GitLab issues, linked below.
Installation
In December 2021 in Mexico, we learned that the tools for new users to install
Tails worked well, but several people got lost while navigating the
instructions on the website.
Based on these findings, we restructured our installation pages and fixed 30
usability issues on the website.
We tested these improvements in August 2022 in Brazil and confirmed that the
new installation pages were much easier to follow. Only 1 out of 4 participants
had trouble installing Tails on their own. All participants could start Tails
and connect to the Tor network easily.
Details:
Usability tests of first-time use in Mexico (#18074)
In July 2021, we released the Tor Connection assistant to completely redesign
how to connect Tails to the Tor network. The new assistant is most useful to
people who are at high risk of physical surveillance, under heavy network
censorship, or on a poor Internet connection.
In August 2022 in Brazil, we tested the usability of Tor Connection when
accessing the Tor network is blocked by censorship or by a captive portal.
Despite the many usability issues that we fixed since the first release of Tor
Connection, 3 test participants out of 4 failed to connect when access to the
Tor network was blocked.
Since then we fixed 14 usability issues affecting Tor Connection: to understand
better why connecting to Tor fails, to make it easier to configure a Tor
bridge, and to make it easier to sign in to a network using a captive portal.
In March 2023 in Ecuador, we tested the usability of the new Persistent
Storage, which was released in Tails in December 2022.
We didn't find any serious usability issues in the new Persistent Storage. The
fact that people don't have to restart to create and enable the Persistent
Storage and that their data (eg. Wi-Fi password) is stored on creation were
huge improvements compared to the old Persistent Storage.
March 2023: Usability tests of the new Persistent Storage (#18648)
Through our combined efforts we reached 47 organizations and trained 433 human
rights defenders on our family of tools based on the Tor network. For Tails
only, we conducted 8 workshops and trained 84 people on using Tails:
journalists, activists, feminists, lawyers, and human rights defenders.
The material used for these Tails workshops is available on our website in
English,
Spanish, and
Portuguese.
Assistants to the workshops were able to start Tails on all their PC computers
but had more frequent issues with Mac computers.
From what is already possible to do with Tails, people were most interested in
using Tails to:
Handle sensitive data, for example, medical data of abortion patients,
sensitive documents from political trials, or field studies from human rights
violations. That said, not all journalists thought that they were
manipulating data that was sensitive enough to require a tool like Tails.
Sometimes it was hard to draw the line on when to use Tails and when not.
Investigate sensitive topics online, either for journalistic purposes, medical
purposes, or when making safe travel plans.
Have a secure OS when using other people's computer, either when traveling or
when people don't have the means to have their own computer.
From what is not possible yet to do with Tails, people were most interested in:
Doing online meetings and using mobile messaging apps like Signal and
Telegram from Tails.
Using a VPN instead of Tor for speed and access to more websites.
We included both of these objectives in our 3-year product strategy.
You can track our progress in the GitLab issues related to
#19472.
We've been very busy behind the scenes and we're now happy to announce the availability Kodi v20 for all OSMC supported devices. All devices supported by OSMC on Kodi v19 remain supported for Kodi v20. It took time and effort to release this update as a stable release and ensure that the user experiences stays at the high level that you would expect from OSMC.
Kodi v20.1
Kodi v20.1 (Nexus) is now available as standard on OSMC, and release details can be found here.
On the OSMC side, we've made some light changes to keep everything running smoothly:
Bug fixes
Fix an issue when connecting to AP hotspots that are configured for WPA2 and WPA3 on Vero 4K / 4K +
Fix an issue on Raspberry Pi 4 / 400 that prevented older kernels from being automatically purged when not neded.
Vero 4K / 4K +: fix possible kernel panic issue
Apply missing fix for wireless preseeding that was meant to be included in the previous update. This properly fixes configuring WiFi via the desktop installers on the Download page.
Improving the user experience
Add option to display height and width of a video independent of resolution in the OSMC skin
Miscellaneous
Translation improvements
New hardware
This Summer, we plan to introduce an updated version of our flagship device Vero. This new and improved model will replace the Vero 4K + and we will be announcing further information about the new device soon.
Wrap up
To get the latest and greatest version of OSMC, simply head to My OSMC -> Updater and check for updates manually on your exising OSMC set up. Of course — if you have updates scheduled automatically you should receive an update notification shortly.
If you enjoy OSMC, please follow us on Twitter, like us on Facebook and consider making a donation if you would like to support further development.
You may also wish to check out our Store, which offers a wide variety of high quality products which will help you get the best of OSMC.
Data security and end user privacy requires focusing on the operating system (OS) that supports smartphones, tablet PCs, connected products, IoT/IIoT devices, wearable tech, and PCs. The Problem- Leaky Operating Systems and Intrusive Apps Intrusive app and social media developers, plus nation-state hackers, know that one of the largest gateways to the smartphone or PC […]
Do you have a revolutionary project that’s pushing the boundaries of the open source landscape?
Are you an inspiring community leader who’s building a sustainable coalition for the future?
Is your passion for education and advocacy helping foster the next generation of innovators?
If you answered YES to any of these questions, we welcome you to submit an abstract for Ubuntu Summit 2023!
Submitting a Talk Abstract
Log into the Events Platform
The first step towards submitting your abstract is logging into our Event Platform. On the Ubuntu Summit 2023 event page, click the Login link on the top navigation bar. You will be greeted by the Ubuntu One Login screen. If you already have an Ubuntu One account, simply login using your credentials, if not you quickly sign up for a free account.
Register for the Conference
If you are ready to travel, regardless of if you will speak at the event, make sure you register for in-person attendance. As we have limited seats, you will need to “Apply” for registration, but we will generally accept everyone until we reach the capacity. If you are not sure yet, go ahead and join us remotely.
Submit your Abstract
Once you’ve put some thought into your proposal, head over to the call for abstracts page and click on “Submit new abstract”. Here are some tips on putting together a solid proposal:
Title and Content: The Content section is the elevator pitch for us and those potentially interested in joining your talk. The title shows in the timetable that will be published closer to the event, and there will be an event-specific page with more background and information about yourself. Here are a few questions to think about in case you need help putting together your abstract:
The session title should get people interested in your topic. If you read it in a full schedule, would you click on it to learn more?
Provide background about the project or topic you’ll be presenting. Make sure it also appeals to people who don’t (yet) know much about the technology.
What is known and what is unknown about the topic?
What will you be talking about during the session? How did you solve the problem at hand?
What will participants learn by the end of the session?
How do people get involved once they’ve completed your session?
Tracks: We’ve put together numerous tracks to categorise your session and give participants an idea of what to expect at the conference. Head to our tracks page to learn more and decide how your session fits in. If you’re unsure of which track to choose, send an email to summit@ubuntu.com and we can assist you.
Authors and Bio: Add yourself, and anyone else presenting with you, as authors to your proposal. Other authors will need to sign in to our events platform at least once for you to find them in the search. The page about your session will show information about the presenters, so make sure you fill in a short bio and attach a picture to tell us who you all are.
Wait for an Acceptance Email
If your abstract is accepted, you will be invited to join us in Riga to deliver your presentation and participate in the entirety of the Ubuntu Summit. Your travel, hotel, and meals may also be provided, courtesy of Canonical.
Submission Deadline
Abstracts submission deadline: July 2, 2023 at 23:59 Abstracts review period until: July 14, 2023 Notification of acceptance: July 17, 2023
Please note the submission deadline could be subject to change. If you need assistance submitting your abstract, please send an email to summit@ubuntu.com.
Ubuntu Summit is an event focused on the Linux and Open Source ecosystem, beyond Ubuntu itself. Representatives of outstanding projects will demonstrate how their work is changing the future of technology as we know it.
Let’s celebrate the spirit of Ubuntu — I am what I am because of who we all are.
I've often wondering what will happen when this horrific war in Europe will
finally be over. I won't be discussing politics here, but what is mostly
interesting to me is how (and if) all the companies who made high proclaims
about not doing business with Russia will justify their getting back into the
Russian market. They will probably count on the fact that the war will be long,
and that people will forget what these companies' stance was. After all, the
world has forget about all the companies who collaborated with the Nazi regime,
so we can expect the same to happen with this war.
But I don't think that's right: if you made a mistake, you should be held
accountable for it. You might be wondering what is the “mistake” I'm talking
about: that's russophobia, indeed. To put it simply, and make a concrete
example: if The Qt Company stops doing business with Russian companies and
blocks its downloads page to Russian IP addresses because of the war, without
being forced by the government to do so, but does not take similar measures
against other countries who wage wars which have caused way more deaths and
displacement of individuals, well, that's what I call “russophobia”. Of course,
I'm aware that there's way more than that, and that the hatred for all what is
Russian (including culture and sport competitions) is an even bigger issue, but
in this blog post I'm especially focused on the IT world, so please forgive my
semi-intentional narrow-mindness on this topic.
Now, I'm fully aware that we live in a mediatic bubble that directs our
decisions in a way that is almost automatic, and I'm sure that most people
working for companies who took russophobic decisions are not themselves
russophobic at all (and I'm not dismissing the possibility that even the very
same people who took these decisions might not be russophobic) and that these
decisions were taken on impulse, because “everyone else is doing the same” and
due to the media pressure that if you don't do that, you might get accused of
supporting the “wrong” side of the war.
But that's not an excuse, especially for “smart” people like IT engineers (and
I put the adjective between quotes for a
reason), and especially after
the initial heat has passed and when, after more than one year of war, we
should have been exposed to different point of views and be able to evaluate
the situation more rationally. It has been therefore especially stunning for me
to learn that the Linux Kernel community, and hence The Linux Foundation, has
recently given room to russophobic behaviours, refusing a patch coming from the
Russian company Baikal (a CPU maker). For the record, the incriminated patch
was not related to supporting hardware produced by this company (not that this
would make the deed less serious, but at least one could have argued that there
could be some spot of logic in it):
From: Jakub Kicinski <kuba@kernel.org>
To: Serge Semin <Sergey.Semin@baikalelectronics.ru>
[...]
On Tue, 14 Mar 2023 01:42:24 +0300 Serge Semin wrote:
> From: Serge Semin <Sergey.Semin@baikalelectronics.ru>
We don't feel comfortable accepting patches from or relating
to hardware produced by your organization.
Please withhold networking contributions until further notice.
(here the
link to the original discussion). One week later, someone denounced this as a
violation to the Code of Conduct committee (unfortunately the only link I could
find to this is coming from a Russian IT
forum, and any
other references seem to have been removed from DuckDuckGo and Google), only to
receive a reply that it was all fine.
To me this is not fine. The war will end, sooner or later, but it bothers me
that we never learn from the past and repeat the same mistakes over and over.
We apparently know a lot about propaganda, yet we fail to recognize it when it
influences our own mind and actions. My humble contribution is the creation of
a page where I list the companies who have taken russophobic actions, and, on
the opposite side, companies (like Flickr and Zorin OS) who have stood out for
positive messages and helpful actions. My hope is that some of the listed
companies will find the courage to review their actions, and either correct
their stance, or at least clarify their reasons. So, I hereby present
where you'll find some of the good and some of the bad companies. I'm sure I'm
missing plenty of them: I just started recollecting my memories and searching
online a couple of days ago. I created this as a GitHub project, because indeed
I'm looking forward for contributions, to help me make the lists more complete.
I need to stress that the fact that a company has announced the suspension of
its business in Russia does not automatically make it russophobic: what we need
to look at is the reason for that decision: companies like LEGO and Nintendo,
for example, have suspended their operations citing logistic and financial
reasons; no judgement involved.
Let me repeat it once more, just to make sure there are no misunderstandings:
it's perfectly fine for businesses to take a stance on politics, and sometimes
it might be even praiseworthy; but if a company is international, and does not
apply the same reasoning to other armed conflicts, or seem to care only about
certain human rights violations and not others, then it's a case of double
standards which we need to be aware of, and make the company think twice about
it. And that's also the reason why you won't find any Ukrainian company among
the “bad” ones, because in their case the reaction is perfectly understandable
and they can hardly be accused of adopting double standards (well, technically
speaking, they are adopting double standards, but when you are so directly
impacted I think it does not deserve a blame): if it's your house which burns,
you should definitely scream about it, even if you previously have been silent
about your neighbour house's burning.
I'm especially looking forward for more “good” companies, who have shown empathy
towards the people affected by the war (and maybe even collected money to help
them) while refraining from taking the judging role and forgetting about all
the injustice and suffering that other wars have caused (including on that very
same piece of land that suddenly appeared on all newspapers' front pages on
February 24th, 2022). I hope that these companies can serve as an example of
positive action, humanity, and love.
Die HTU Bigband ist zurück! Am 27. Juni 2023 findet im Innenhof der TU Graz (Alte Technik, Rechbauerstraße 12, 8010 Graz) das nächste Konzert statt (bei Schlechtwetter geht es in den Hörsaal 2, der ebenfalls an der gleichen Adresse ist). Mit einem fulminanten Programm von Swing, über Soul, Funk, Latin bis Pop ist alles dabei – es gibt über 2 Stunden Musik vom Feinsten, und das Ganze bei freiem Eintritt.
Für diejenigen mit Facebook-Account unter euch gibt es auch das passende Facebook-Event.
Ich bin als Schlagzeuger und Percussionist mit von der Partie und würde mich über bekannte Gesichter freuen, ich hoffe man sieht und hört sich! 8-)
In today’s rapidly changing digital environment, the significance of robust Docker container security measures cannot be overstated. Even the containerised layer is subject to compliance standards, which raise security concerns and compliance requirements.
Docker container security measures entail safeguarding our lightweight, appliance-type containers –each encapsulating code and its dependencies– from threats and vulnerabilities.
For sectors like public health relying on handling sensitive personal data, compliance standards –like FIPS– complement security measures by providing a structured approach to protect against potential breaches, preserve customer trust, and avoid liabilities.
This can range from robust access control configuration, such as entirely removing the use of the root user, to comprehensive vulnerability management practices, from decreasing the attack surface to properly and rapidly handling inevitable CVEs.
Elevating Docker container security: enabling FIPS in containers
As discussed in a previous blog post, Ubuntu Pro tooling has simplified the process of enabling FIPS in Docker containers. With the use of build-time secrets –introduced with Docker buildkit–, this once-difficult task is now straightforward.
We just made available technical documentation to make it easier for you to create and deploy FIPS-enabled Ubuntu containers across various cloud platforms:
To build these FIPS-enabled Ubuntu containers, the first step is subscribing to Ubuntu Pro. While the built content cannot be redistributed, running it mandates that all hosts, including cluster worker nodes, are covered with Ubuntu Pro subscriptions.
Ubuntu Pro is your all-access pass to a world of open source software security, and enhanced Docker container security and compliance. Enjoy the convenience of quick and extended security updates, 10-year maintenance, and security compliance, all under a single subscription plan.
Future plans: Chisel and chiselled Ubuntu container images
Last August, we unveiled “chiselled Ubuntu containers”. These container images combine the advantages of Distroless and (distro-full) Ubuntu, designed to deliver a seamless developer and ops experience, from development to production.
Chiselled Ubuntu containers are crafted with the use of the “Chisel” tool, a from-scratch package manager reusing upstream Ubuntu content and package knowledge, with an overlay of knowledge to help developers build appliance-type, Distroless, containers without overthinking them and without the maintenance burden.
Get ready for FIPS support coming soon to Chisel and chiselled Ubuntu container images!
Join our upcoming webinar
Join us for our upcoming webinar on June 13th to learn more about FIPS-enabled containers, Ubuntu Pro, and the future of customised ultra-small container images as Docker container security continues to advance. Don’t miss an opportunity to ask Canonical experts questions in real-time during the live Q&A session.
The Elive Team is pleased to announce this special release, featuring a synthwave-inspired Desktop-design.This special version of Elive has undergone rigorous testing for months to ensure stability and updated drivers. Many improvements has been made that keeps the system lightweight, efficient, and extremely stable. We are so happy with the result that we offer this release in both 32 and 64 bit for free at absolutely no cost now and in the future.Naturally the installer also include an option to switch to the default designs for those that prefer theSEE DETAILS
We’re pleased to announce that the first release candidate for Qubes OS 4.2.0 is now available for testing. This minor release includes several new features and improvements over Qubes OS 4.1.0. Qubes 4.2.0-rc1 is available on the downloads page.
What’s new in Qubes 4.2.0?
Dom0 upgraded to Fedora 37
Xen updated to version 4.17
SELinux support in Fedora templates
Several GUI applications rewritten, including:
Applications Menu
Qubes Global Settings
Create New Qube
Qubes Update
Unified grub.cfg location for both UEFI and legacy boot
As a reminder, we published the following special announcement in Qubes Canary 032 on 2022-09-14:
We plan to create a new Release Signing Key (RSK) for Qubes OS 4.2. Normally, we have only one RSK for each major release. However, for the 4.2 release, we will be using Qubes Builder version 2, which is a complete rewrite of the Qubes Builder. Out of an abundance of caution, we would like to isolate the build processes of the current stable 4.1 release and the upcoming 4.2 release from each other at the cryptographic level in order to minimize the risk of a vulnerability in one affecting the other. We are including this notice as a canary special announcement since introducing a new RSK for a minor release is an exception to our usual RSK management policy.
As with all Qubes signing keys, we also encourage you to authenticate the new Qubes OS Release 4.2 Signing Key, which is available in the Qubes Security Pack (qubes-secpack) as well as on the downloads page under the Qubes OS 4.2.0-rc1 ISO.
Testing Qubes 4.2.0-rc1
If you’re willing to test this release candidate, you can help us improve the eventual stable release by reporting any bugs you encounter. We encourage experienced users to join the testing team.
A full list of known bugs in Qubes 4.2.0 is available here. We strongly recommend updating Qubes OS immediately after installation in order to apply all available bug fixes.
Upgrading to Qubes 4.2.0-rc1
It is not yet possible to perform an in-place upgrade from Qubes 4.1 to Qubes 4.2. For this initial release candidate, a clean installation is required. An in-place upgrade tool is in development.
When is the stable release?
That depends on the number of bugs discovered in this release candidate and their severity. As explained in our release schedule documentation, our usual process after issuing a new release candidate is to collect bug reports, triage the bugs, and fix them. This usually takes around five weeks, depending on the bugs discovered. If warranted, we then issue a new release candidate that includes the fixes and repeat the whole process again. We continue this iterative procedure until we’re left with a release candidate that’s good enough to be declared the stable release. No one can predict, at the outset, how many iterations will be required (and hence how many release candidates will be needed before a stable release), but we tend to get a clearer picture of this with each successive release candidate, which we’ll share in this section in future release candidate announcements.
In the case of Qubes 4.2.0 specifically, we already know that there will be a second release candidate (in order to test the in-place upgrade procedure, if nothing else). As mentioned above, we expect to announce that second release candidate in approximately five weeks. The results of that second release candidate will determine whether a third one is required.
What is a release candidate?
A release candidate (RC) is a software build that has the potential to become a stable release, unless significant bugs are discovered in testing. Release candidates are intended for more advanced (or adventurous!) users who are comfortable testing early versions of software that are potentially buggier than stable releases. You can read more about Qubes OS supported releases and the version scheme in our documentation.
What is a minor release?
The Qubes OS Project uses the semantic versioning standard. Version numbers are written as <major>.<minor>.<patch>. Hence, releases that increment the second value are known as “minor releases.” Minor releases generally include new features, improvements, and bug fixes that are backward-compatible with earlier versions of the same major release. See our supported releases for a comprehensive list of major and minor releases and our version scheme documentation for more information about how Qubes OS releases are versioned.
The 5th monthly Sparky project and donate report of the 2023:
– Linux kernel updated up to 6.3.5 & 5.15.114-LTS
– updated conky manager which lets you choose 1 of 5 settings now
– improved desktop installation of the cli installer, it displays summary of your choice, and lets you choose again; and added check in – if desktop installation failed, lets you get back to desktop chooser and get other one; sparky 7 only
– OpenOffice suite moved to sparky repos
Many thanks to all of you for supporting our open-source projects. Your donations help keeping them and us alive.
Don’t forget to send a small tip in June too, please.
Country
Supporter
Amount
Antoine B.
€ 15
Keith K.
$ 10
Wojciech H.
PLN 2
Grzegorz P.
PLN 20
Krzysztof M.
PLN 50
Rafał Z.
PLN 50
Olaf T
€ 10
Simon M.
€ 70
Portier P.
€ 30
Krzysztof S.
PLN 93
Jeffrey V.
€ 50
Andrzej P.
PLN 20
Marek B.
PLN 10
Alexander F.
€ 15
Rudolf L.
€ 10
Piotr M.
PLN 300
Mariusz S.
PLN 123
Karl A.
€ 1.66
Andrea B.
€ 3
Jesus G.
€ 12
unknown
mBTC 0.91761
Bernhard L.
€ 25
Stanisław G.
PLN 50
Deflet O.
€ 4
Guillermo P.
€ 100
Mariusz L.
PLN 25
Mateusz G.
PLN 25
Ralf A.
€ 15
Brayan O.
€ 0.83
John V.
€ 20
Grzegorz Z.
PLN 1
Jorg S.
€ 5
Arkadiusz G.
PLN 20
Total:
75%
In glance:
€ 386.49
PLN 789
$ 10
mBTC 0.91761
* Keep in mind that some amounts coming to us will be reduced by commissions for online payment services. Only direct sending donations to our bank account will be credited in full.
* Miej na uwadze, że kwota, którą przekażesz nam poprzez system płatności on-line zostanie pomniejszona o prowizję dla pośrednika. W całości wpłynie tylko ta, która zostanie przesłana bezpośrednio na nasze konto bankowe.
The retail industry is going through a period of major upheaval. AI is transforming the landscape at a rapid pace. Grand View Research evaluated the market value at USD 5.79 billion in 2021 and this is expected to grow at a 23.9% compound annual growth rate (CAGR) from 2022 to 2030. For retailers, this translates into a need to adapt to an entirely new paradigm of customer expectations.
As customers continue to become more discerning and margins shrink, to remain profitable, retailers are looking towards accelerated digital transformation and new technologies that can improve efficiency and enable differentiation. Innovation is taking many forms, such as virtual dressing rooms, IoT adoption, improved support for mobile e-commerce and, perhaps most crucially of all, artificial intelligence.
AI/ML has numerous applications in the retail industry, from driving personalised customer experiences, to forecasting or inventory tracking – which is particularly valuable for BOPIS strategies and other cross-channel buyer journeys. AI is enabling new levels of operations optimisation through the reduction and automation of repetitive tasks, and unprecedented insight into problems like machine malfunctions.
Are you curious about AI/ML in retail? Read more about use cases, business benefits and tools
Benefits of AI/ML in retail: which use cases are driving value?
As early as 2018, Infosys reported that 87% of retailers surveyed were using some form of AI or automation technology to guide human decision-making. Even at this early stage, the value of AI was already apparent, with 49% of companies surveyed reporting cost savings as a result of AI adoption, 44% reporting improved productivity, and 43% reporting increased revenue. (source).
The sections that follow cover the most popular and value-driving use cases.
Personalised customer experience
In the past, retailers have used business intelligence solutions such as Qlik and Tableau to make educated assumptions based on a broad, macro view of their data. Now, AI/ML enables businesses to examine their data with a laser pointer, leading to a far more nuanced understanding of trends, demographics and buying patterns. And while traditional business intelligence tools were limited to simple data types, AI/ML can take advantage of today’s growing data lakes that include images, video and text.
This insight can be achieved at scale without compromising productivity or time-to-market, and it can deliver insights right down to the level of individual shoppers. This approach empowers retailers to create bespoke shopping experiences tailored to the needs of each consumer – personalised e-commerce product recommendations being the classic example – leading to greater customer satisfaction and spending.
Are you curious about AI/ML in retail? Read more about use cases, business benefits and tools
With a more detailed understanding of historic data also comes the ability to make accurate predictions on future activity. AI/ML models can take into account a wide array of data points – such as weather, public holidays, seasonal trends and many more – to produce relatively precise predictions that can help retailers optimise decision-making and spending. Fashion trends, customer demand, foot traffic and even equipment health can all be forecast with AI/ML.
For example, businesses that use freezers to store produce can feed power utilisation data into an AI/ML model. By looking at the power fluctuations, the model can predict when a freezer is about to fail, enabling preventative maintenance that drives significant savings through reduced spoilage.
The future of AI/ML in retail
Looking ahead to 2023 and beyond, trends in the retail industry indicate that artificial intelligence and machine learning are set to become even more crucial within the retail industry. The push towards omnichannel is continuing unabated, which in turn is opening up new data sources. And as data volumes grow, the potential for AI/ML projects to provide a competitive advantage increases as well.
AI/ML already offers immense benefits to retailers, and the data that businesses are working with today represents just a fraction of the quality and depth that will be available 18-24 months from now. The sooner organisations invest in AI/ ML, the sooner they will reap the benefits, and the better positioned they will be to make the most of their data moving forwards.
O Diogo está finalmente de regresso da sua holiday trip, com renovado vigor para um rebranding do franchising! Temos histórias inenarráveis, emaranhados de cabos e PDF e actividades possivelmente ilegais. O Fairphone 4 com Ubuntu foi posto à prova…será que passa o teste? De caminho ficámos a saber que há caixas amarelas para montar, aprendemos a arte do salpicão à Italiana e não dissemos mal da Vodafone.
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
Just like a great wine, the Librem 5 is getting better with age and it may well be the only smartphone to do so. That is because we don’t invest in obsolescence. In the opposite, our wonderful dev team is never giving up on their effort to optimize the software. After each major update, the […]
Canonical began the development of Ubuntu Core in 2014, to create a fully-containerised platform for IoT. In Ubuntu Core, we use the same kernel container technology that Docker and LXC are built on, to put every component of the system into a secure sandbox, with well-defined upgrade and rollback. We did this to enable autonomous connected Internet of Things devices to receive updates which they could apply without human intervention, to address security and business needs at the edge. Ubuntu Core’s minimal footprint lends itself to enabling a secure, resilient, evergreen operating system that can be relied upon in the most challenging environments.
The containerised approach means that each piece of the system is tamper-proof and can be updated cleanly and independently. It means that you can run apps which you don’t trust to see everything on your system, you only trust them with the data they themselves are supposed to manage. And it means that you have much more flexibility to use newer versions of apps on older versions of Linux. Ideally, it means that a publisher can publish an app which works well on every desktop.
Desktop software is in many ways trickier to containerise than server or IoT software, because we want our desktop apps to work well together. That tight integration also makes it more difficult to define the sandbox boundaries between applications and system components in a way which is both secure and easy to use. Snaps are a little famous for having some rough edges on the desktop 🙂 Nevertheless, we are excited to explore the idea of a fully containerised desktop, where each component is immutable and isolated. We have steadily been improving the experience of desktop snaps. And in due course, when we think the entire system can be delivered this way, we will be excited to offer a version of the Ubuntu Desktop which has these new capabilities.
In this blog post we discuss the architecture of immutable operating systems, their benefits and drawbacks, and the role of Ubuntu Core in the immutable Linux landscape. We demonstrate how its focus on composability and security brings unique benefits to IoT, edge, robotics and cloud developers.
We’ll also cover the rise of immutable Linux in the desktop, the advantages to users and the role Ubuntu Core could play in its future… strap in!
What is an immutable operating system?
Before we can discuss what differentiates Ubuntu Core from other immutable operating systems, we must first define the properties that make an OS immutable:
Read-only: The primary characteristic of an immutable OS is that the running system cannot be directly modified by users or applications.
Atomic updates: Updates are applied atomically; meaning they’re successfully applied all at once or not at all.
Predictable: Because the core operating system doesn’t change, its behaviour is predictable across devices.
Isolated Applications: Applications are isolated from the core operating system and from each other, usually through containerisation. This ensures that changes made by an application don’t affect the core system or other applications.
What are the benefits?
Security: It is more difficult for malicious software to make changes to the system or to spread from one application to another.
Stability: System files cannot be altered or deleted by accident and atomic updates ensure that system updates do not leave the system in a partially updated and potentially unstable state.
Reproducibility: Because the OS is identical from boot to boot it is easier to test, audit and verify the system, as well as diagnose and troubleshoot issues.
Manageability: Since each instance of the OS is identical, system administrators do not have to worry about unexpected changes or inconsistencies between different systems. Atomic updates and rollbacks simplify the process of applying system updates and fixing issues.
What are the drawbacks?
Reduced Flexibility: An immutable OS is less flexible than a traditional OS. Users cannot modify system files or customise their system to the same degree.
Limited Compatibility: Not all applications and services are compatible with the containerised or isolated environments provided by an immutable OS.
Storage Requirements: Update mechanisms often require image snapshot storage. Isolated applications can lead to redundancy in the storage of application dependencies.
Developer Experience: While containerised development environments provide benefits (such as improved isolation and reproducibility) they may also introduce additional complexity and limit the use of familiar tools and workflows.
Immutable operating systems are particularly well suited to environments where stability, security, and predictability are paramount, such as servers, IoT devices, and high-security environments. However in recent years we’ve seen these properties demonstrate significant user value, first in the mobile OS space and increasingly in the PC space.
The architecture of an immutable Linux OS
Now that we’ve defined these properties, let’s review the design choices made in today’s immutable Linux ecosystem.
Chrome OS
Outside of mobile, the OS that has most effectively popularised the value of immutability for daily users is the Linux-based Chrome OS, designed with a cloud-first approach to productivity and development.
Chrome OS prioritises security with a read-only operating system, sandboxed applications and processes alongside hardware-backed encryption. Verified boot confirms that the system has not been modified via firmware and kernel signature checks at each stage of the boot process.
Updates are handled via an ‘A / B process’ where the device stores two versions of the operating system: one that is actively running and a second that is inactive, but to which modifications and updates can be applied in the background. If those modifications are successfully applied then the new version is automatically selected on the next reboot.If not, the device boots back into the existing image, making updates much more resilient.
Recent immutable Linux distributions like Fedora Silverblue follow a similar upgrade mechanism to Chrome OS via a tool called OSTree. With OSTree, full system images are downloaded in the background when an update is available and users can simply boot into them once installed.
OSTree stores snapshots of the system when changes are applied. During boot the user is presented with a list of these snapshots allowing them to boot into any of them — effectively rolling back the system. This update and rollback mechanism mitigates instability that may result from users modifying their OSTree. The result is that users can confidently layer applications, or even graphics drivers, into the OS snapshots. OSTree minimises the storage and bandwidth overhead of system updates by only shipping “deltas” (differences) in each revision.
openSUSE’s MicroOS, like Ubuntu Core, was designed primarily for IoT and other single purpose use-cases. However,it now supports a full desktop environment named openSUSE Aeon. MicroOS uses Btrfs snapshots, cloning the current running root filesystem to apply updates and then marking the new root filesystem as the next boot target. While this is a different approach to OSTree, using Btrfs snapshots also optimises the storage requirements that come with maintaining multiple bootable system images due to its copy-on-write operation.
While rebooting after a system update is often preferred because underlying changes can affect running applications or services, placing the same requirement on application upgrades is undesirable because it can lead to unnecessary disruption in the operation of the system.
To resolve this, the immutable OS’s mentioned above take advantage of containerised desktop applications (Docker, Flatpak, etc.) that run independently of the base-OS, and are not considered as part of the OS filesystem. This enables a controlled level of mutability for those applications and services that are not considered critical for the system to boot (and be managed). Such a mechanism allows applications to be updated on their own cadence without the need for a reboot and without compromising the resilience of the underlying system..
Snaps
Snaps are also immutable applications. When a snap is installed, it arrives as a complete, self-contained package that includes the application and all the dependencies it requires. These elements are bundled together into an immutable squashfs filesystem. This means that “snapped” software doesn’t modify or depend on the host system’s libraries or settings, resulting in consistency and predictability across hosts.
During the upgrade process for a snap, the entire package is replaced atomically and user data is copied between versions, ensuring that the application is always in a consistent state, thereby reducing the risk of issues often introduced by partial updates.
Snaps also provide additional security benefits through ‘strict confinement‘ and a robust signing and verification process. When a developer uploads a snap to the Snap Store, it is signed with a key registered to the developer’s account after a detailed security review. When a Linux distribution running snapd downloads and installs a snap, it verifies the signature against the Snap Store’s public keys. This ensures that the snap hasn’t been tampered with and that it originates from a trusted source.
How Ubuntu Core combines immutability with composability
The technology behind snaps extends beyond the distribution of desktop applications however. With Ubuntu Core this philosophy of security and stability applies equally to the components that make up the entire Ubuntu operating system.
Rather than treating the OS as a single immutable ‘blob’, Ubuntu Core breaks it up into discrete components. The base of Ubuntu Core, for example, is built on four primary snaps:
Gadget: Defines the system’s bootloader, partition layout and default configurations for snaps.
Kernel: Containing the Linux kernel and hardware drivers.
Base: A minimal Ubuntu OS image containing only the necessary services and utilities to support the applications running on top.
Snapd: Manages the lifecycle of all snaps in an Ubuntu Core system.
Additional OS snaps can then be layered onto this image to enable other elements of the operating system such as a desktop environment (more on this in the next section).
This composable approach to building an OS brings a number of key benefits. In the first instance users can assemble streamlined Ubuntu Core images with only the necessary components needed to run single purpose applications, minimising both the OS footprint and potential attack surface.
The other benefit is that any snap type can update on its own cadence, significantly reducing the need to reboot your device. Rollouts (and rollbacks) are more granular, allowing updates to the networking stack, for example, to run at a different cadence to the kernel.
How channels create additional flexibility
Another feature of snaps is the use of channels for delivering updates. Each snap has four standard channels: stable, candidate, beta, and edge. These channels allow users to choose how cutting-edge they want their software to be. The stable channel is the most tested and reliable, while the edge channel includes the latest changes from the application publisher. This model allows users to opt into the risk level that they’re comfortable with.
Channels also enable phased rollouts and easy rollbacks. Developers or administrators can push updates to a subset of users for testing before rolling them out to everyone. If an issue is discovered with an update, it’s easy to roll back to a previous version. This can be done on a snap-by-snap basis, minimising disruption to the system.
The potential of Ubuntu Core for Linux desktops
Behind the scenes, the Canonical team has been actively exploring the benefits of Ubuntu Core beyond the realm of IoT, most notably in the context of developers and daily users.
The properties inherent to Ubuntu Core such as secure boot, recovery states and hardware backed encryption would bring significant improvements to the security posture of a user’s PC.
It also introduces the concept of modularity to the user experience, where users may experiment with alternative desktop environment snaps while remaining on a highly stable, signed and secure LTS base.
The use of snap channels also brings into the play the concept of ‘rolling’ certain elements of the distribution. Gamers, for example, might opt-in to a kernel channel that ships the latest NVIDIA drivers as soon as they are available, in the same way the Ubuntu Desktop team did for Mesa as part of our work on the Steam snap.
However, this level of stability and security comes with trade-offs for developers and tinkerers, restricting modification of the base OS in favour of a ‘just works’ experience. For developers who see their device as a platform for open source development, the solution is container-based environments similar to the LXD basedCrostini. For tinkerers, the classic Ubuntu images would remain their preferred route to enable full control of (and responsibility for) their system.
Find out more
Over the next few months we’ll take a deeper dive into the philosophy behind Ubuntu Core and its future applications. To stay up to date, sign up to our newsletter at the side of this page.
In the meantime, check out the following links for more information:
ubuntu.com/core for a summary of the features of Ubuntu Core.
ubuntu.com/core/stories to read how Ubuntu Core is used today in networking, agriculture, robotics and drone applications.
The Armbian project is nearing its 10-year anniversary, and we’re excited to announce that our upcoming release Armbian 23.05, codename “Suni”, will be the biggest one yet! It’s a significant milestone as it marks the first release based on our completely refactored build framework! The new framework has been in development for around 3 years, during which we combined our decades long experience with Linux and embedded systems with the latest technologies that have emerged in recent years. We’ve taken all that knowledge and expertise to create something truly exceptional for our users and Linux community at large.
Continue reading to learn more about the project and our latest news and updates!
Our Focus
Armbian delivers four point releases each year, representing our team’s dedicated efforts to stabilize this complex and ever-changing system.
We release updates every 4 months, with weekly meetings for both our developers and community. Our team consists of individuals with varying levels of experience/interaction, including full-time contributors, part-time contributors, and helpful volunteers. Armbian serves as a foundational project that brings immense value to the entire Linux community. Even if you opt for a different Linux distribution on your single board computer, there’s a possibility that you’re still benefiting from Armbian or utilizing some of its components.
Our primary focus is to provide optimized images tailored to specific hardware. Additionally, we offer a generic aarch64 image that works seamlessly on compatible UEFI hardware like Ampere Altra. However, only a few single board computers support this standard, and it is currently in the early alpha phase, lacking certain important features for these devices. Hence, we adhere to existing boot scenarios and provide specific images for each hardware. Our entire ecosystem is designed to handle the generation of numerous images efficiently when the need arises.
Another significant aspect driving our efforts is addressing the diversity in single board computers. We strive to simplify the process to a point where anyone can create OS images from sources. Our technology outshines major players in the field such as LFS, Gentoo, Yocto, and Buildroot. Interestingly, many ARM-focused Linux distributions are essentially Armbian under a different name! We are committed to streamlining complexity and offering an exceptional solution for the community.
For Users
Users have not been left behind! Check out what’s new.
Improvements and enhancements
We are pleased to announce several improvements and enhancements at the user level:
Armbian Bookworm based images: We are introducing Armbian Bookworm-based images, providing the latest features and updates from Debian community.
i3 supported: i3 has been added as the fourth officially supported desktop environment, expanding the options available to our users.
Fixes and Enhancements: We have addressed issues in key tools such as armbian-installer, armbian-config, and armbian-firstrun, ensuring a smoother user experience.
Streamlined Packages: We have optimized our package base, making it nearly identical across different underlying package bases and desktop choices. This standardization improves predictability and enhances security.
Consistent Application Packages: Regardless of the chosen package base or desktop environment, the application packages remain the same. This ensures consistent functionality and ease of use.
Improved Ubuntu-Based Assemblies: We have successfully removed the unnecessary “Ubuntu advantage” services from our Ubuntu-based assemblies, as they do not provide any advantages in this specific hardware segment. Internet browsers are installed without snap technology, and we directly host many 3rd party applications in our repositories.
Fast and Safe Updates: Our streamlined system allows for fast and safe updates, ensuring that users can easily stay up to date with the latest improvements and security patches.
Armbian is also gaming-friendly. Thanks to the community-maintained script, armbian-gaming, you can easily turn your ordinary Linux device into a gaming platform. You’ll have the opportunity to play games specifically developed for x86 architecture using Wine. The emulation feature works seamlessly on both 32-bit and 64-bit hardware. Additionally, Armbian provides support for popular gaming platforms such as Steam, PlayStation, Android emulation, and even PS2 games. Get ready for an immersive gaming experience on your Armbian-powered system! Special thanks to @NicoD-SBC, @ptitSeb, @rpardini, and @monkaBlyat
These enhancements aim to provide a seamless, secure and fun user experience, further establishing Armbian as a reliable choice for single board computer users!
Remarkable Contributors and Supporters
We would like to express our heartfelt appreciation to the exceptional individuals who have poured their time and expertise into making this release possible. A big “Thank You” goes out to the following contributors (listed in alphabetical order): @150balbes @AGM1968 @EvilOlaf @Heisath @PanderMusubi @SteeManMI, @TheLinuxBug @Tonymac32 @adeepn @ahoneybun @amazingfate @belegdol @brentr @clee @efectn @fraz0815 @hzyitc @iav @igorpecovnik @lanefu @littlecxm @matthijskooijman @mhoffrog @monkaBlyat @paolosabatino @pyavitz @radoslavv @rpardini @schwar3kat @teknoid
Special thanks to Armbian users, supporters, greater Linux community and project partners who recognize the importance of our work and generously contribute their time, financial support, hardware, and expertise. Your support plays a crucial role in the progress of the project, and we are deeply grateful for your contributions.
The Apache OpenOffice suite has been uploaded to Sparky repos now.
What is OpenOffice?
Apache OpenOffice is the leading open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It is available in many languages and works on all common computers. It stores all your data in an international open standard format and can also read and write files from other common office software packages. It can be downloaded and used completely free of charge for any purpose.
The OpenOffice packages were available to install before via APTus AppCenter from a 3rd party repos, but… The 3rd party repos is out of date, so the latest, original packages from the project developer have been moved to Sparky repos now.
If you’d like to install OpenOffice you MUST uninstall LibreOffice before: sudo apt purge libreoffice libreoffice-*
sudo apt autoremove
Then you can install OpenOffice (Sparky 6 & 7 amd64/i386) : sudo apt update
sudo apt install openoffice-brand-en-us openoffice-brand-writer openoffice-brand-calc openoffice-brand-impress openoffice-brand-base openoffice-brand-draw openoffice-brand-math openoffice-pyuno openoffice-ooofonts openoffice-ooolinguistic openoffice-debian-menus
License: Apache License Version 2.0
Web: www.openoffice.org
Introducing the Librem Server v2 The new Librem Server features a 9th generation Intel Core i7 processor with 8 Cores and 12MB of cache. It can get up to 128GB of DDR4 RAM. It also features 6 USB 3.2 ports, a slim optical disk drive, 2 internal drive bays, and 4 “hot-swap” 3.5 SATA 3.0 […]
GUADEC is the GNOME community’s yearly event. A great week of talks and workshops brings hundreds of GNOME developers, users, supporters and community members together. This year GUADEC will be held in Riga, Latvia, from July 26 to July 31.
GNOME is an outstanding Open Source project. For over 25 years, it has helped shape the Linux and open source world through its numerous software programs, outreach efforts and community initiatives. Its flagship GNOME Desktop provides a great user experience, excellent design, that constantly innovates and pushes the boundaries of the modern desktop environment. It adapts to new hardware platforms, and it is the cornerstone of the Ubuntu Desktop experience.
Canonical is a proud supporter of the GNOME Project and a long time sponsor of the GUADEC conference. On top of being a gold sponsor of GUADEC this year, Canonical Community and Desktop teams are very excited to be there to help the GNOME community. We are bringing talks, workshops, and of course, we support the hallway track with our very happy and very orange Ubuntu booth!
Later in the week, Till Kamppeter will make sure that Your app is everywhere, just in a SNAP! This will be a workshop on how to SNAP a GNOME application. Towards the end of the workshop, representatives of the Canonical desktop team will be available to help the attendees snap their own apps.
When you need a break from all the talks and workshops, please come and have a chat with us at the Ubuntu booth. Share your Ubuntu stories with us, let us know what you love, ask questions, leave feedback, learn from us about the latest development of Ubuntu Desktop, and remember to get some great stickers and swag!
Riga will be a beautiful place to explore with our friends from GNOME and other open-source communities. We are already excited and can’t wait to meet you there.
Linux Matters I recently started presenting Linux Matters podcast with my friends Martin Wimpress and Mark Johnson.
In episode 4 (that link will only work once the episode is released) I briefly talked about some simple bots I setup on the Ubuntu Social Mastodon instance (which, incidentally I talked about in episode 1).
This blog post accompanies episode 4. Linux Matters is part of the Late Night Linux (LNL) family. If you support us on the LNL Patreon, you’ll often get the episode delivered early, as well as advert free.
When it comes to branding, we understand that it's more than just a logo or color scheme. A brand image encompasses our mission, values, reputation, and customer experience. It's how our customers perceive us, and it plays a crucial role in the success of our company. That's why our decision to renovate our brand image at ZEVENET is so significant. The new color scheme of blue and green represents...
This year I attended Debian Reunion Hamburg (aka MiniDebConf Germany) for the second time. My goal for this MiniDebConf was just to talk to people and make the most of the time I have there. No other specific plans or goals. Despite this simple goal, it was a very productive and successful event for me.
Tuesday 23rd:
Arrived much later than planned after about 18h of travel, went to bed early.
Wednesday 24th:
Was in a discussion about individual package maintainership.
Was in a discussion about the nature of Technical Committee.
Co-signed a copy of The Debian System book along with the other DDs
Submitted a BoF request for people who are present to bring issues to the attention of the DPL (and to others who are around).
Noticed I still had a blog entry draft about this event last year, and posted it just to get it done.
Had a stand-up meeting, was nice to see what everyone was working on.
Had some event budgeting discussions with Holger.
Worked a bit on a talk I haven’t submitted yet called “Current events” (it’s slightly punny, get it?) – it’s still very raw but I’m passively working on it just in case we need a backup talk over the weekend.
Had a discussion over lunch with someone who runs their HPC on Debian and learned about Octopus and Pac.
Was in a discussion about amd64 build times on our buildds and referred them to DSA. I also e-mailed DSA to ask them if there’s anything we can do to improve build times (since it affects both productivity and motivation).
Did some premium cola tasting with andrewsh
Had a discussion with Ilu about installers (and luks2 issues in Calamares), accessibility and organisational stuff.
Thursday 25th:
Spent quite a chunk of the morning in a usrmerge BoF. I’m very impressed by the amount of reading and research the people in the BoF did and gathering all the facts/data, it seems that there is now a way forward that will fix usrmerge in Debian in a way that could work for everyone, an extensive summary/proposal will be posted to debian-devel as soon as possible.
Mind was in zombie mode. So I did something easy and upgraded the host running this blog and a few other hosts to bookworm to see what would break.
Cheese and wine party, which resulted in a mao party that ran waaaay too late.
Friday 26th:
Daytrip
Was very saddened to learn that the Metallica concert in Hamburg that day was not a daytrip option.
Had a BoF where we had an open discussion about things on our collective minds (Debian Therapy Session).
Had a session on upcoming legislature in the EU (like CRA).
Some web statistics with MrFai.
Talked to Marc Haber about a DebConf bid for Heidelberg for DebConf 25.
Closing session.
Monday 29th:
Started the morning with Helmut and Jochen convincing me switch from cowbuilder to sbuild (I’m tentatively sold, the huge new plus is that you don’t need schroot anymore, which trashed two of my systems in the past and effectively made sbuild a no-go for me until now).
Dealt with more laptop hardware failures, removing a stick of RAM seems to have solved that for now!
Das is nicht gut.
Dealt with some delegation issues for release team and publicity team.
Attended my last stand-up meeting.
Wrapped things up, blogged about the event. Probably forgot to list dozens of things in this blog entry. It is fine.
Tuesday 30th:
Didn’t attend the last day, basically a travel day for me.
Thank you to Holger for organising this event yet again!
After the success of last year’s Ubuntu Summit in Prague, the organizers at Canonical set a goal to make this year’s Summit bigger, better and bolder. With this goal in mind, we are all extremely excited to announce that this year’s Ubuntu Summit will be hosted in the beautiful city of Riga, Latvia!
The Ubuntu Summit is more than just a conference; it’s an annual celebration of the most compelling and groundbreaking innovations from the open source ecosystem. Produced and hosted by Canonical, the publishers of Ubuntu, the Summit offers a unique opportunity to experience first-hand the cutting-edge innovations and pioneering technologies that are transforming our world.
Whether you’re an industry leader, a trailblazing developer, or a passionate advocate for open source, the Ubuntu Summit is for you. Come engage with influential figures in the field, learn from those challenging the status quo, and contribute to the conversations shaping the future of technology.
This is more than an Ubuntu event; it’s a global stage for showcasing the incredible talent and diversity found in the open source community. Our mission, inspired by the spirit of Ubuntu, is to create a space where everyone – from the fledgling coder to the seasoned innovator – can come together to learn, share, and collaborate.
At the Ubuntu Summit, we’re not just imagining the future; we’re building it, together. And we invite you – the visionaries, the trailblazers, the dreamers – to join us in making the seemingly impossible, possible.
While this year marks only the second Ubuntu Summit event, the conference itself has a long and celebrated past. Starting after the inception of the first Ubuntu release in 2004, developers and community members from the project would gather together twice a year for one week to tackle the technical challenges of the time and forge the path ahead for future releases. These Ubuntu Developer Summits, or more affectionately “UDS” by its attendees, took place every year until they were eventually discontinued in 2012.
A decade later, the Summit was resurrected as a newer, more inclusive technical conference. Dropping the developer from the title to simply become the “Ubuntu Summit”, this new event sought to create a broader and more universal conference for all who shape the open source world. After the great success of last year’s Summit, the mandate and model for future Ubuntu Summits was established.
The Riga city skyline behind the resplendent Freedom Monument
The When, Where and “How Much?”
The 2023 Ubuntu Summit will take place November 3rd – 5th at the iconic Radisson Blu Latvija Hotel in the historic Riga city center. The Ubuntu Summit is free for all to attend, however there is a limited number of participants we can accommodate so be sure to register early.
Prepare your Abstracts
Our Call for Proposals window will officially open June 5th. Please stay tuned to the Ubuntu Blog and the official Ubuntu Summit Event Page for future announcements and information.
In accordance with the information shared in our latest blog post, it is important to note that Ubuntu 18.04 LTS, codenamed ‘Bionic Beaver,’ is approaching the end of its standard five-year maintenance period on 31 May 2023. Consequently, unless you hold an Ubuntu Pro subscription, updates for Ubuntu 18.04 LTS servers will cease to be available.
By subscribing to Ubuntu Pro, you can ensure that your Ubuntu 18.04 LTS deployment remains fully supported until 2028. This extended support period provides you with continued assistance and maintenance for your workloads running on Google Compute Engine (GCE).
To gain a comprehensive understanding of the implications and actions required if you currently have GCE workloads on Ubuntu 18.04 LTS, we invite you to refer to this blog for detailed information.
Upgrade to newer versions of Ubuntu
If you are contemplating upgrading your Ubuntu installation to a more recent version, there are a couple of options available. One option is to upgrade to Ubuntu 20.04 LTS directly. Alternatively, you can perform a fresh installation of Ubuntu 20.04 or 22.04 LTS and then adjust your applications accordingly.
For a detailed guide on how to upgrade your Ubuntu Server, please refer to the Ubuntu Server upgrade guide, which provides comprehensive information and step-by-step instructions.
Upgrade to Ubuntu Pro
If you require additional time to plan your upgrade or prefer to extend the lifespan of a project that doesn’t require immediate upgrading, Ubuntu Pro offers a suitable solution.
Ubuntu Pro is a subscription service provided by Canonical, offering enhanced security and compliance features while maintaining the familiar Ubuntu experience. With Ubuntu Pro, you gain access to “esm-infra”, which extends the coverage of LTS releases from the standard 5 years to 10 years from the release date. This extended coverage ensures that critical security vulnerabilities, identified as high and critical common vulnerabilities and exposures (CVEs), continue to receive security fixes for both x86-64 and arm64 architectures.
Additionally, Ubuntu Pro includes access to “esm-apps”, which provides security patching for over 23,000 third-party open-source applications available in the Ubuntu Universe repository.
By leveraging Ubuntu Pro, organizations with workloads running on Ubuntu LTS releases can uphold compliance standards by maintaining a secure environment without immediate upgrades.
For more detailed information about Ubuntu Pro and its features, please visit ubuntu.com/pro.
How to upgrade to Ubuntu Pro
Google and Canonical have been working together strenuously to give you the most seamless experience in getting the best of class protection. You can upgrade your Ubuntu LTS to Ubuntu Pro in 1 second, with 1 command.
Here is how it works:
Suppose you have one VM running on Ubuntu 18.04 LTS.
Done! Now you have upgraded your Ubuntu 18.04 LTS to Ubuntu 18.04 Pro. Let’s verify all the magic works you’ve done. When you ssh into this machine, input the following:
pro status
you will see:
SERVICE ENTITLED STATUS DESCRIPTION
cis yes enabled Center for Internet Security Audit Tools
esm-apps yes enabled UA Apps: Extended Security Maintenance (ESM)
esm-infra yes enabled UA Infra: Extended Security Maintenance (ESM)
fips yes enabled NIST-certified core packages
fips-updates yes enabled NIST-certified core packages with priority security updates
livepatch yes enabled Canonical Livepatch service
Enable services with: pro enable <service>
Timely patching with Ubuntu Pro for fully secured MLOps
Generative AI projects like ChatGPT have motivated enterprises to rethink their AI strategy and make it a priority. In a report published by PwC, 72% of respondents said they were confident in the ROI of artificial intelligence. More than half of respondents also state that their AI projects are compliant with applicable regulations (57%) and protect systems from cyber attacks, threats or manipulations (55%).
Production-grade AI initiatives are not an easy task. Organisations need to go through different stages to prepare data, develop the model and deploy it. Reproducibility and portability are essential for such projects. This is where machine learning operations (MLOps) can help.
What is MLOps?
Machine learning operations (MLOps) is a set of practices that aim to simplify workflow processes and automate machine learning and deep learning deployments. It accomplishes the deployment and maintenance of models reliably and efficiently for production, at a large scale.
MLOps is slowly evolving into an independent approach to the machine learning lifecycle that includes all steps – from data gathering to governance and monitoring. It will become a standard as artificial intelligence is moving towards becoming part of everyday business, rather than just an innovative activity.
MLOps plays a crucial role in aligning business demands and regulatory requirements. Its benefits include:
With a fast-changing landscape, many tools are available on the market to enable MLOps adoption, some of which are open source. Kubeflow, MLFlow or Seldon are some of the most popular options. Charmed Kubeflow is a production-grade, end-to-end MLOps platform that translates steps in the data science workflow into Kubernetes jobs. It is one of the official distributions of the Kubeflow upstream project. Using it, data scientists and machine learning engineers benefit from having ML deployments that are simple, portable and scalable. Charmed Kubeflow has capabilities that cover a wide range of tasks, from experimentation using Notebooks, to training using Kubeflow Pipelines or tuning, using Katib.
Charmed Kubeflow is a great companion for teams adopting the MLOps approach. MLOps brings together best practices to productise machine learning initiatives, with clear principles that take the data that is being used, the ML model and the code into account. As the market evolves, the need to have stable and secure tools to handle MLOps becomes more evident. Charmed Kubeflow addresses this challenge and allows data scientists to focus on modelling.
However, improving productivity alone is not enough. Security is also high on the agenda, which is why at Canonical, we have put careful thought into offering MLOps tooling that protects professionals from any malicious attack.
Are you looking to learn more about MLOps? Canonical’s guide is a great start.
At the beginning of the year, PyTorch reported a security breach that affected PyTorch nightly, a version of the AI tool that contains new features which are still being developed. While this particular tool had a limited user base, due to its novelty, both attacks and vulnerabilities are becoming more popular in the AI landscape. At the same time, in 2022 over 25,000 CVEs have been published (source), with a 20% increase from the previous year. It showcases a clear trend that becomes a burden for enterprises. On one hand, tracking vulnerabilities is challenging, but more importantly, patching them and ensuring that all dependencies are not breaking the systems is time-consuming.
At the same time, AI/ML initiatives usually have access to a lot of highly sensitive data. Professionals need to ensure that both the environment and artifacts are secure. They need to secure the data used within the projects, and models, as well as the platform and the layers underneath at different stages. This is true for all MLOps tooling, including open-source solutions.
Managing open-source software and all of its dependencies securely is crucial for any enterprise. Organisations look for secure open-source MLOps platforms to both develop and deploy machine learning models, without compromising on any of their standards or industry requirements. As more organisations are both reconsidering their AI/ML strategies and adopting more open-source solutions, it is crucial that open-source libraries and AI/ML toolchains also come from a trusted source with assured long-term security maintenance and platform stability.
For organisations who want to run AI/ML at scale, Canonical offers Charmed Kubeflow and Ubuntu Pro.
What is Ubuntu Pro?
Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, helps teams get timely CVE patches, harden their systems at scale and remain compliant with regimes such as FedRAMP, HIPAA and PCI-DSS.
The subscription expands Canonical’s ten-year security coverage and optional technical support to an additional 23,000 packages beyond the main Ubuntu operating system. It is ideal for organisations looking to improve their security posture, not just for the Main repository of Ubuntu, but for thousands of open-source packages and toolchains.
Securing ML workloads with Ubuntu Pro
Ubuntu Pro includes CVE patches for a wide range of images, including the ones that are specific to the Charmed Kubeflow bundle. It ensures security for all the components of the MLOps platform, enabling professionals to focus on machine learning development and deployment.
By using one of the official distributions of the upstream projects, data scientists and machine learning engineers can both benefit from automating the machine learning workflows and securing the components at different layers. With an aim to grow the MLOps ecosystem, Charmed Kubeflow integrates with various other AI-specific or data-specific platforms that include Kafka, Spark, and MLFlow. Ubuntu Pro covers the full stack, from infrastructure to the operating system and application layer.
Ubuntu Pro is ideal for organisations that want to focus on innovation and be confident of ongoing security maintenance and dependency tracking. Canonical backports security fixes from newer versions of applications, giving data scientists, ML engineers and operational teams a path to long-term security with no forced upgrades. The result is a decade of open-source platform stability, code reproducibility, and peace of mind for those looking to adopt MLOps securely.
It has been some time since we last published a global product report for the Librem 5 phone. This is not because of slowing down our development effort, it is the opposite. We have been very busy and we have made substantial progress during the last few months. We have been listening to our customers […]
I upgraded the host running my blog to Debian 12 today. My website has existed in some form since 1997, it changed from pure html to a Python CGI script in the early 2000s, and when blogging became big around then, I migrated to WordPress around 2004.
This WordPress instance ran on Ubuntu up until 2010, and then on Debian ever since. Upgrades are just too easy. I did end up hitting one small bug with today’s upgrade though, I run the PHP fast process manager on the Apache MPM event server, and during upgrade, php8.2-fpm wasn’t enabled somehow (contrary to what I would expect), at least a simple 'a2conf enable php8.2-fpm' saved my site again after a (very rare) few minutes of downtime.
As we announced at Cephalocon 2023 in Amsterdam, Canonical has started to make container images for Ceph available. We received lots of questions at the booth about what it means to the average Ceph user who has or wants to deploy Ceph on Ubuntu.
In this blog post, we will cover the benefits to users who are running containerised Ceph on Ubuntu, and specifically how these images can provide an improved security posture.
What is an OCI?
An OCI image (Open Container Initiative) is a standardised software container that can be used on a variety of compliant host environments. Ordinary packages have been used for many years to distribute software, but across various environments there can be different language runtimes, system libraries, and other dependencies that may not have been tested with the software that you want to use.
A software container solves this problem by encapsulating both the software and the surrounding environment. So instead of having to maintain a collection of packages, a user simply runs a single container instantiated from a container image that contains the desired software. The provider of the image (in this case, Canonical) completes compatibility testing with the surrounding Operating System and Ceph orchestration tooling, and most importantly, provides timely updates to the packages in the image.
Why use an Ubuntu provided container image?
It’s very important to know the provenance of any container image that a user may download from a container registry, as of course, anyone can publish an image to one of the many container registries that are in existence.
Specific to Ceph, the upstream development team provides several container images with support for the last few releases of Ceph. Those images are available via the popular container registry quay.io, so in this scenario we know that the source is trustworthy.
But what happens when there’s a critical patch required in a production environment, and upstream hasn’t released a fix yet? A helpful user might make a patched version of an image available, but can that be trusted? Other packages might have been added, or maybe an outdated version of a package with a security bug got included by mistake.
Ubuntu Pro + Infra Support support can help in this situation by giving users access to a team of Ceph experts that are able to create hotfixes for a wide range of open source software, often as quickly as within 24 hours. In this scenario, we would be able to provide a patched and trustworthy container image.
Via the Ubuntu repositories and sponsored container registries we are able to provide users of our software access to these fixes faster than the upstream projects are able to.
What makes the Ubuntu OCI different from the upstream image?
The Ceph OCI provided is fully compatible with cephadm managed Ceph clusters, and we are working hard to provide full compatibility with clusters deployed using Rook.
The only difference in our image is that when we build the image we use the Ceph packages included in Ubuntu repositories, so that we have full knowledge and control over the contents of the image, which is especially important for those situations where an emergency patch is required.
Additionally, we carry out testing with the latest versions of Ceph on Ubuntu, both for package based installations and container based deployments with cephadm and Rook.
Where can I get it?
We currently publish our image on GitHub’s container registry here.
O Diogo continua em missão secreta (alegadamente), na senda de caixas amarelas (alegadamente) que permitam concretizar com sucesso acções num Centro Linux (alegadamente) e mais não podemos dizer. Entretanto os nossos anfitriões habituais falaram de mulas, moinhos, salsichas, botões tácteis para cães, telefones fraquinhos e farinhas várias. A não perder? Veremos.
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
The Open Source Community Africa Festival (OSCAFEST) is a prestigious yearly conference that garners a significant turnout of students, developers, designers, and corporate entities. It encompasses an array of talks, workshops, and initiatives aimed at promoting the growth of open source culture, contribution, development, community, etc., across the continent. This year’s event will take place in the incredible city of Lagos, Nigeria on June 15-17th.
Canonical is a proud sponsor of OSCAfest and will be providing several workshops this year:
Andreea Munteanu, Product Manager on the MLOps team, will be presenting a fascinating workshop on decomplexifying data science with MLFlow. This session is an excellent way to get started with your first machine-learning project.
Sergio Schvezov, Engineering Manager on the Starcraft Team, will be hosting an engaging, hands-on workshop on building Snap Applications. Attendees will build their very own CLI Snap and even delve into Flutter Snapping basics. Be sure to bring your laptop!
When you’re not engaged in the many talks or workshops the multi-day conference has to offer, be sure to stop by the Ubuntu booth for a quick chat and pick up some Ubuntu themed swag for your collection. Just look for the bright orange booth!
Group Photo from last year’s OSCAfest OSCA Africa – Photo Licensed under CC BY 2.0
OSCAfest brings in over 800 participants every year and is a stellar opportunity to network with other passionate folks in the open source community. Learn more about the event on our OSCAfest events page. We hope to see you there!
Folks in the region who are interested in volunteering or learning about Ubuntu LoCo opportunities, please click here to get involved.
Join in the OSCAfest discussion and learn about other upcoming community events over on the Ubuntu Discourse.
Top on my TO-DO list is still PIM. There are many parts, making it more complex. I am working on it though. QT6/KF6 is making it’s way to the top of the list as well. KDE Neon has made significant progress here, so I am in early stages of updating our build scripts to generate our qt6/kf6 content snap.
Thanks for stopping by!
https://gofund.me/2c7b1808 All proceeds go to improving my ability to work. Thanks for your consideration!
From 9 to 12 May this year, people from 165 countries gathered virtually for the Women in Tech Global Conference. The conference is the flagship event of the WomenTech Network, a community for women in tech worldwide. Canonical was a gold event sponsor, and several team members participated as keynote speakers, networking hosts and attendees.
When looking at the agenda in the weeks leading up to the conference, the number of speakers and sessions listed already hinted at the appetite for networking with a community of women, underrepresented groups and their allies in tech, science and engineering. A spirit of collaboration was palpable throughout the event, with close to 12,500 attendees participating across time zones. Participants’ willingness to share lessons learned and mistakes made gave many presentations a refreshing sense of authenticity.
In her keynote session, Cindy Goldberg, Canonical’s VP of Silicon Alliances, focused on open source – how it has inspired a global community of innovators and set the pace of rapid technological advancement. She shared her path to open source, from early studies and roles in biology and chemistry to a PhD in physics, followed by leadership roles in AI and semiconductor research. Cindy highlighted that partnerships and community were always at the centre of the most impactful innovations throughout her career: the most significant technical breakthroughs occurred when diverse and complex partnerships were formed around shared challenges. This is a powerful message. As she pointed out, collaboration is not always easy. In the open source world, for example, creating a new app or program is often straightforward. But that new app can have a complex dependency tree touching hundreds of software packages that must be maintained and secured. A web of dependencies turns securing a relatively simple app into a complex project. For Cindy, this is precisely where the next breakthrough in open source software is happening: partnering to secure open source.
Attendees also got the chance to meet with some of Canonical’s very own Miona Aleksic(Product Manager), Lidia Puerta(Senior User Researcher), Andreea Munteanu(Product Manager), Varshi Gupta(Engineering Director). From onboarding to project collaboration, the Meet and Greet allowed for Q&A and more!
It wouldn’t be inaccurate to say that I’ve had a lot on my plate in the last few years, and that I have a *huge* backlog of little tasks to finish. Just last week, I finally got to all my keysigning from DebConf22. This week, I’m at MiniDebConf Germany in Hamburg. It’s the second time I’m here! And it’s great already. Last year I drafted a blog entry, but never got around to publishing it. So, in order to mentally tick off yet another thing, here follows a somewhat imperfect (I had to delete a lot of short-hand because I didn’t know what it means anymore), but at least published post about my activities from a year ago.
This week (well, last year) I attended my first ever in-person MiniDebConf and MiniDebCamp in Hamburg, Germany. The last time I was in Germany was 7 years ago for DebConf15 (or at time of publishing, actually, last year… for this same event).
My focus for the week was to work on Debian live related stuff.
In preparation for the week I tried to fix/close as many Calamares bugs as I could, so before the event I closed:
File calamares upstream issue #1944 ‘Calamares allows me to select a username of “root”‘ for Debian bug #976617.
File calamares upstream issue #1945 ‘Calamares needs support for high DPI’ for Debian bug #992162.
Comment on calamares bug #1005212 ‘Calamares installer fails at partitioning disks’ requesting further info.
Close calamares bug #1009876 ‘There is no /tmp item in the list during the partitioning step in the debian calamares installer’ – /tmp partitions can be created, not a bug, really just a small UI issue.
Close calamares bug #974998 ‘SegFault when clicked on “Create” in manual partitioning’, not reproducible in bullseye.
Close calamares bug #971266 ‘Debian fails to start when /home is encrypted during installation’ – this works fine since bullseye.
Close calamares bug #976617 ‘Calamares allows me to select a username of “root”‘ – has since been fixed upstream.
Monday to Friday we worked together on various issues, and the weekend was for talks.
On Monday morning, I had a nice discussion with Roland Clobus who has been working on making Debian live images reproducible. He’s also been working on testing Debian Live on openqa.debian.net. We’re planning on integrating his work so that Debian 12 live images will be reproducible. For automated testing on openqa, it will be ongoing work, one blocker has been that snapshots.debian.org limits connections after a while, so builds on there start failing fast.
On Monday afternoon, I went ahead and uploaded the latest Calamares hotfix (Calamares 3.2.58.1-1) release that fixes a UI issue on the partitioning screen where it could get stuck. On 15:00 we had a stand-up meeting where we introduced ourselves and talked a bit about our plans. It was great to see how many people could benefit from each other being there. For example, someone wanting to learn packaging, another wanting to improve packaging documentation, another wanting help with packaging something written in Rust, another wanting to improve Rust packaging in general and lots of overlap when it comes to reproducible builds! I also helped a few people with some of their packaging issues.
On Monday evening, someone in videoteam managed to convince me to put together a loopy loop for this MiniDebConf. There’s really wasn’t enough time to put together something elaborate, but I put something together based on the previous loopy with some experiments that I’ve been working on for the upcoming DC22 loopy, and we can use this loop to do a call for content for the DC22 loop.
On Tuesday morning had some chats with urbec and Ilu,Tuesday afternoon talked to MIA team about upcoming removals. Did some admin on debian.ch payments for hosting. On Tuesday evening worked on live image stuff (d-i downloader, download module for dmm).
On Wednesday morning I slept a bit late, then had to deal with some DPL admin/legal things. Wednesday afternoon, more chats with people.
On Thursday: Talked to a bunch more people about a lot of issues, got loopy in a reasonably shape, edited and published the Group photo!
On Friday: prepared my talk slides, learned about Brave (https://github.com/bbc/brave) – It initially looked like a great compositor for DebConf video stuff (and possible replacement for OBS, but it turned out it wasn’t really maintained upstream). In the evening we had the Cheese and Wine party, where lots of deliciousness was experienced.
On Saturday, I learned from Felix’s talk that Tensorflow is now in experimental! (and now in 2023 I checked again and that’s still the case, although it hasn’t made it’s way in unstable yet, hopefully that improves over the trixie cycle)
I know most of the people who attended quite well, but it was really nice to also see a bunch of new Debianites that I’ve only seen online before and to properly put some faces to names. We also had a bunch of enthusiastic new contributors and we did some key signing.
From pandemics to corporate training, new technologies have transformed the landscape of learning dramatically in recent years. It is especially true in the area of learning platforms. Whether used for self-study or to coordinate homework, learning platforms have become an integral part of almost all educational institutions. Many UCS@school users rely on the well-known Open Source solution Moodle, which can be adapted to individual needs in terms of content and presentation. By integrating Moodle into UCS@school, which we offer as so-called “cool solutions“, teachers and students can easily log in to their courses and classes with their familiar user data.
The First Step: Installing Moodle
UCS makes it very easy to install Moodle from the UCS command line. See our help article Install Moodle for detailed step-by-step instructions on how to install Moodle on UCS.
Once the installation is complete, the server will be available at https:///moodle and you can log in to it with the username you chose during the installation.
The Second Step: Integrating Moodle into UCS@school
For productive use, Moodle needs the users’ digital identities. Moodle divides the integration of users into two steps: “Enrollment” refers to creating user accounts and assigning them to classes. “Authentication” refers to the user login process, either by entering a password or by single-sign-on using the UCS@school user account.
The Moodle LDAP enrollment requirements are slightly different from the UCS@school LDAP. For this reason, we have provided a short script for you in our Cool Solutions Repository to make faculty and student identities stored in UCS@school compatible with Moodle. Once installed on the UCS primary server, it works independently in the background while you continue to use UCS@school as usual.
Moodle Settings
Almost There: The Moodle Login
Of course, to use Moodle, end users need to log in to the system. UCS offers two ways to log in. Use SAML to implement single-sign-on. More about in our help article Moodle SAML Authentication.
And if UCS cannot be reached by the user, the LDAP integration, about which you can find more information in the help article Moodle LDAP Authentication, allows users to log in to Moodle directly by using their usual username and password combination. In this case, Moodle uses the connection to check the authenticity and rights of the respective user.
Moodle Login
Leading by Example: Enrolling Teachers at the Start of the School Year
Once installed, Moodle is available to teachers and students. Note, however, that classes are not available until the first user in a class has logged in to the system. It is therefore a good idea for all teachers to do so before the start of the school year to ensure that classes are available. Also, changes to classes and users will not take effect until the user logs in the next time.
Further Integrations
Other plugins, such as integrations from our partners
can operate concurrently with the UCS LDAP and SAML integration with no problems. Also, the integration does not change the look and feel of the Moodle user interface, so users will not notice anything about it – except that they can log in easily.
I hope I was able to give you some useful guidance on how to integrate Moodle with UCS@school in this short how-to. Feel free to leave any questions, comments or suggestions in the comments below this article. I look forward to receiving your feedback.
We are happy to announce that Ubuntu Pro is now available on Graviton (ARM) instances of all generations. You can now launch or upgrade Ubuntu Graviton instances to Ubuntu Pro on AWS EC2.
Why is this good?
Ubuntu Pro: Improved Security Coverage
Ubuntu Pro enables your company to freely consume third-party open source software without having to wait for community fixes or undertake a project to update to the upstream project, implement, and test compatibility. When using Ubuntu Pro, Canonical ensures timely fixes for any high and critical vulnerabilities and exposures (CVEs) affecting any package present in the Main and Universe repositories.
Ubuntu Pro: Extended Lifetime
Users currently running Ubuntu 18.04 LTS on Graviton, which is reaching its end-of-support period, can now upgrade to Ubuntu Pro and extend its support period by an additional 5 years. This upgrade provides extra security features without the need to redeploy onto new servers.
Graviton certified
The Graviton platform, developed by AWS, offers high-performance and cost-effective solutions at a fraction of the price of an x86 instance. Ubuntu is optimised and certified to run on Graviton instances, with Canonical being a Graviton Launch partner.
How to get or upgrade to Ubuntu Pro for Graviton?
Ubuntu Pro is available as native Amazon Machine Images (AMI) or as in-place upgrade options for your running Graviton Ubuntu LTS instances.
Launching fresh instances of Ubuntu Pro for Graviton
* you can change 22.04 for the Ubuntu release version you are looking for (e.g. 18.04, 20.04)
Upgrading current instances of Ubuntu LTS to Ubuntu Pro
Now you can upgrade your Ubuntu LTS Graviton machines to Ubuntu Pro with just a few clicks using AWS License Manager without subscriptions or long term commitments.
In 2020 the pandemic caused significant shifts in the nature of education. With the necessity to educate and collaborate remotely, the need for low cost, portable hardware that was accessible to every student became a priority. During this period, ChromeOS made significant gains in the K-12 market with its range of low-cost Chromebooks tied directly to the Google ecosystem.
However, in 2023 the pace of Chromebook adoption appears to have slowed and its range of initially cost-effective devices are now reaching end of life without support for replacement parts or critical security updates. Concerns around data privacy, particularly in the EU, have also caused schools to rethink their relationship between student data and the most popular cloud providers.
Now that the need to adapt quickly in the face of ever-changing circumstances has died down, educational institutions have an opportunity to re-evaluate their digital strategy with a view to a more long term, cost-effective and sustainable solution that keeps them in control.
In this post we discuss the benefits of Linux in education and how Ubuntu Desktop provides the right balance of hardware support, administrative and productivity tools. All backed by cost-effective long term support to empower students and keep control in the hands of educators.
Increase hardware performance and restore old machines
Compudopt uses Ubuntu Desktop to increase technology access for under-resourced youth and communities in the US.
Linux is known for being a more lightweight operating system than alternatives such as Windows. As such, installing Ubuntu Desktop on older machines can significantly improve performance and breathe new life into devices previously considered outdated. Compudopt, a US based organisation that refurbishes laptops with Ubuntu, takes advantage of this fact to provide tens of thousands of devices to under-resourced youth and their communities every year.
Security updates are also decoupled from the device. Every Long Term Support release of Ubuntu gets the same ten years of security updates, regardless of the hardware it’s running on, reducing obsolescence.
Canonical’s QA team performs over 500 OS compatibility focused hardware tests to ensure the best Ubuntu experience.
Thanks to our direct partnerships with manufacturers like Dell, HP and Lenovo to certify the latest hardware for Ubuntu, our developers also work to ensure that the newest drivers for key components like webcams, bluetooth, wifi and touchpads are also supported and upstreamed on a regular basis. This means that new hardware is supported out-of-the-box and regularly tested in our certification labs for the entire ten year lifecycle of an Ubuntu release.
Whether you’re looking for a low-cost laptop, a high end workstation or a computer lab running a fleet of Raspberry Pis, Ubuntu covers the entire spectrum of PC devices.
Before adopting any new operating system, it’s important for institutions to feel confident that they can secure and administer their devices both on-site and remotely.
Ubuntu Desktop is designed to integrate with existing management tools like Active Directory Domain Services to ensure that students can authenticate their devices with their school credentials and IT admins can enforce policies to determine access permissions and remote management of the device.
Ubuntu prioritises security by default and includes automatic security updates with additional options for disc encryption and hardening. Security auditing and compliance management via third party tools are also available using Ubuntu OVAL.
A platform built on privacy and openness
Trust is a critical part of any software stack used in education. As an open source platform, Ubuntu ensures total transparency in the underlying workings of the OS, permitting schools to modify and scrutinise the software, bypassing any proprietary limitations. Administrators have full control of the customisation of their computing environments, ensuring that only approved applications and packages are included by default.
Unlike other operating systems that track personal data or usage patterns, Ubuntu respects user privacy by design and doesn’t collect usage data unless explicitly permitted by the user. This dedication to privacy and openness enables users of Linux in education to enhance digital learning without sacrificing individual privacy rights or subjecting students and staff to unnecessary online perils.
Snaps, Canonical’s universal packaging system, also contribute to both security and privacy. Applications distributed via snap are strictly confined with limited access to personal data or external devices unless explicitly required. Applications that do require such access to function go through rigorous security checks as part of their submission to the Snap Store. This ensures that only the necessary permissions are enabled by default, and additional permissions can be viewed and modified by the user as required.
Whilst Ubuntu is known as the preferred platform for developers, this wouldn’t be the case if it didn’t have robust support for the everyday user. As the most popular Desktop Linux OS, Ubuntu is the target platform for a host of familiar applications that are critical for an education environment.
Apps such as Zoom, Slack, Microsoft Teams, Dropbox are all supported, as are a range of browsers from Chrome to Edge to Firefox. Users can access their Google suite or Microsoft 365 ecosystem directly from their browser, or take advantage of a number of pre-installed open source alternatives such as LibreOffice which are compatible with all major file formats.
In the creative space, tools like Blender, Unreal and Unity are all tested and supported on Ubuntu. Outside of school hours, Spotify and Steam will ensure that students won’t have to compromise on their downtime experience either.
Ubuntu Desktop displays the first images of a black hole as part of the Event Horizon Telescope project team. Image from the BBC Documentary “How to See a Black Hole“.
Ubuntu has a reputation for being a great Linux distribution for beginners, often credited for its ease of use, polished user experience and accessibility settings, in addition to the out-of-the-box support for a wide range of hardware mentioned above.
But the benefits are more long term than that. Ubuntu is one of the few Linux distributions that delivers an enterprise-grade experience to all users, with the same security policies and variety of packages that are used by millions of professional developers worldwide, with no restrictions. This means that learning to develop with Ubuntu is providing students with skills that can take them from their university computer lab to their first job, all the way through to the peak of their career.
From building a website to creating detailed physics simulations in automotive industries or training cutting edge machine learning models in government institutions. It’s never too early to get familiar with the Ubuntu ecosystem.
Testing out MangDang’s Raspberry Pi-based Mini Pupper robots at the Ubuntu Summit.
In 2022, Ubuntu Desktop was installed over 20 million times in dozens of countries all over the world. This community of users strengthens the Ubuntu experience for everyone, providing a wealth of tutorials, guides, learning courses and troubleshooting resources available online in a variety of languages.
Ubuntu is also certified on the Raspberry Pi, an affordable small form-factor device that has unlocked a host of opportunities for young people looking to explore the world of electronics and build smart home devices both in the classroom and at home. This tinkerer ecosystem is welcoming to students and educators alike with a host of resources to help schools get started with the Raspberry Pi, from simple Scratch-based tutorials to elaborate homelab or Robotics projects.
New Ubuntu Long Term Support (LTS) releases are available every two years and are supported with maintenance and security patching for free for 5 years. This support is extended to ten years with Expanded Security Maintenance (ESM), included as part of an Ubuntu Pro Desktop subscription.
Ubuntu Pro is the most comprehensive subscription for open-source software security. It not provides ten years of security coverage for the Ubuntu operating system, but also includes security fixes for all open source applications included in the Ubuntu Universe repository.
Ubuntu Pro also enables the use of Landscape, Canonical’s fleet management tool to manage software repositories, remote administration and security reporting. As well as additional Active Directory administration features that cover policy support, privilege management and access to network resources.
Find out more about Linux in education
In addition to Ubuntu Pro, Canonical provides day zero support for Ubuntu Desktop deployment, compliance and custom configuration..
To support those using Ubuntu in schools, research and academia, Canonical is pleased to offer a discount programme for approved institutions.
If you’re interested in taking advantage of this programme, or want to learn more about the benefits of Linux in education, please get in touch.
Here are some fresh updates and announcements for this week.
We are approaching the release of Armbian 23.05, codenamed “Suni”. As we finalize this release, we kindly request your assistance in testing it on devices that we were unable to cover. Your feedback will help us ensure the stability and reliability of the releasehttps://forum.armbian.com/topic/28289-armbian-2305-suni-testings/
In an effort to improve user experience, we have recently redesigned the participation page,https://www.armbian.com/participateon our website. The new page provides basic guidance on how to get involved with the project and showcases open bugs and tasks for the current and upcoming releases. While we are making adjustments for the 23.05 release, we have also started working on 23.08, which is gradually accumulating more tasks. We encourage you to contribute to these tasks and help us address the community’s needs. Our Armbian maintainer group is relatively small, and your support is vital in fulfilling the users’ requests.
We are happy to introduce a new board that has joined the Armbian family, the Radxa E25. However, please note that this board is currently in the testing phase. If you own this hardware, we welcome your participation to test it and report any issues you encounter. More info on the Radxa E25 athttps://www.armbian.com/radxa-e25/
We have partnered with SinoVoip, one of Armbian’s Platinum Partners, to bring you an exciting opportunity! They are generously giving away a Banana Pi CM4 with a carrier board. Participate in the raffle for a chance to win this powerful device athttps://forum.armbian.com/raffles/raffle/17-bananapi-cm4-carrier-board/
Lastly, we are excited to announce that we are actively working on making i3 an officially supported desktop environment within Armbian. You can follow the progress of this topic on the Armbian GitHub repository athttps://github.com/armbian/build/pull/5188
Thank you for your support and dedication to the Armbian project. Together, we are shaping the future of open-source ARM development!
Canonical will participate in AWS Summit Washington, DC 2023 for the second time to discuss the most cutting-edge cloud solutions for the Public Sector, such as security and compliance, AI/ML solutions and improved functionality.
Last year, we discussed security and compliance and how easy it is to achieve FIPS, DISA STIG and CIS compliance in the cloud with our out-of-the-box Ubuntu Pro FIPS solutions and automation tools.
With Ubuntu Pro we deliver seamless compliance and confidence in your cloud infrastructure’s stability and security. With availability on AWS Govcloud in all other AWS regions, Federal agencies and contractors can easily access the tools we provide.
Running Ubuntu machines with expanded security maintenance, kernel live patch, and hardening scripts out of the box are a few of the many benefits users can access when launching new Ubuntu Pro machines on Amazon EC2, as Ubuntu Pro enables all these features by default.
Seamless transition to Pro for all Ubuntu users
Thanks to Canonical and AWS collaboration, all existing Ubuntu customers can now seamlessly transition to the Pro version. Through AWS Systems Manager (SSM) and AWS License Manager, the experience of upgrading to Ubuntu Pro is just a matter of a couple of clicks.
Ubuntu Pro Desktop on AWS Workspaces
Ubuntu Desktop for Amazon WorkSpaces gives IT organizations more choice to run fully managed remote desktops where they run best! Ubuntu Desktop for Amazon WorkSpaces enables IT organizations to improve productivity of Developers, Data Scientists, and Engineers – while lowering expenses and improving security posture.
Developers now have access to a familiar Ubuntu desktop environment and tools required to rapidly build, test and deploy code – spinning up and tearing down instances easily while only paying for resources consumed.
Ubuntu Pro Desktop adds the security features the enterprise needs with security patching more than 23,000 third party open source packages alongside the OS updates. It includes Kernel Livepatch increasing coverage against CVEs affecting your kernel while reducing downtime.
CIS Hardening automation is now available for Ubuntu 22.04
Continuing the topic of security, CIS Hardening automation has recently become available for Ubuntu 22.04 with Ubuntu Security Guide (USG)! USG provides automated auditing and remediation for the Ubuntu platform for server and workstation CIS profiles.
Each profile is published with two levels of security hardening: level 1, which aims to be a robust security profile whilst still allowing the system to function as expected, and level 2, which has some more stringent security settings to satisfy a high level of security but with some reduced functionality. The USG tool works with all the CIS profiles providing output in HTML format for easy readability and XML for machine interfaces.
Join our upcoming webinar to explore CIS Hardening automation for Ubuntu 22.04
The public sector invests heavily in AI, aiming to impact real-time operational decisions and outcomes within the next 12 months. Organisations kickstarted initiatives with different use cases in mind such as smart cities or task automation, looking for tooling that enables them to run AI at scale.
With the appliance, users can now launch and manage their machine learning workloads hassle-free using Charmed Kubeflow on AWS. This reduces deployment time and eases operations, providing an easy-to-install MLOps toolkit on the public cloud. It’s ideal for users to get a grasp of the full capabilities of the platform and take machine learning models from experimentation to production in a secured and supported environment.
Kubeflow helps professionals focus on the development and deployment of machine learning models, offering security patching, user management and a wide range of integrations on top of any Kubernetes. Having open-source ML tooling run on EKS translates into support for hybrid cloud scenario support and flexibility for enterprises who have both AWS clouds and on-prem environments.
Securing open-source software with Platform One | IronBank
Iron Bank is Platform One’s hardened container image repository that supports the end-to-end lifecycle needed for modern software development.
The 2021 Executive Order on Improving the Nation’s Cybersecurity (EO 14028) establishes new requirements intended to secure the U.S. federal government’s software supply chain and provides critical guidance for improving cyber resiliency for government agencies.
Using and consuming open-source software from trusted ecosystems can help provide visibility into security threats and mitigate zero-day supply chain threats. In this lightning talk, Zac Burke, Chairman of Iron Bank at USAF Platform One, and Devin Breen, Director Federal at Canonicalwill engage in a compelling talk on secure software development that utilizes automation and Kubernetes on AWS GovCloud.
Location – Room 145A
Time – 12:30 PM
Speaker: Zac Burke, Chairman of Iron Bank at USAF Platform One
Speaker: Devin Breen, Director Federal at Canonical
Getting to the Event
Join the Canonical team at AWS Summit Washington, DC to discuss how to provide customers with solutions that capitalize on the benefits of Open Source with security and compliance.
Location
Walter E. Washington Convention Center
801 Mt Vernon Pl NW, Washington, DC 20001
Dates
June 7 – 8
Hours
Wednesday, 8 AM – 6 PM ET
Thursday, 8 AM – 3 PM ET
Note sessions end at 5:00 PM ET
On this year’s Girls’ Day, seven girls and three boys between the ages of 11 and 14 not only learned about software development, open source and the management of large IT projects, but also got involved themselves. With the help of our trainees Mika, Joschua, Richard and Amir, the kids programmed a little ping-pong game with “Scratch” and had a lot of fun!
We were very impressed that six of the kids had programmed before and already knew Scratch or similar programs. There was a wide range in terms of experience – from kids with no prior knowledge to kids who really had a lot of knowledge. But despite the different levels of knowledge, we were able to “pick them all up”: The experts among our young guests later said that they had also learned some new exciting tricks and the “newcomers”, who had never programmed before, found it super exciting to work with Scratch and develop a real computer game themselves.
Our CEO Peter Ganten did not miss the opportunity to drop by from Berlin via video to say hello personally, to tell the kids what fascinates him personally about IT and especially about open source software, and to explain why he himself has been passionate about it since his earliest youth.
Impressions from Girls’ Day at Univention:
At the end of the day, we asked the kids what they would like to do in their future careers, and 9 out of 10 of them could imagine working in the IT sector at some point in the future thanks to the insights they had gained here! So maybe in the future, the “skills shortage” issue will not be as pressing as it sometimes seems today. We are already looking forward to the next colleagues!
In any case, we ourselves had a lot of fun giving the kids some impressions. And at the end, when some of the kids exchanged their phone numbers to stay in touch, we knew that the chemistry in the group was just right and that the kids had a great day. It was definitely worth the effort!
Girl’s Day/Future Day 2024 – we will definitely be back!
We have published Qubes Canary 035. The text of this canary and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this canary, please see the end of this announcement.
Qubes Canary 035
---===[ Qubes Canary 035 ]===---
Statements
-----------
The Qubes security team members who have digitally signed this file [1]
state the following:
1. The date of issue of this canary is May 22, 2023.
2. There have been 89 Qubes security bulletins published so far.
3. The Qubes Master Signing Key fingerprint is:
427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
4. No warrants have ever been served to us with regard to the Qubes OS
Project (e.g. to hand out the private signing keys or to introduce
backdoors).
5. We plan to publish the next of these canary statements in the first
fourteen days of September 2023. Special note should be taken if no new
canary is published by that time or if the list of statements changes
without plausible explanation.
Special announcements
----------------------
None.
Disclaimers and notes
----------------------
We would like to remind you that Qubes OS has been designed under the
assumption that all relevant infrastructure is permanently compromised.
This means that we assume NO trust in any of the servers or services
which host or provide any Qubes-related data, in particular, software
updates, source code repositories, and Qubes ISO downloads.
This canary scheme is not infallible. Although signing the declaration
makes it very difficult for a third party to produce arbitrary
declarations, it does not prevent them from using force or other means,
like blackmail or compromising the signers' laptops, to coerce us to
produce false declarations.
The proof of freshness provided below serves to demonstrate that this
canary could not have been created prior to the date stated. It shows
that a series of canaries was not created in advance.
This declaration is merely a best effort and is provided without any
guarantee or warranty. It is not legally binding in any way to anybody.
None of the signers should be ever held legally responsible for any of
the statements made here.
Proof of freshness
-------------------
Mon, 22 May 2023 08:16:45 +0000
Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Interview with NATO Secretary General Stoltenberg: "Two Percent Is the Minimum of What We Need"
Interview with Jordanian Foreign Minister Safadi: "Russia in Syria Is a Stabilizing Factor Compared To the Alternative"
Yevgeny Prigozhin's Meat Grinder: A Moment of Truth for Russia's Wagner Group in Bakhmut
The Three Worlds of Xinjiang: A Trip Through China's Uyghur Region
Operation Counterstrike: What Might the Approaching Ukrainian Offensive Achieve?
Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Greece Elections: New Democracy on Track to Win Most Votes
As Russia Claims Victory in Bakhmut, Ukraine Sees Opportunity Amid Ruins
Biden Announces More Aid for Ukraine as G7 Powers Meet in Japan
Sudan’s Warring Sides Agree to Weeklong Ceasefire
Inside the Barbecue City That Is China’s Hottest Tourist Destination
Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Ukraine war: Bakhmut 'not occupied' by Russia, says defiant Zelensky
Greek election: Centre-right Mitsotakis hails big win but wants majority
Thousands mass for pro-EU rally in Moldovan capital, amid tensions with Russia
US debt ceiling: Joe Biden urges Republicans to compromise as talks resume
Watch: Green flash as meteor blazes across sky in Australia
Source: Blockchain.info
00000000000000000002fb9f59b4c425b487ade7bad8dd6862159ec3030f650f
Footnotes
----------
[1] This file should be signed in two ways: (1) via detached PGP
signatures by each of the signers, distributed together with this canary
in the qubes-secpack.git repo, and (2) via digital signatures on the
corresponding qubes-secpack.git repo tags. [2]
[2] Don't just trust the contents of this file blindly! Verify the
digital signatures! Instructions for doing so are documented here:
https://www.qubes-os.org/security/pack/
--
The Qubes Security Team
https://www.qubes-os.org/security/
The purpose of this announcement is to inform the Qubes community that a new Qubes canary has been published.
What is a Qubes canary?
A Qubes canary is a security announcement periodically issued by the Qubes security team consisting of several statements to the effect that the signers of the canary have not been compromised. The idea is that, as long as signed canaries including such statements continue to be published, all is well. However, if the canaries should suddenly cease, if one or more signers begin declining to sign them, or if the included statements change significantly without plausible explanation, then this may indicate that something has gone wrong. A list of all canaries is available here.
The name originates from the practice in which miners would bring caged canaries into coal mines. If the level of methane gas in the mine reached a dangerous level, the canary would die, indicating to miners that they should evacuate. (See the Wikipedia article on warrant canaries for more information, but bear in mind that Qubes Canaries are not strictly limited to legal warrants.)
Why should I care about canaries?
Canaries provide an important indication about the security status of the project. If the canary is healthy, it’s a strong sign that things are running normally. However, if the canary is unhealthy, it could mean that the project or its members are being coerced in some way.
What are some signs of an unhealthy canary?
Here is a non-exhaustive list of examples:
Dead canary. In each canary, we state a window of time during which you should expect the next canary to be published. If no canary is published within that window of time and no good explanation is provided for missing the deadline, then the canary has died.
Missing statement(s). Every canary contains the same set of statements (sometimes along with special announcements, which are not the same in every canary). If an important statement was present in older canaries but suddenly goes missing from new canaries with no correction or explanation, then this may be an indication that the signers can no longer truthfully make that statement.
Missing signature(s). Qubes canaries are signed by the members of the Qubes security team (see below). If one of them has been signing all canaries but suddenly and permanently stops signing new canaries without any explanation, then this may indicate that this person is under duress or can no longer truthfully sign the statements contained in the canary.
Does every unexpected or unusual occurrence related to a canary indicate something bad?
No, there are many canary-related possibilities that should not worry you. Here is a non-exhaustive list of examples:
Unusual reposts. The only canaries that matter are the ones that are validly signed in the Qubes security pack (qubes-secpack). Reposts of canaries (like the one in this announcement) do not have any authority (except insofar as they reproduce validly-signed text from the qubes-secpack). If the actual canary in the qubes-secpack is healthy, but reposts are late, absent, or modified on the website, mailing lists, forum, or social media platforms, you should not be concerned about the canary.
Last-minute signature(s). If the canary is signed at the last minute but before the deadline, that’s okay. (People get busy and procrastinate sometimes.)
Signatures at different times. If one signature is earlier or later than the other, but both are present within a reasonable period of time, that’s okay. (For example, sometimes one signer is out of town, but we try to plan the deadlines around this.)
Permitted changes. If something about a canary changes without violating any of statements in prior canaries, that’s okay. (For example, canaries are usually scheduled for the first fourteen days of a given month, but there’s no rule that says they have to be.)
Unusual but planned changes. If something unusual happens, but it was announced in advance, and the appropriate statements are signed, that’s okay (e.g., when Joanna left the security team and Simon joined it).
In general, it would not be realistic for an organization to exist that never changed, had zero turnover, and never made mistakes. Therefore, it would be reasonable to expect such events to occur periodically, and it would be unreasonable to regard every unusual or unexpected canary-related event as a sign of compromise. For example, if something usual happens with a canary, and we say it was a mistake and correct it, you will have to decide for yourself whether it’s more likely that it really was just a mistake or that something is wrong and that this is how we chose to send you a subtle signal about it. This will require you to think carefully about which among many possible scenarios is most likely given the evidence available to you. Since this is fundamentally a matter of judgment, canaries are ultimately a social scheme, not a technical one.
What are the PGP signatures that accompany canaries?
A PGP signature is a cryptographic digital signature made in accordance with the OpenPGP standard. PGP signatures can be cryptographically verified with programs like GNU Privacy Guard (GPG). The Qubes security team cryptographically signs all canaries so that Qubes users have a reliable way to check whether canaries are genuine. The only way to be certain that a canary is authentic is by verifying its PGP signatures.
Why should I care whether a canary is authentic?
If you fail to notice that a canary is unhealthy or has died, you may continue to trust the Qubes security team even after they have signaled via the canary (or lack thereof) that they been compromised or coerced. Falsified canaries could include manipulated text designed to sow fear, uncertainty, and doubt about the security of Qubes OS or the status of the Qubes OS Project.
How do I verify the PGP signatures on a canary?
The following command-line instructions assume a Linux system with git and gpg installed. (See here for Windows and Mac options.)
Obtain the Qubes Master Signing Key (QMSK), e.g.:
$gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key DDFA1A3E36879494: public key "Qubes Master Signing Key" imported
gpg: Total number processed: 1
gpg: imported: 1
View the fingerprint of the PGP key you just imported. (Note: gpg> indicates a prompt inside of the GnuPG program. Type what appears after it when prompted.)
$gpg --edit-key 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.27;Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Qubes Master Signing Key
gpg>fpr
pub rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
Primary key fingerprint: 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
Important: At this point, you still don’t know whether the key you just imported is the genuine QMSK or a forgery. In order for this entire procedure to provide meaningful security benefits, you must authenticate the QMSK out-of-band. Do not skip this step! The standard method is to obtain the QMSK fingerprint from multiple independent sources in several different ways and check to see whether they match the key you just imported. See here for more details and ideas for how to do that.
Tip: Record the genuine QMSK fingerprint in a safe place (or several) so that you don’t have to repeat this step in the future.
Once you are satisfied that you have the genuine QMSK, set its trust level to 5 (“ultimate”), then quit GnuPG with q.
gpg>trust
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: ultimate validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg>q
Import the included PGP keys. (See our PGP key policies for important information about these keys.)
$gpg --import qubes-secpack/keys/*/*gpg: key 063938BA42CFA724: public key "Marek Marczykowski-Górecki (Qubes OS signing key)" imported
gpg: qubes-secpack/keys/core-devs/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key 8C05216CE09C093C: 1 signature not checked due to a missing key
gpg: key 8C05216CE09C093C: public key "HW42 (Qubes Signing Key)" imported
gpg: key DA0434BC706E1FCF: public key "Simon Gaiser (Qubes OS signing key)" imported
gpg: key 8CE137352A019A17: 2 signatures not checked due to missing keys
gpg: key 8CE137352A019A17: public key "Andrew David Wong (Qubes Documentation Signing Key)" imported
gpg: key AAA743B42FBC07A9: public key "Brennan Novak (Qubes Website & Documentation Signing)" imported
gpg: key B6A0BB95CA74A5C3: public key "Joanna Rutkowska (Qubes Documentation Signing Key)" imported
gpg: key F32894BE9684938A: public key "Marek Marczykowski-Górecki (Qubes Documentation Signing Key)" imported
gpg: key 6E7A27B909DAFB92: public key "Hakisho Nukama (Qubes Documentation Signing Key)" imported
gpg: key 485C7504F27D0A72: 1 signature not checked due to a missing key
gpg: key 485C7504F27D0A72: public key "Sven Semmler (Qubes Documentation Signing Key)" imported
gpg: key BB52274595B71262: public key "unman (Qubes Documentation Signing Key)" imported
gpg: key DC2F3678D272F2A8: 1 signature not checked due to a missing key
gpg: key DC2F3678D272F2A8: public key "Wojtek Porczyk (Qubes OS documentation signing key)" imported
gpg: key FD64F4F9E9720C4D: 1 signature not checked due to a missing key
gpg: key FD64F4F9E9720C4D: public key "Zrubi (Qubes Documentation Signing Key)" imported
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: qubes-secpack/keys/release-keys/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key D655A4F21830E06A: public key "Marek Marczykowski-Górecki (Qubes security pack)" imported
gpg: key ACC2602F3F48CB21: public key "Qubes OS Security Team" imported
gpg: qubes-secpack/keys/security-team/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key 4AC18DE1112E1490: public key "Simon Gaiser (Qubes Security Pack signing key)" imported
gpg: Total number processed: 17
gpg: imported: 16
gpg: unchanged: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 0 trust: 6-, 0q, 0n, 0m, 0f, 0u
Verify signed Git tags.
$cd qubes-secpack/
$git tag -v`git describe`object 266e14a6fae57c9a91362c9ac784d3a891f4d351
type commit
tag marmarek_sec_266e14a6
tagger Marek Marczykowski-Górecki 1677757924 +0100
Tag for commit 266e14a6fae57c9a91362c9ac784d3a891f4d351
gpg: Signature made Thu 02 Mar 2023 03:52:04 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
The exact output will differ, but the final line should always start with gpg: Good signature from... followed by an appropriate key. The [full] indicates full trust, which this key inherits in virtue of being validly signed by the QMSK.
Verify PGP signatures, e.g.:
$cd QSBs/
$gpg --verify qsb-087-2022.txt.sig.marmarek qsb-087-2022.txt
gpg: Signature made Wed 23 Nov 2022 04:05:51 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
$gpg --verify qsb-087-2022.txt.sig.simon qsb-087-2022.txt
gpg: Signature made Wed 23 Nov 2022 03:50:42 AM PST
gpg: using RSA key EA18E7F040C41DDAEFE9AA0F4AC18DE1112E1490
gpg: Good signature from "Simon Gaiser (Qubes Security Pack signing key)" [full]
$cd ../canaries/
$gpg --verify canary-034-2023.txt.sig.marmarek canary-034-2023.txt
gpg: Signature made Thu 02 Mar 2023 03:51:48 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
$gpg --verify canary-034-2023.txt.sig.simon canary-034-2023.txt
gpg: Signature made Thu 02 Mar 2023 01:47:52 AM PST
gpg: using RSA key EA18E7F040C41DDAEFE9AA0F4AC18DE1112E1490
gpg: Good signature from "Simon Gaiser (Qubes Security Pack signing key)" [full]
Again, the exact output will differ, but the final line of output from each gpg --verify command should always start with gpg: Good signature from... followed by an appropriate key.
For this announcement (Qubes Canary 035), the commands are:
You can also verify the signatures directly from this announcement in addition to or instead of verifying the files from the qubes-secpack. Simply copy and paste the Qubes Canary 035 text into a plain text file and do the same for both signature files. Then, perform the same authentication steps as listed above, substituting the filenames above with the names of the files you just created.
With the advent of software-defined vehicles (SDVs), cars are rapidly evolving to become more connected, autonomous, shared, and electric. These four features have eventually become so prominent that everyone in the industry can recognise them as the popular acronym CASE.
Constantly growing customer expectations also drive the SDV concept and impose challenges both on automotive hardware and software. To accommodate CASE trends and consumer needs, traditional vehicle architectures need revisiting and redesigning. Along with many other requirements, the new architecture must ensure upgradability, performance, and security.
In this post, we will focus on the different challenges the industry is facing in terms of hardware and software complexity, cybersecurity and safety. We will also discuss how Original Equipment Manufacturers (OEMs) can learn from software companies to survive this transition towards software-defined vehicles and succeed.
We all know what cars are and have a certain understanding of how they work, the engine, the fuel, wheels, etc. Now imagine a car that can change its suspension settings or acceleration capabilities through its lifecycle, prompted by an over-the-air software update. It’s obvious that this would add to the complexity of the car. But these features are actually already possible today!
In the same way your smartphone can gain low-light picture optimisations following a software update, your vehicle could benefit from engine performance boosts or battery consumption improvements thanks to the use of better algorithms deployed via a software update. That’s why cars are called computers on wheels nowadays.
The SDV challenges and benefits for Manufacturers
Traditionally, OEMs use electrical/electronic (E/E) architectures with hundreds of ECUs designed for specific tasks, causing vendor dependence and reducing scalability across different car models.
Updating these platforms involves substantial expenses and leads to wasted resources spent maintaining these model-specific software components rather than improving software that could be used throughout the OEM’s carline. On top of that, customers are expecting regular updates to their cars with not only security patches but also new features and services.
In order to satisfy these customer demands, OEMs recognise the necessity to shift from a hardware-focused vehicle structure to a software-driven one, capable of managing over-the-air updates and inter-component interactions.
Software-Defined Vehicles (SDVs) represent a paradigm shift in the automotive industry. SDVs leverage software-based systems to improve performance and enable a more efficient use of resources. OEMs need to move away from multiple complex components towards a limited number of systems that can be easily managed.
Key benefits of software-defined vehicles include:
reduced complexity and cost
faster time to market
improved product quality
hardware and software flexibility
With a strong focus on features and software-based services, SDVs can also enable better security and user experience. To achieve this, the entire value creation process needs to be redesigned around software.
Increasing hardware complexity in automotive
With vehicle design becoming more software-centric, manufacturers will have to contend with hardware-specific challenges.
Historically, OEMs have handled a large number of vehicle variants which themselves generate huge component, platform and configuration variants. These are influenced by region-specific constraints, customer customisations and product options that raise the appeal of the vehicle model or brand.
Previously, vehicles weren’t connected (or had basic connected services). Continuous updates and feature enhancements led to the current situation: OEMs are struggling to maintain their existing systems while developing new platforms that usually don’t rely on the previously developed ones.
In order to improve this complex situation, they first need to reduce hardware and software dependencies. This approach has been applied in the cloud and smartphone worlds. Take the iPhone, for example; the same iOS version can run on multiple generations of iPhones. Moreover, the same iPhone will be able to benefit from the updates of multiple versions of iOS throughout its lifetime.
Removing these dependencies is hard, though. After all, decorrelating hardware development cycles from software development implies a change in business models, sourcing and ways of working. On top of that, the industry is suffering from the lack of clear standards, which would allow for an easier interface between the vehicle’s hardware and software.
Software complexity and solutions
Currently, when there is a redundant software component or feature, most OEMs find that the existing software can’t be reused as it would imply porting on a completely different configuration. This would result in additional work and potential compatibility issues.
To add to the complexity, Electronic Control Units (ECUs) were historically built using a silo approach; each of them had their own hardware and software (including middleware, operating system (OS) and service set).
To solve this problem, a common abstraction layer can be introduced throughout the vehicle, allowing existing software to be reused. Doing so would drastically simplify complex hardware and software configurations. This is part of what constitutes the software-defined vehicle (SDV) approach.
Not only would the SDV allow for easier updates and compatibility, it would also pave the way for more future-proof electrical/electronic (E/E) architectures, moving away from siloed and dedicated ECUs to zonal and central high performance computing (HPC) focused architectures.
Cybersecurity concerns
As vehicles increasingly resemble computers on wheels, having additional embedded software also means having more potential vulnerabilities. OEMs generally rely on multiple different suppliers working on common platforms and developing on different tools.
Often due to confidentiality issues, said tools and developments are rarely shared throughout the industry. This makes it difficult to cooperate on shared solutions to address vulnerabilities.
On top of this, regulations are becoming very strict, forcing OEMs to provide patches and fixes to common vulnerabilities and exposures (CVE). Taking into account the previously detailed system complexity, it is becoming increasingly necessary to move towards a software-defined holistic context.
Only a software-defined approach can provide the required flexibility and scalability that allows companies to comply with regulatory requirements while providing UX updates and handling hardware complexity.Security and real-time Linux in a shifting automotive world
Of course, cybersecurity never only relies on software. Hardware vulnerabilities can also occur and usually lead to even worse consequences. Some hardware issues can be patched via software, but usually these CVEs remain valid throughout the system’s lifetime.
For example, Meltdown and Spectre, two of the most widespread hardware vulnerabilities in the world, are still present and affecting tons of devices. This means that during hardware conception, cybersecurity must be taken into account in the specifications and system architecture in order to limit these vulnerabilities.
Safety considerations
Then there’s the matter of safety. Advanced Driver Assistance Systems (ADAS) are included by default in most new vehicles. These systems have access and control of critical functions such as acceleration, braking, steering, etc. In order to keep the vehicle’s occupants safe, OEMs are asked to comply with a certain level of functional safety.
Functional safety aims to limit the risks and dangers due to a malfunctioning component or system. With Autonomous Driving (AD), safety may become the key differentiating factor when choosing a vehicle.
Considering the previously mentioned themes, safety-related systems will need to be continuously certified as safety compliant. Moreover, any new service or feature will have to be evaluated for any interference or impact on safety systems.
Preparing for the road ahead
We tackled some of the complexity that the automotive industry will have to focus on when moving towards software-defined vehicles in this blog post, but many more intricacies need to be addressed.
If you want to learn more about these challenges, read our guide to SDVs. You will get an analysis of this momentous industry shift, from new business models to functional safety, development cycle improvements and software reuse.
The public sector is investing heavily on artificial intelligence and machine learning initiatives. Deloitte AI Institute reported that 60% of government AI and data analytics investments aim to directly impact real-time operational decisions and outcomes by 2024. From automating redundant tasks to increasing the quality of services offered to citizens, public sector institutions have a wide range of applications where they could implement AI.
Use cases for AI in the public sector
There are multiple use cases for the public sector and government institutions to benefit from artificial intelligence and machine learning. Many of them use different data sources and have different requirements. What are the most common ones?
Smart cities became a popular topic a couple of years ago, with many governments investing a large amount of money and resources into them. These investments translate into improvements to analyse the traffic flow, reduce carbon emissions or enhance alerts from surveillance cameras.
Thanks to advancements in computer vision, object detection or object tracking algorithms are now more performant. Most of these use cases use multiple data sets that include videos, images and structured data. The main challenges are related to the high volume of data that needs to be processed, the security of the data and the real-time processing that is required for many of the applications. Investments in smart cities enable organisations to perform different activities such as:
Analyse crash data to highlight the areas with higher chances for accidents
Optimise street lights to reduce traffic congestion
Automatically alert authorities in case of any incident
Optimise energy consumption
Besides smart cities, government institutions also have a momentous task to improve healthcare outcomes, especially following the pandemic. AI/ML can contribute to advancements in this area too.
Healthcare improvements
Medical science is always ripe for research and development. We discussed the importance of securing MLOps for the life science industry at the most recent Kubecon conference, but there is a wider spectrum of use cases for artificial intelligence and machine learning in healthcare. Governments can leverage AI to provide more effective health services, from monitoring the spread of disease to tracking patients’ health or optimising medicine planning and distribution.
Often these projects use highly sensitive data. Therefore, special attention is needed to secure all the artifacts, follow compliance standards and ensure multi-tenancy capabilities. Most of the time, these algorithms use numerical data, medical images and sensor data for different use cases. Example outcomes include:
Detecting different diseases more quickly by using medical images
Optimising medical records management by analysing historical records
Performing robot-assisted surgery
Logistics and transportation
Major cities around the world face huge issues regarding logistics management, traffic congestion or transportation. A sustainable transportation system is one of the reasons why many governments are considering innovative solutions and technologies, including artificial intelligence.
Whereas some countries are considering building AI-powered cities, the sharing economy led to the quick rise of applications such as Uber. Computer vision techniques are now used by public sector institutions for a wide range of applications such as automated self-driving vehicles, traffic management or intelligent shipping. The challenge comes from the need to often process data in real-time, as well as improve data quality to drive better results.
The future of AI in the public sector
While there are multiple applications for AI/ML within the public sector, there are still challenges to overcome, related to the use of legacy systems and lack of data. Nowadays, by using Robotic Process Automation (RPA), computer vision or natural language processing (NLP) organisations are focusing more on digitising paperwork and automating redundant tasks. Yet, identifying patterns related to both public health and climate change will become ever more important.
Some of these use cases will take time to bear fruit, as governments need to gather more trustworthy data. Having projects that are production-ready motivates institutions to grow their AI investments. Ideas such as the “city of the future” are just some of the applications that are going to go from science fiction to fact in the upcoming years.
Speed up AI impact with Machine Learning Operations (MLOps)
Public sector institutions that want to achieve their AI/ML objectives need to look more closely at productising their projects by adopting MLOps. Machine learning operations (MLOps) represent a set of practices that aim to simplify workflow processes and automate machine learning and deep learning deployments. It accomplishes the deployment and maintenance of models reliably and efficiently for production, at a large scale.
MLOps enables the development and deployment of machine learning models, helping public sector organisations make progress with their initiatives. Tools such as Charmed Kubeflow allow professionals to perform their entire activity within one tool. Charmed Kubeflow automates machine learning workflows, translating them into Kubernetes jobs. It can run on any Kubernetes and any environment, letting public sector institutions to focus on the problem they solve, rather than the tooling itself.
Agora estamos mesmo a ficar preocupados. O Diogo foi ali comprar tabaco e nunca mais voltou. Tem partilhado fotos nas redes sociais, sorridente, leve e despreocupado. Será que lhe saiu um peso de cima? Os seus colegas de podcast continuam sem lei nem ordem: desta vez falaram de bicicletas, máquinas velhinhas, sites irritantes, pólos cor de laranja e mudanças do Arch da Velha.
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
It brings me great joy to announce the elevation of a longstanding Purism employee to the critically important role of Director of Product—François Téchené—the second employee hired to Purism. Filling this role accomplishes a lot of things for us; but filling this role with someone of François’s caliber accomplishes all the things we need and […]
Cumhuriyetimizin 100. Yılında 3 farklı büyük şehirde gerçekleştirilecek olan Teknofest 2023’ün ilk ayağı 27 Nisan – 1 Mayıs 2023 tarihlerinde istanbul’da rekorlara imza atan bir katılım ile gerçekleştirildi. Teknoloji meraklılarının büyük ilgisini çeken ve 5 gün süren etkinliği 2,5 milyondan fazla kişi ziyaret etti. Pardus 21 Hata Yakalama ve Öneri Yarışmasında dereceye giren yarışmacılarımız ödüllerini Teknofest Ana sahnesinde aldılar.
Pek çok teknoloji firmasının yer aldığı Teknofestte Milli İşletim Sistemi Dağıtımımız Pardus, TÜBİTAK ada standında yerini aldı. Yetişkininden gencine, gencinden geleceğin umudu miniklerimize kadar herkesin gözdesi olan Pardus standında ziyaretçiler; birbirinden çekici etkinlikler ile Pardus İşletim Sistemini inceleme ve deneyimleme şansını yakalarken oldukça da eğlenceli zaman geçirdiler. Pardus Bilgi yarışması, “Gamerlar nerede?”, “Görevi Tamamla, hediye kap!”,”Scratch ile kodlayalım”, vb. pek çok etkinlikler ile hem eğlenen hem de marifetlerini sergileyen teknoloji tutkunları aynı zamanda açık kaynaklı teknolojiler ile ilgili bilgilerini konuşturdular.
Teknofest’in en önemli olaylarından birisi her yıl binlerce gencimizin katıldığı ve 1 yıl boyunca çalışmalarını sürdürdükleri birbirinden farklı kategorilerde gerçekleştirilen yarışmalar. Bu yıl 12 farklı kategoride 333 bin takımın yarıştığı 1 milyon başvurunun yapıldığı yarışmalardı.13 milyon TL’nin üzerinde ödül, 30 milyon TL’nin üzerinde malzeme desteği verilen Teknofest’in gözdesi yarışmalardan birisi de bu yıl 3. kez düzenlenen Pardus 21 Hata Yakalama ve Öneri Yarışmasıydı. Pardus 21 Hata Yakalama ve Öneri yarışmasında dereceye girenler ödülerini Teknofest ana sahnesinde aldılar. 1. ‘lik ödülü 20 000 TL, 2’lik Ödülü 10 000TL ve 3’lük Ödülü 5 000 TL olan yarışmamız büyük ilgi gördü. 263 kişinin başvuruda bulunduğu yarışma her ne kadar tüm öğrencilerin katılımına açık olsa da yaratıcılıkları ve açık kaynak tutkularını gösteren liseli öğrencilerimiz üniversite öğrencisi büyüklerini geçerek dereceye girdiler.
Ödülünü Sayın Cumhurbaşkanımızdan alan yarışmamızın 1.’si Konya, Mahmut Sami Ramazanoğlu Anadolu İmam Hatip Lisesi Öğrencisi Asım Beşir Başdemir olurken; yarışmanın 2.’si Konya, Selçuklu Anadolu Lisesi ve Kapsül Teknoloji üyesi Mustafa Ekşi ve Yarışmanın 3.’sü İzmir Fen Lisesi öğrencisi Aliberk Sandıkçı oldu.
Pardus’un Teknofest 2023’te yer alması, açık kaynak yazılım dünyasına ilgi duyanların dikkatini çekti ve standımızı ziyaret edenlerin sayısı oldukça yüksek oldu. Teknofest’in ikinci ayağı olan ve 30 Ağustos – 3 Eylül 2023 tarihlerinde gerçekleştirilecek olan Teknofest 2023 ANKARA ‘da açık kaynak tutkunları ile yeniden bir araya gelmeyi heyecanla bekliyoruz.
The Docker project was initiated by dotCloud, a platform-as-a-service (PaaS) company that created Docker to run their internal infrastructure. Slowly, Docker became more successful than any of their other products, so dotCloud rebranded as Docker Inc. Docker provides easy-to-use tooling and grew into an entire ecosystem for container management. Many developers have learned to use it as part of their toolkit for packaging and distributing applications to the cloud, or for development and testing stages more broadly.
Snaps were introduced by Canonical, the publisher of Ubuntu, as a way to package and distribute Linux applications. There was a growing need to ease the deployment of applications that run across different Linux flavours, versions and even types of compute. Snaps improved the overall system security and the software update lifecycle, including infrastructure for over-the-air updates and automatic rollbacks. The idea behind snaps is to decouple the Linux application from the operating system it runs on, while still providing secure access to host resources through dedicated interfaces and reusing as much as it’s practical from a minimal stable release of Ubuntu.
In sum, while Docker containers were mostly focused on covering the cloud use case and developer workflow, snaps aimed to reinvent the way Linux applications are packaged and distributed.
This resulted in Docker providing a quick and efficient way to containerise cloud services, while snaps became great for the distribution of Linux applications.
As far as Linux applications are concerned, both could be packaged in either a Docker image or a snap. They both run natively on Linux and require a compatibility layer to run on Windows or macOS.
OpenStack is no doubt a wonderful and successful piece of software. It allows you to create your own cloud infrastructure, and thanks to its open-source nature, it’s free to use for everyone. But as with many giant software projects, all that power comes with a challenge: it is reasonably complex to install and configure. A number of OpenStack distributions do exist that intend to make engineers’ life a lot easier, but those also tend to be more complex than a non-experienced user would like them to be.
To solve this problem once and for all, Canonical created a simplified and easy-to-install distribution of OpenStack called MicroStack.
About MicroStack
Canonical MicroStack is an open source project that enables you to easily deploy a fully-functional OpenStack environment on your workstation or even a virtual machine (VM) in minutes. Even though it was originally designed with testing and development use cases in mind, eliminating the need for dedicated hardware, it is now heading towards its first stable release. This means that it will soon be suitable for production use cases too.
The first version of MicroStack was distributed as one big snap package with all OpenStack components in it, running natively on the host where installed. It included core OpenStack components only. This was a good solution, although not so customisable. A beta version has been available for some time and has gained significant community adoption with more than 2,500 active installations. It has never moved towards its first stable release, however. Instead, Canonical has been working on an even more flexible and yet more powerful solution that is both customisable and easy to use.
This is how the K8s-native MicroStack edition was born. It is basically a fresh start for the project. A big part of it was rewritten, and a new architecture was used. This new solution has been in development since 2021, and we released a beta version around October 2022. The first release aimed at a single-node installation, which is already useful for many use cases, such as CI/CD environments. The following versions will expand on that so you can install multi-node clusters.
Many things are different in this new version. Juju is at the heart of the deployment, using Charmed Operators to deploy each OpenStack component as a separate unit. Kubernetes is the substrate for all control plane services. Most OpenStack components become separate pods in K8s. Even the Juju controller itself is hosted there. It leverages the native and natural resilience of the K8s model to deal with OpenStack’s high availability (HA). This eliminates the need for using traditional HA technologies, such as Corosync, Pacemaker, HAProxy and Keepalived. Finally, Juju is driven by Terraform and its new Juju backend provider, making it a nice and easy ramp-up into the Juju world.
Of course, some parts of OpenStack are not a good fit for running inside a container. Services like nova-compute (that drives QEMU/KVM), ovn-chassis (that plugs into the network cards), ceph-osd (that needs access to physical hard drives) work better when run natively on bare metal. This is why those are distributed in a separate package to be installed on hypervisor/storage nodes.
Everything comes packaged as snaps, making OpenStack fully decoupled from the underlying operating system (OS). MicroK8s is used to bootstrap the Kubernetes substrate. MicroStack itself was already available in the snap format, providing cloud management and governance services, with a new snap package for the data plane functions.
You can test it now
As mentioned above, a beta release of the K8s-native edition is already out, and you can test it right now. The current version of the tool uses Yoga OpenStack and is limited to installing the cloud in a single-node mode, but this is already suitable for many cases like developing, education, training, test environments, PoCs, personal cloud, edge computing, labs, CI pipelines, integration and API tests, and much more.
To test it, first, you need a bare metal machine or a VM with enough resources and running Ubuntu 22.04 LTS. If you use a VM, make sure to enable nested virtualisation; otherwise, you will not be able to spawn cloud instances. The following steps are very high level, and they assume you already have some knowledge about OpenStack. Please refer to our official introduction guide for more information about OpenStack, its architecture and services.
Installing K8s-native MicroStack
There are two approaches for installing K8s-native MicroStack. For a simple and streamlined installation, you can run a script that will do most of the installation for you. In this blog, we’re going to use this method. You can also refer to my YT video for the more advanced scenario.
The installation script takes a while to finish. Once it completes, Openstack is already installed, and you can access the dashboard (Horizon) on your local web browser. To find out what the URL for the dashboard is, take a look at the status for the dashboard charm:
juju status -m openstack horizon
Alternatively, you can source the RC file to use the command line:
source demo_openrc
If you want to go with a more detailed approach where you manually execute each step, check what you are doing and learn more in the process, I encourage you to watch my video and read the official tutorial on our discourse page.
OpenStack adoption has been greatly facilitated with on-rails solutions like MicroStack. MicroStack K8s-native edition is a new and revamped tool that builds on top of what MicroStack used to provide in the past. It is a new project, already in beta, but very promising and definitely worth keeping your eyes on for the next few months. How about having some fun trying it out?
With the recent advancements and proliferation of AI (such as ChatGPT and other probabilistic algorithms), it may be time for individuals, companies and governments to consider exiting the centralized internet. There is high concern over security, privacy, and safety threats exposed by artificial intelligence pioneers and industry voices who have recently come forward including Alphabet’s […]
Reduce the risk of an attack from the internet on your servers: Take advantage of Greenbone’s latest offer: With our Pentesting Web Applications, we help you to get the best possible security for your web applications.
The numbers speak for themselves: attacks on web applications are on the rise, have been for years, and there is no end in sight. The complexity of modern web presences and services requires a high level of security measures and cannot be managed without testing by experts.
The only thing that helps here is the technique of so-called “pentesting” of web applications, or more precisely “web application penetration testing”. With this attempt to penetrate protected systems from the outside (“penetration”), Greenbone’s experts create an active analysis of vulnerabilities and can thus evaluate the security of a web application. Although there are guidelines such as the highly recommended one from the German Federal Office for Information Security (BSI), which describes the procedure for testing, nothing can replace the expert who puts your system under the microscope himself.
Greenbone acts strictly according to the regulations of the DSGVO, is certified according to ISO 27001/9001 and also has Ü2-certified security experts according to § 9 of the Security Audit Act (SÜG). As with its vulnerability management products, with the web application pentests you also receive detailed reports on your security situation with clear instructions for action, which the Greenbone experts are happy to help you implement. The offer covers both the client and server side of your web applications and is based on the most modern and up-to-date guidelines, for example the OWASP Top 10 or the OWASP Risk Assessment Framework (RAF). Whether it is cross-site scripting (XSS), SQL injection, information disclosure or command injection, whether there are gaps in the authentication mechanisms of your servers or websockets are the source of danger – Greenbone’s experts will find the vulnerabilities.
As the world’s leading provider of open source vulnerability management products, Greenbone always has the latest expertise in dealing with vulnerabilities and security risks, including here in “black box testing”, when our experts take a close look at your systems from the outside, just as an attacker would: with the perspective of a potential attacker, you will ideally find every existing vulnerability in your IT infrastructure and can take care of fixing them. Only those who know their vulnerabilities can implement security measures in a targeted manner. Find out more about Greenbone AG’s products and services here.
Qubes OS 4.1 uses an unaffected version of Xen (4.14).
About this announcement
Qubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.) However, QSBs can provide only positive confirmation that certain XSAs do affect the security of Qubes OS. QSBs cannot provide negative confirmation that other XSAs do not affect the security of Qubes OS. Therefore, we also maintain an XSA tracker, which is a comprehensive list of all XSAs publicly disclosed to date, including whether each one affects the security of Qubes OS. When new XSAs are published, we add them to the XSA tracker and publish a notice like this one in order to inform Qubes users that a new batch of XSAs has been released and whether each one affects the security of Qubes OS.
Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a 
Kweather Snap
![[RSS 1.0 Feed]](common/rss10.png){kind=small}
![[RSS 2.0 Feed]](common/rss20.png){kind=small}
![[Atom Feed]](common/atom.png){kind=small}
![[FOAF Subscriptions]](common/foaf.png){kind=small}
![[OPML Subscriptions]](common/opml.png){kind=small}
![[Hacker]](common/hacker.png){kind=small}
![[Planet]](common/planet.png){kind=small}