To ensure the quality of deepin 23, we invite you to take part in the internal test. If you are interested in it, please follow the guide in the last part of this thread. If you find any bugs or have any good ideas, please submit them on deepin home app which can be downloaded from deepin App Store. 【New Features and Optimizations】 Upgrade Pulseaudio and Pipewire audio frameworks Update some third-party open-source software package versions 【Bug Fixes】 Fixed the issue of patch code errors in the Megachip graphics card driver. Fixed the issue where EasyEDA crashes when opening ...Read more
Our community member Fabian Riechsteiner brought to our attention that the version of the Zabbix agent present in VyOS 1.4.0 is susceptible to a remote code execution vulnerability — CVE-2023-32728. We made a hotfix available to subscribers, and the fix will be a part of the upcoming VyOS 1.4.1 release.
Como uma desgraça nunca vem só, as boas gentes de Aveiro sofrem de novo sevícias várias. Uma panóplia de convidados desfila em frente ao microfone de Diogo Constantino (qual Júlio Isidro do terminal) e juntos fazem um balanço da Festa do Software Livre, entre palmas e patinhos de borracha do público esfuziante.
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
Canonical is excited to be a part of the Dell Technologies Forum in São Paulo on October 30th. This exclusive event brings together industry leaders to explore the latest technological advancements.
Don’t miss this opportunity to network with industry leaders, explore cutting-edge solutions, and learn how open source can transform your business. At Canonical’s booth, you’ll discover how our partnership with Dell Technologies can help you:
Empower your virtualization infrastructure with open source: Learn how open source clouds offer superior flexibility, security, and cost savings compared to traditional proprietary solutions, such as VMware virtualization software.
Unleash scalability with PowerFlex + LXD: Discover how Dell PowerFlex storage combined with Canonical’s LXD platform empowers you to build and manage containerized applications with unmatched agility and scalability.
Secure your open source journey: Our experts will discuss robust security solutions from both Canonical and Dell Technologies to protect your open source deployments.
Fuel innovation with AI solutions: Explore how our combined expertise delivers powerful AI solutions that can accelerate your business.
A collaboration built for success
Our partnership with Dell Technologies goes beyond just products. We share a deep commitment to empowering organizations with the tools and solutions they need to thrive in the ever-evolving digital world.
Don’t miss this opportunity to learn more about how Canonical and Dell Technologies can help you achieve your IT goals. Visit our booth at the Dell Technologies Forum – São Paulo, and engage with our experts to discuss your specific needs.
Location
Transamérica Expo Center
São Paulo, Brazil
Dates
Wednesday, 30 October
Hours
9:00 AM – 7:00 PM
We look forward to connecting with you and exploring the path to innovation together!
In 2020, it was announced that CentOS 7 would reach end of life (EoL) by July 2024. That date has been and gone, however the CentOS story is not over just yet. For anyone expecting a sheer drop in the number of CentOS users, the numbers reveal that 22% of enterprises remain on CentOS.
We should perhaps temper our expectations here: CentOS 7’s end of life may be upon us, but many organizations are likely still figuring out their transitions to a new system. However, CentOS users must still face the fact that the longer they wait to migrate, the harder it will become to keep their CentOS estates secure and functional. It may seem tempting to hold on, but month by month and year by year, dependencies will begin to unravel, the manual patching workload will increase and incompatibility will begin to set in across your stack.
This blog is for any reader who is still deciding which system to migrate to. We’ll be discussing the benefits that Ubuntu brings to the table as your new enterprise OS, why developers prefer Ubuntu and how it provides a stable landing zone for your migration.
Fact 1 – You now have a blueprint for a successful migration
End of life may have passed, but you can learn from those who’ve already migrated
Understandably, many of you may have doubts about migrating to a Debian-based system, and wanted to see how things panned out for those who already migrated. Now that end of life has officially occurred, you can learn from the organizations who have already migrated to Ubuntu.
The State of Open Source Report 2024 reports that 46% of surveyed enterprises are using Ubuntu, making it the #1 Linux distribution yet again and marking an increase from 26% in 2023. Whilst we cannot attribute the entire increase to just one factor, the corresponding decline in CentOS share and the approach of end of life will have undoubtedly had a hand.
So, what does a successful migration to Ubuntu look like? Meet Pentera, a leader in Automated Security Validation. They selected Ubuntu due to the lack of maturity in the ecosystem for direct CentOS successors. Despite Ubuntu being Debian-based, it offered a production-ready, mature ecosystem, a consideration that outweighed initial concerns about compatibility. Due to Canonical’s preparation for migrations from CentOS, and the mature ecosystem that Ubuntu offered, the migration was seamless. Pentera migrated 80% of their deployment with only minor code modifications.
Fact 2 – Developers prefer Ubuntu
The Stack Overflow Developer Report 2024 ranked Ubuntu as the most popular Linux distribution amongst developers for professional use, outranking its next nearest neighbor (Debian) with 27.7% vs 9.1%. This is because Ubuntu has a vibrant community of developers who help Canonical, the publisher of Ubuntu, to provide them with the latest open source packages.
For example, Ubuntu 24.04 LTS comes with over 30,000 open source packages such as Python, Ruby, Go, Java, Apache, Nginx, PostgreSQL, MySQL, Node.js, PHP and more. This integration frees developers from needing to manually integrate packages that do not belong to the ecosystem and offers a level of stability not found with OSes that lack widespread community support.
We listen carefully to our community when working on new releases. Ubuntu 24.04 LTS builds on user feedback by incorporating enhancement for WSL (Windows Subsystem for Linux), enablement of frame pointers by default and the introduction of LTS toolchains, which extend support to .NET releases for the entire lifecycle of the Ubuntu release.
Fact 3 – Ubuntu LTS is predictable, stable and secure
Ubuntu 24.04 (Noble Numbat) is the latest LTS release of Ubuntu
We know that when migrating, you want to make sure your landing zone is stable. With all the work that goes into a migration, you want to ensure that continual maintenance doesn’t become a burden. Ubuntu provides that stable landing zone.
A long term support (LTS) version of Ubuntu is released every two years, and all LTS releases benefit from five years of free security maintenance (which you can choose to extend to twelve years). To keep Ubuntu users secure, the Ubuntu Security Team applies thousands of security patches.
Moreover, the team acts fast to leave no time for bad actors to exploit vulnerabilities: critical CVEs are patched in less than 24 hours on average. With the latest release – Ubuntu 24.04 LTS – all users get security updates for the operating system, as well as straightforward access to thousands of curated open source applications freely available until 2029.
Fact 4 – You can cover your whole open source dependency tree
You can now secure your entire open-source dependency tree and free your developers to focus less on maintenance, and more on delivery. By extending container support on top of RHEL, VMware and public cloud K8s, your transition to Ubuntu becomes even more seamless.
As a result, users benefit from the consistent experience regardless of whether they use their Ubuntu machine for development purposes or is running workloads in production. Ubuntu Pro is free for personal use on up to 5 physical machines with unlimited VMs and containers on top – learn more here.
Canonical works to deliver a consistent, stable Ubuntu experience across the whole stack. Interoperability is at the heart of what Ubuntu is, allowing Ubuntu to act as a neutral layer that harmonizes your entire stack.
As there is no “commercial distribution” of Ubuntu (see Fact #5), on workstations, in the data center, on the edge, and in clouds, you’ll find the same ecosystem, simple CLI setup and security patching. On public clouds specifically, Ubuntu is the #1 guest OS. It delivers the same great Ubuntu experience with a layer of seamless integration and many kernel-level, cloud-specific optimisations.
In terms of hardware, Canonical works directly with vendors such as Dell, Intel and NVIDIA to create optimized Ubuntu images for their hardware. By migrating from CentOS to Ubuntu, you’ll widen your horizons and gain optimization improvements thanks to years of hardware partnership. In a way, the end of life of CentOS 7 could signal an opportunity to reshape how you combine hardware and software to create solutions.
Conclusion
As time continues to pass since the CentOS end of life, we expect that the proportion of organizations using CentOS will drop steadily. As you consider your next move, we’d recommend you make use of the resources we’ve created to help you evaluate Ubuntu against alternatives for your migration, and take advantage of the migration guide we’ve created.
deepin's 8th overseas branch community has been established! With the steady progress of the internationalization of the deepin community, we are pleased to announce that deepin's 8th overseas branch community - Bolivia Station - has been officially established! This also marks a further increase in the influence of the deepin community in South America, and lays a more solid foundation for deepin's globalization journey. deepin Bolivian Community: https://deepinbolivia.com/ Bolivia is a landlocked country located in western South America, with rich cultural diversity. Bolivia has several "world's greatest", including the highest capital city in the world, La Paz, the largest plateau ...Read more
Dear Armbians, welcome to this week’s newsletter! Here, you’ll find updates on the latest release and community contributions.
Armbian Rolling Releases: What You Need to Know
Armbian offers rolling releases for users seeking the most up-to-date features and bug fixes. These rolling releases are available at the bottom of the official Armbian download pages. However, it’s important to remember that while these versions are functional, they are not as thoroughly tested as the stable releases and therefore are not recommended for production environments.
If you need to switch between stable and rolling releases, check out armbian-config.
Recent Changes
The Armbian team has been hard at work making significant updates. Here’s what was changed in the past week (detailed):
Rockchip64 Bootable in VMs
A major update now makes Rockchip64 bootable in virtual machines (VMs). This enhancement is a big step forward for developers and users working with Rockchip-based boards in virtualized environments.
Kernel Module Compression Changes
A contribution to the Armbian kernel changed the forced uncompressed modules option for kernels version 6.12 and above. This update should streamline kernel management and improve overall system performance.
HexagonFS Firmware for Elish Added
An important addition to the firmware repository includes HexagonFS firmware for the Elish platform. This new firmware broadens hardware compatibility, helping users integrate newer hardware more seamlessly into their Armbian setups.
Khadas Rewards Community Contributors
We are excited to announce that Khadas has generously rewarded outstanding contributors to the Armbian community!
Khadas Mind Standard goes to @Heisath
Khadas Mind Premium goes to @iav
Their hard work and dedication have helped improve Armbian for all users, and we thank them for their efforts! If you’d like to become a contributor or participate in future reward programs, don’t hesitate to get involved in the Armbian community and make your mark.
Rolling releases are intended for users who are comfortable with potential instability in exchange for access to the latest features and updates. They undergo limited testing, so it’s crucial to check the automated tests before making the switch to ensure it meets your system requirements.
Stay Up-to-Date
For users who prefer stability over cutting-edge features, the stable Armbian Linux release continues to offer well-tested and robust builds that are ideal for production systems.
Miscellaneous daily work often bring a lot of troubles. For instance, the ever-growing pile of desktop files... If you don't want to manually organize them one by one! You might want to try the deepin's Organize Desktop feature, which quickly organizes your desktop with a single click, automatically categorizing files. deepin 23 Organization Desktop Feature Interpretation 1、One-click organization of all desktop icons By right-clicking on the desktop and selecting Organize Desktop, all icons on the desktop will be organized in one click. When you have the need to organize, simply click Organize Desktop each time, and newly added files will remain on ...Read more
Given the 21st century world’s reliance on digital technology, it should go without saying that privacy and security are pressing concerns — for individuals as well as federal and corporate entities. With an abundance of tools at our disposal, however, how do we make informed decisions about which to use to best ensure sensitive information is safe from prying eyes? At Purism, we advocate for the use of Free/Libre and Open-Source Software (FLOSS / OSS) as a cornerstone of any secure and private digital environment.
The recent announcement from Chinese scientists about their successful use of a quantum computer to crack military-grade encryption has sent shockwaves through the cybersecurity community. This breakthrough, utilizing a D-Wave Advantage quantum computer, marks a significant milestone in the field of quantum computing. The implications of this development are profound, particularly for industries reliant on classical cryptographic systems like RSA and AES.
In a land far away, there were two brothers, two plumbers. To preserve their anonymity, we'll call them... Mario and Luigi. Their mother, a kind and friendly woman, and their father, a man with (by the laws of averages and genetics) a truly gargantuan moustache, raised them both to be kind and friendly (and moustachioed) in their turn. There was enough work in the town to keep both the plumbers busy, and they each grew through apprentice to journeyman to experience and everyone liked them. They both cared about the job, about their clients, and they each did good work, always going the extra mile, doing more than was necessarily asked for, putting in an extra hour to tighten that pipe or fit a better S-bend or clean up the poor workmanship of lesser craftsmen and cowboys. They were happy. Even their rivalry for each job was good-humoured, a friendly source of amusement to them and to the town. Sometimes people would flip a coin to choose which to ring, having no way to choose between them, and Mario would laugh and suggest that he should have two-headed coins made, or Luigi would laugh and say that that ought to make it his turn next.
But there came a time of downturn, when the people of the town had to hold tighter to their purses, and fewer called out for plumbers. And Luigi, after much thought, decided to take a job with Bowser's, the big plumbing conglomerate from the city. He was worried: the big company were often slapdash or inexperienced in their work, and discourteous or evasive to their clients, and more interested in bottom lines than hot water lines. But they paid extremely well, and they had the latest tools, and there was security in having a contract and a title and a boss. Besides, Bowser's worked for so many more people that Luigi's own skills could only help that many more. Maybe he could even teach them something about quality, and craftsmanship, and care. He suggested to Mario that they both joined, and Mario thought hard about it, and eventually decided not to, though it was a close-run thing. Both the brothers shook hands on it, respecting one another's decision, although in the silence of their hearts each was a little disappointed in the other.
Luigi did well at Bowser's. He was right about the latest tools, and about the pay, and about the security. And he was partially right about teaching the big company something about quality. His work was often better than his colleagues, sometimes through expertise but most often because he tried harder: he loved the work, and wanted to do well, and was kind and friendly when he could be. But sometimes, try though he might, the time wasn't there, or the parts weren't in the van, and these things were not his fault; someone else at the big company had cut corners on their job and that forced Luigi to cut corners on his and make people sad and angry, or put in more time to fix it than he would have spent doing it all correctly himself in the first place. He pushed hard inside the company to fix these things, and he had some successes; a policy was written suggesting that employees work harder to improve customer happiness, and many customers across the land were made a little happier as a result. Luigi won an award. He trained some apprentices, and many of his little ways of making people happier and the job better were adopted into the company training scheme. One time he went home after another argument with his boss about the things that were not adopted, and that night he looked enviously out of their window at his brother's house across the street, thinking that it would be a fine thing to not have a boss who stopped you from doing things right.
Mario did well working for himself. The time of downturn ended and things began to pick up again, maybe not quite to where they had been but nearly there for all that, and the phone calls and messages came in once more. Everyone was pleased to see him, and although he maybe took a little longer than the men from the big company, his work was never slapdash, always taking the time to do it right. And he had less money, but he really didn't mind, or begrudge it; he had enough to get by, and he loved the work, and wanted to do well, and was kind and friendly. He did envy his brother's toolbox, though, all the latest gear while Mario himself made do with things a little older, a little rustier, but they were all good quality tools that he understood, and the work was as good and better. In November one year a very expensive plumber's inspection camera was stolen from his brother's van, and Mario thought that it would have been great to have such a thing and maybe he would have taken better care, and then he felt guilty about thinking that of his brother. He felt guiltier still when on Christmas morning he opened the box from Luigi to find an expensive inspection camera in it. But then his brother winked at him and put a finger to his lips, and all was well between them again. One time Mario was up to his waist in the drain outside a house, raindrops rattling on his hat and cursing the god who invented backflow, when he saw his brother drive past all unknowing in his modern van, windows wound up and singing along with the radio, and he looked enviously after the van's lights in the storm, thinking that it would be a fine thing to have just a notch more comfort and influence and two fewer wet knees.
The launch of Ubuntu in 2004 was a step-change for everyday users and developers everywhere. Nicknamed “Ubuntu Linux” in its early days, to differentiate it from its various cousins in the Linux world, it has since lost the need for its surname and grown to become a powerful force.
Besides being used by millions of home users, Ubuntu is widely used in the development and business world. As developers have become a driving force of innovation, so has Ubuntu. And that’s because developers love Ubuntu – it is ranked as the #1 Linux OS by enterprise developers.
This coincides with a landscape in which organizations are more open minded about questioning their current IT setups, which often run on proprietary software. The costs of scaling, legacy issues and security concerns are prompting a rethink – so how do businesses use Linux? And what is Ubuntu used for in business?
In this blog, we’ll run through examples of where Ubuntu is making its mark in both business and the public sector, with examples spanning from servers and the public cloud, to the Internet-of-things (IoT).
The power of support: New Mexico State University
No technology exists in a vacuum, and organizations regularly cite the need for external support as a key consideration when making choices. Proprietary software has an owner to maintain it – but what about open source software? Open source software has publishers. Canonical, the publisher of Ubuntu, actively maintains Ubuntu and its ecosystem of packages. This is done regularly, with a predictable cadence.
So far, so good. But what makes Ubuntu stand out is community. Having an active community of users who collaborate together to find vulnerabilities and solve problems allows users to chart their own direction. With more eyes on the code, it’s quicker and easier for the community as a whole to spot and patch vulnerabilities – as well as to provide documented guidance for future users looking to avoid an issue. That’s what prompted New Mexico State University to consider using Ubuntu for their compliance needs.
New Mexico State University’s Physical Science Laboratory faced the prospect of their open source operating software (OS) reaching end of life, which coincided with their target of achieving FIPS compliance. As much of their work was with the public sector, this was a critical task.
The extensive documentation available for Ubuntu made it a solid choice, with troubleshooting often only requiring a web search to find the answer. By opting for Ubuntu Pro, an enterprise support subscription, New Mexico State University extended the long-term support of Ubuntu from 5 years to 10 years, as well as availing themselves of automated hardening tools for compliance.
“Info on Ubuntu is right there at our fingertips. Anything we need to know is always just a Google search away, so whatever issues we run into are easy to solve.” – Ed Zenisek, IT Manager, NMSU Physical Science Lab
According to research by O’Reilly, an American learning company, 67% of organizations use a public cloud – showing that the public cloud has become an integral part of business operations. Keeping your cloud compatible with your wider systems whilst also maintaining strict compliance can feel like being pulled in two directions. By opening the door for them to work with highly regulated clients, Ubuntu proved to be the operating system for LaunchDarkly’s business needs.
LaunchDarkly is a SaaS (software-as-a-service) provider which delivers an industry-leading feature management platform. They use AWS EC2 to deliver services to customers. In order to serve government clients, they needed to become FedRAMP compliant (a US federal government security standard).
They selected Ubuntu after discovering that Canonical publishes a FIPS-compatible Ubuntu image for AWS. This enabled them to use Ubuntu to do business securely in a heavily regulated environment. With an Ubuntu Pro subscription, they benefit from 10 years of security patching and compliance hardening and benchmarking tools, allowing them to focus on innovation.
By using Ubuntu for their compliance needs, LaunchDarkly was able to become the first FedRAMP compliant feature-management platform on the market.
“It just works. Of all the things that give me trouble and keep me up at night, Ubuntu is not one of them”.
The story of technology in business is very much a security story. A shiny, sleek new technology emerges and your business wants to spring it into action, only to have security rain on your parade. But this is the wrong way of looking at it: successfully combining security and innovation provides you with a competitive advantage and the ability to access highly restricted markets. That’s exactly what Rehrig Pacific achieved by using Ubuntu.
Rehrig Pacific is a US-based industry leader in waste, recycling and supply chain solutions. They have over 100 years of history, but they aren’t looking back. Far from being tied to tradition, they wanted to harness AI to automate the shipment processes they provide to customers. They sought to automate the process of pallet screening, that is, the process of checking a shipment before it goes out to ensure it has the correct items. However, they needed to do this behind customer firewalls and in-line with strict security protocols.
Rehrig Pacific decided that using Ubuntu Core for their devices was the right choice for incorporating AI into their business offering. Ubuntu Core is an embedded flavor of Ubuntu, and it provided a nimble solution that could deliver advanced AI scanning capability with an immutable, minimized attack surface. Ubuntu Core is entirely containerized, meaning that every application is strictly isolated, preventing data exchange and ensuring that packages can be deployed, updated and retired without disrupting the overall system.
“Adopting Ubuntu Core has helped our engineers mature their thinking in how we deliver scalable enterprise products. It’s enabled us to move from an R&D product to a full-scale enterprise solution.”
—Robert Martin, Vice President of Technology, Rehrig Pacific
BeWell manufactures self-test kiosks that enable patients to take their own vitals
Advancements in patient care strongly mirror advancements in technology. For patients, this is a welcome development as it means a faster time to triage, treatment or diagnosis. BeWell’s patient self-testing kiosks are a part of this story, enabling faster triage and allowing the deployment of nurses to other tasks.
However, delivering on the promise of technology means making sure that you can continue to draw on the latest innovations with timely, secure updates. As they planned to scale up their offering to more and more hospitals, they needed to be able to roll out updates remotely, without disrupting normal operations. Their customers needed confidence that the devices would be highly performant in the long-term and offer a seamless experience for patients – ensuring that a high standard of medical care could be provided at all times.
By using Ubuntu Core, BeWell was able to create a more seamless patient experience. As an embedded OS created specifically for devices, Ubuntu Core’s containerization provided a stable foundation for BeWell’s applications. Backed by Ubuntu’s long-term support commitment, Canonical provides updates and patching for 10 years, all of which take place remotely and at the right moment.
“Ubuntu Core gave us the features we were looking for out-of-the-box without making us responsible for them. As a lean company, we need to pick our battles. Taking ownership of the entire OS stack and update delivery wasn’t viable. It would have been a distraction from our product and our core business”.
A seamless patient experience extends beyond the waiting room. Grundium’s story takes us to the lab, where the important diagnostic work takes place. Grundium is a medical device manufacturer which produces high-resolution digital microscopes, known as Ocus® Scanners. The images that these microscopes take are of high enough quality for pathologists in distributed locations to work on them together – eliminating the need for physical sample transfer to request a second opinion.
Grundium needed an OS that would run smoothly on their specialized hardware, and provide the security needed to meet their customers’ strict compliance requirements. Through Canonical’s partnership with NVIDIA, Ubuntu was already optimized and certified for this card, leading Grundium to use Ubuntu as the underlying OS.
Using an open source OS with such a well developed ecosystem proved to be an advantage for Grundium, who were able to go-to-market more quickly as a result of the maturity of the packages available to them. The logical next step was to subscribe to enterprise-grade security from Canonical through an Ubuntu Pro for Devices subscription. This provides continuous patching for up to 10 years, allowing Grundium’s developers to focus on optimizing their products, rather than compliance.
“Our customers in the medical industry require a security scan of any technical product they are using. If you don’t have an OS that is continuously patched and maintained, you don’t pass. Ubuntu Pro for Devices ensures that we can meet the requirements of our clients.” – Kimmo Alanen, Vice President, Grundium
Whatever your field of innovation, the ability to be agile and flexible is a competitive advantage across business and industrial landscapes, where technology underpins the speed and direction of travel.
If you’re looking for an operating system for your business that is highly-performant across your stack, and has large scale buy-in from developers and security teams alike, then we’d recommend learning more about how Ubuntu can put your business firmly in the driving seat of your technological evolution.
Traditional softwares and operating systems for businesses might provide the comfort of familiarity, but as legacy systems creak, the time is ripe for a new approach that puts businesses and public sector bodies firmly in the driving seat when it comes to development and security.
On 22nd and 23rd of October 2004, an open source event called “OS04” took place in Graz, Austria.
Jon “Maddog” Hall gave the keynote speech; and the first release of Grml was published.
Now, 20 years later, Grml is still around!
We would like to celebrate this milestone with our users from all around the world!
The team would like to collect postcards from Grml users everywhere and create a “Grml wall”.
So if you are a Grml user, we would love to receive a postcard from where you live!
Our mailing address is:
Grml Solutions
Weblinger Strasse 75d
8054 Graz
Austria
Feel free to share your feedback with your postcard!
Where are you from? Why are you using Grml?
Maybe you have any special wishes for an upcoming Grml release?
Do you have anything else you always wanted to tell us?
I want to thank everyone who nominated themselves. While Khairul Aizat Kamarudzzaman and Jason C. Nucciarone sadly did not get a seat, they are still very valued community members with an impressive track record! We hope we can continue to work with them and any other community members to keep building this great project!
I also want to thank the outgoing Community Council members Monica Ayhens-Madon, Chris Guiver, and Torsten Franz. It was a pleasure working with you!
Originally posted to the Ubuntu Community Hub on Sat Oct 19 11:51 UTC 2024 by Merlijn Sebrechts, on behalf of the Ubuntu Community Council.
I decided to be more selective and remove those that did very porly at 1.5G, which was most.
Ubuntu - booted but desktop not stable, took 1.5 minutes to load Firefox
Xubuntu-minimal - does not include a web browser so can't further test. Snap is preinstaled even though no apps are - but trying to install a web browser worked but couldn't start.
Manjaro KDE - Desktop loads, but browser doesn't
Xubuntu - laggy when Firefox is opened, can't load sites
Ubuntu Mate -laggy when Firefox is opened, can't load sites
Kubuntu - laggy when Firefox is opened, can't load sites
Linux Mint 22 - desktop loads, browsers isn't responsive
Fedora video is a bit laggy, but watchable.. EndlessOS with Chromium is the most smooth and resonsive watching YouTube.
For fun let's look at startup time with 2GB (with me hitting buttons as needed to open a folder)
Conclusion
Lubuntu lowered it's memory usage from 2020 for loading a desktop 585M to 450M! Kudos to Lubuntu team!
Both Fedora and Endless desktops worked in lower memory then 2020 too!
Lubuntu, Fedora and Endless all used Zram.
Chromium has definitely improved it's memory usage as last time Endless got dinged for using it. Now it appears to work better then Firefox.
We’re excited to announce our participation in EDUCAUSE 2024 from 21 to 24 October. We’re looking forward to meeting many of our partners and customers in person. Stop by our booth, number 4047, to join the conversation about building open-source cloud and virtualization in a secure environment.
Ubuntu has long been a preferred operating system for Universities and colleges. The ease of use, user-friendliness, and security that Ubuntu offers are a perfect foundation for reliable infrastructure.
However, Canonical solutions for academic institutions for long are not limited to the beloved operating system. Here are just a couple of examples of the leading Universities taking advantage of the open-source products and tools we provide.
University of Alabama at Birmingham accelerates research with Canonical Charmed Infrastructure and Ceph on Dell infrastructure
The University of Alabama at Birmingham (UAB) is an internationally renowned public research university and academic medical center that has more than 22,000 students enrolled and over 24,000 faculty members. UAB generates $12.1 billion in annual economic impact within the State of Alabama.
UAB is committed to empowering its researchers with all of the tools and technologies they need to work as efficiently and effectively as possible. With the rise of containerisation, the university saw an opportunity to further accelerate research by transforming its approach to compute and storage resource management through Kubernetes.
To make this vision a reality, the organization turned to its trusted partners Dell Technologies and Canonical.
“The fact that Canonical and Dell had a partnership made it easy for us to act on our deployment goals.”
How New Mexico State University accelerates compliant federal research with Ubuntu
With the introduction of the Cybersecurity Maturity Model Certification (CMMC) 2.0 program and FIPS 140 validated cryptography, New Mexico State University’s Physical Science Laboratory (PSL) was under pressure to find a new operating system that would meet these stringent compliance standards. At the same time the right choice would need to be easy to use for their team of in-house researchers and student hires.
PSL was using CentOS, which was about to be discontinued. This sent them on a mission to find a cost-effective, easy-to-use, and compliant alternative.
After a series of trials, Ubuntu emerged as the clear choice for PSL. It wasn’t just that Ubuntu offered the necessary FIPS 140 certification through Ubuntu Pro at a price 4-5 times lower than other options; Ubuntu also has an intuitive design and large open source community, along with comprehensive and free documentation, making it the ideal solution for PSL’s diverse team.
Transitioning to a new OS could have been a disruptive process, but thanks to the simplicity of Ubuntu and wealth of online resources, the shift was almost seamless.
The feedback from the team at PSL says it all. As Ed Zenisek, IT Manager at PSL, puts it, “Info on Ubuntu is right there at our fingertips. Anything we need to know is always just a Google search away, so whatever issues we run into are easy to solve”.
At EDUCAUSE we will also talk about building and managing open-source private cloud solutions. Alongside Canonical Openstack, now we’re offering Microclouds, small-scale clouds optimized for repeatable and reliable remote deployments.
Microclouds consist of low-footprint clusters of compute nodes with distributed storage and secure networking. They can serve as small-scale private clouds, or as edge clouds distributed across a number of locations.
Microclouds are a great fit to build a new infrastructure and an alternative to many solutions offered by Vmware.
Learn how Canonical empowers Université de l’Ontario Français dream of rapid scaling through MicroCloud and enterprise support here.
What else?
Ubuntu Pro, Kubernetes, Openstack and Microcloud are just several examples of multiple open-source solutions we’re offering at Canonical. Visit our team at booth #4047 and bring us any open-source challenge and we will be happy to solve it for you!
If you’d like to learn more about open-source solutions for your organization book an in-person time with EDU Account Executives Carlos Falsiroli or Hannah Watsonhere.
Financial services are powered by technology. The customer experience is increasingly driven by data, with tailoring of products and services to reflect individual behaviors and preferences. All of this rests on a foundation of secure, stable technology that can support agility and flexibility to adapt to customer needs, whilst at the same time remaining compliant.
Sound familiar? It’s no secret that financial institutions are amongst the most cautious when making major technological changes. This makes sense given the sensitivity of their work. In fact, despite the transition to the cloud being well established, 60% of financial institutions report that their legacy tech stack is too costly and inadequate. As with all legacy systems, the now unsupported CentOS will begin to show its age. As a result, the burden of maintenance upon your developers to keep it running will only grow.
In this blog, we’ll run through the benefits Ubuntu offers as an alternative to CentOS, in the context of financial services.
Ubuntu offers a smooth migration experience
When it comes to change management, it’s often the journey (and not the destination) that makes people nervous. Financial institutions are well aware that there are better options out there than their legacy tech. The problem is that many see the cost of implementing these options as not worth the risk. In the same vein, it’s understandable that when dealing with services that operate 24/7, to service customers globally, the concept of moving from a Fedora-based system to a Debian-based system may raise some eyebrows.
The silver-lining to switching from CentOS after EoL is that you can learn from other enterprises who have already made the change. The changes needed to switch from CentOS to Ubuntu are extremely well-documented. Canonical, the publisher of Ubuntu, has published a step-by-step guide for system administrators and enterprises looking to switch to Ubuntu. This guidance is based on the real experiences of our customers. Additionally, customers who have already made the switch, including Pentera and New Mexico State University, have shared their stories of how Canonical’s enterprise-grade support made their transitions to Ubuntu seamless.
It’s worth noting that the Ubuntu community has assisted many migrations from Fedora-based systems over the years. The chances are that any questions you have about packages, dependencies or issues have already been answered.
Whilst no migration is guaranteed to be without bumps in the road, Ubuntu’s wide support base works hard to make it accessible to users from all backgrounds, whichever system they are migrating from.
A diagram showing the current supported releases of Ubuntu
We’ve talked about the journey – now let’s examine the destination. One of the original attractions of CentOS was its stability. Its point release system provided a stable base which financial institutions valued, given that updates would not bring unexpected changes. With all the work that goes into a migration, it’s important that your chosen solution does not require a burdensome level of continual maintenance.
The good news is that Ubuntu follows a regular release cadence. Long-term support editions are released every 2 years, with standard support for 5 years in every instance. This support cadence extends to anywhere you are using Ubuntu in your stack. From bare-metal and workstations to Kubernetes Clusters and edge devices.
With an Ubuntu Pro subscription, you can extend long-term support for up to 12 years, through enterprise-grade support that offers you full maintenance patching for over 30,000 open source packages. This frees your developers to spend more time on activities that drive business value, and less on upkeep and compliance.
There’s no skirting around the fact that security is one of the biggest factors preventing financial institutions from catching up with other industries in terms of technologies. This is with good reason: breaches harm customers, damage reputations and result in punitive measures.
Ubuntu releases have security baked into them by default, through pre-configurations that minimize attack surface and keep protection up to date:
Minimized attack surface
Read-only data sections
No open ports
Password hashing
Disable legacy TLS
Auto-enablements that keep protection up to date
Automated patching
AppArmor (a security module that restricts permissions)
This provides a solid foundation which developers can build upon in order to meet strict compliance requirements.
Given the importance of controls and policies that govern access permissions in compliance frameworks, it’s important your OS empowers security teams to make changes dynamically. Ubuntu, like CentOS, makes use of industry recognized open source standards for identity management. Ubuntu supports advanced identity management features that conform to OpenID Connect authentication protocols, making identity management on Ubuntu interoperable with your wider ecosystem. You can choose to use Ubuntu’s Authd, an authentication daemon that integrates cloud-based identity providers. Alternatively, you can integrate with Microsoft Entra ID (formerly known as Azure Active Directory). However you choose to implement your identity management protocols, Ubuntu provides the enterprise-grade tools for the job.
In addition, with an Ubuntu Pro subscription, your developers can access automated hardening tools for compliance frameworks. This includes ISO 27001, PCI-DSS, FIPS-140 and the Cyber Resilience Act. As financial institutions provide services to a range of other regulated industries, choosing Ubuntu is a sign of commitment to the most rigorous security standards.
Interoperability for cloud computing
Whilst assessing alternatives to CentOS, compatibility will be high on your list of considerations. As organizations continue to shift towards cloud computing for workload deployment, data management and machine learning, it’s important to ensure a layer of interoperability amongst these systems. Whilst traditionally, financial institutions have relied on on-premise infrastructure (also known as “private clouds”), organizations are increasingly adopting hybrid-cloud approaches. This approach allows greater scalability and flexibility in workload deployment.
Open source systems, like CentOS and Ubuntu, are able to provide interoperability between public and private clouds. This is because they are both open source systems and not tied to any specific vendor. However, Ubuntu brings considerable advantages over other OSes in this regard. Through Ubuntu Server, financial organizations can deploy workloads at scale across both public and private clouds, be they OpenStack clouds, Kubernetes clusters or databases. With a single OS, you can harmonize your approach across your cloud stack.
Additionally, Ubuntu is the #1 guest OS on public clouds. There are certified Ubuntu images available for AWS, Azure, Google Cloud, Oracle and IBM Cloud. As public cloud vendors become more attuned to compliance requirements and attempt to capture more regulated markets, the importance of public clouds as part of a hybrid-cloud strategy will continue to grow.
Artificial intelligence at scale
With the importance of AI in finance continuing to grow, the ability to harness customer data to provide a truly tailored experience, as well as to spot potential fraud or predict surges in demand (to name just a few applications), financial services institutions are integrating machine learning models into their tech stacks.
This ties in to cloud computing, given the importance of clouds when deploying AI workloads. Kubernetes is the orchestration platform that is most widely used for deploying AI workloads, with it projected to reach 90% enterprise adoption by 2027. Given that AI is one of the fastest evolving enterprise technologies, continuing to use an OS that has reached end of life will limit your opportunities, as incompatibilities and lack of maintenance are likely to cause model failure.
By contrast, Ubuntu is the reference platform for Kubernetes, meaning that Kubernetes is built on Ubuntu. By choosing Ubuntu as your OS, you’re empowering your developers to run your AI/ML lifecycle on a single, integrated stack. This enables you to maximize your resources, avoid wastage and most importantly, simplify operations for your developers.
Learn more about Ubuntu for financial services
Since CentOS reached end of life, financial institutions will need to make decisions about how to deploy their resources. Do they choose to invest considerable time and effort in keeping a legacy system running? Or is it time to switch to a new system that empowers them to face future challenges with future-facing technology?
To discuss a change to Ubuntu, click the link below to share your information and begin a discussion.
From 1.0 to 1.5, UOS AI is constantly iterating and growing: the interaction methods are richer, the information given is more rigorous, and it is becoming more and more considerate. UOS AI launches two important functions: UOS AI FollowAlong & UOS AI Writing. They will help you quickly regain your work status and greatly improve your work efficiency. Below is a detailed introduction. UOS AI FollowAlong 01 Easy to operate in seconds, with a gentle swipe turning it into intelligent In deepin 23, most applications support the use of [UOS AI FollowAlong]. For example, in the process of text ...Read more
---===[ Qubes Security Bulletin 105 ]===---
2024-10-17
Missing enforced decorations for stubdomain windows under KDE
User action
------------
Continue to update normally [1] in order to receive the security updates
described in the "Patching" section below. No other user action is
required in response to this QSB.
Summary
--------
Qubes OS enforces the drawing of specific window decorations (e.g.,
colored borders around windows) in order to assist the user in
recognizing which window belongs to which qube. This applies both to
normal windows with title bars as well as other windows like menus
(which, behind the scenes, are separate windows). For normal windows,
the color of the title bar and border matches the qube's color
label, and the text in the title bar is prefixed with the qube's
name in brackets. Windows without title bars have only colored
borders.
A qube running in HVM mode may optionally use an emulated display
instead of the seamless Qubes GUI integration. This emulation is done by
QEMU running in a so-called stubdomain, which is a little helper VM
running alongside the main VM. There is also a GUI daemon that is
responsible for handling the GUI requests that come from the stubdomain.
Due to an error, when running under KDE, this GUI daemon is not being
instructed to set the window properties (as required by KDE) necessary
to display the correct title prefix and colored border.
Impact
-------
An attacker who manages to compromise an HVM qube's stubdomain (which
would require discovering and exploiting an independent vulnerability)
can create windows that are missing the usual enforced decorations. Such
windows would instead have the same title bar and borders as normal dom0
windows. An attacker could attempt to use such a window to deceive or
confuse the user into thinking that the window belongs to dom0.
An attacker could also attempt to make such a window appear to belong to
another qube by prefixing the text in the title bar with that qube's
name. However, since the attacker cannot control the windows' border
color, the border will not match that qube's color label. Instead, the
borders of such windows will always use the default color set by the
window manager theme in dom0.
Moreover, every window has an icon that is displayed, by default, in the
title bar, the taskbar, and the task switcher. These icons are still
correctly colored in accordance with their respective qubes' color
labels. In addition, all windows without title bars still have their
correct border colors.
Affected systems
-----------------
Only systems using KDE as the desktop environment in dom0 are affected.
The default desktop environment in Qubes OS is Xfce, and KDE is not
installed by default. This means that users must manually install KDE in
dom0 and opt to use it as their desktop environment in order for their
systems to be affected by this vulnerability.
Only qubes running in HVM mode are affected. In the default Qubes OS
configuration, only sys-net and sys-usb run in HVM mode.
If an HVM qube has the `gui-emulated` feature set to '' (i.e., the empty
string, not to be confused with an unset feature) and the `debug`
property set to "false," then that HVM qube is not affected by this
vulnerability, since there will be no running GUI daemon for its
stubdomain unless manually requested by the user.
Patching
---------
The following packages contain security updates that address the
vulnerabilities described in this bulletin:
For Qubes 4.2, in dom0:
- python3-qubesadmin version 4.2.15
These packages will migrate from the security-testing repository to the
current (stable) repository over the next two weeks after being tested
by the community. [2] Once available, the packages are to be installed
via the Qubes Update tool or its command-line equivalents. [1]
In order for the update to take effect, the graphical user session in
dom0 must be restarted. This can be accomplished either by logging out
and back in again or by a full restart of the system.
Credits
--------
The bug was reported by Yaroslav Bolyukin.
References
-----------
[1] https://www.qubes-os.org/doc/how-to-update/
[2] https://www.qubes-os.org/doc/testing/
--
The Qubes Security Team
https://www.qubes-os.org/security/
The purpose of this announcement is to inform the Qubes community that a new Qubes security bulletin (QSB) has been published.
What is a Qubes security bulletin (QSB)?
A Qubes security bulletin (QSB) is a security announcement issued by the Qubes security team. A QSB typically provides a summary and impact analysis of one or more recently-discovered software vulnerabilities, including details about patching to address them. For a list of all QSBs, see Qubes security bulletins (QSBs).
Why should I care about QSBs?
QSBs tell you what actions you must take in order to protect yourself from recently-discovered security vulnerabilities. In most cases, security vulnerabilities are addressed by updating normally. However, in some cases, special user action is required. In all cases, the required actions are detailed in QSBs.
What are the PGP signatures that accompany QSBs?
A PGP signature is a cryptographic digital signature made in accordance with the OpenPGP standard. PGP signatures can be cryptographically verified with programs like GNU Privacy Guard (GPG). The Qubes security team cryptographically signs all QSBs so that Qubes users have a reliable way to check whether QSBs are genuine. The only way to be certain that a QSB is authentic is by verifying its PGP signatures.
Why should I care whether a QSB is authentic?
A forged QSB could deceive you into taking actions that adversely affect the security of your Qubes OS system, such as installing malware or making configuration changes that render your system vulnerable to attack. Falsified QSBs could sow fear, uncertainty, and doubt about the security of Qubes OS or the status of the Qubes OS Project.
How do I verify the PGP signatures on a QSB?
The following command-line instructions assume a Linux system with git and gpg installed. (For Windows and Mac options, see OpenPGP software.)
Obtain the Qubes Master Signing Key (QMSK), e.g.:
$gpg --fetch-keys https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: requesting key from 'https://keys.qubes-os.org/keys/qubes-master-signing-key.asc'
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key DDFA1A3E36879494: public key "Qubes Master Signing Key" imported
gpg: Total number processed: 1
gpg: imported: 1
View the fingerprint of the PGP key you just imported. (Note: gpg> indicates a prompt inside of the GnuPG program. Type what appears after it when prompted.)
$gpg --edit-key 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494
gpg (GnuPG) 2.2.27;Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Qubes Master Signing Key
gpg>fpr
pub rsa4096/DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key
Primary key fingerprint: 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494
Important: At this point, you still don’t know whether the key you just imported is the genuine QMSK or a forgery. In order for this entire procedure to provide meaningful security benefits, you must authenticate the QMSK out-of-band. Do not skip this step! The standard method is to obtain the QMSK fingerprint from multiple independent sources in several different ways and check to see whether they match the key you just imported. For more information, see How to import and authenticate the Qubes Master Signing Key.
Tip: After you have authenticated the QMSK out-of-band to your satisfaction, record the QMSK fingerprint in a safe place (or several) so that you don’t have to repeat this step in the future.
Once you are satisfied that you have the genuine QMSK, set its trust level to 5 (“ultimate”), then quit GnuPG with q.
gpg>trust
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: unknown validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
pub rsa4096/DDFA1A3E36879494
created: 2010-04-01 expires: never usage: SC
trust: ultimate validity: unknown
[ unknown] (1). Qubes Master Signing Key
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg>q
Import the included PGP keys. (See our PGP key policies for important information about these keys.)
$gpg --import qubes-secpack/keys/*/*gpg: key 063938BA42CFA724: public key "Marek Marczykowski-Górecki (Qubes OS signing key)" imported
gpg: qubes-secpack/keys/core-devs/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key 8C05216CE09C093C: 1 signature not checked due to a missing key
gpg: key 8C05216CE09C093C: public key "HW42 (Qubes Signing Key)" imported
gpg: key DA0434BC706E1FCF: public key "Simon Gaiser (Qubes OS signing key)" imported
gpg: key 8CE137352A019A17: 2 signatures not checked due to missing keys
gpg: key 8CE137352A019A17: public key "Andrew David Wong (Qubes Documentation Signing Key)" imported
gpg: key AAA743B42FBC07A9: public key "Brennan Novak (Qubes Website & Documentation Signing)" imported
gpg: key B6A0BB95CA74A5C3: public key "Joanna Rutkowska (Qubes Documentation Signing Key)" imported
gpg: key F32894BE9684938A: public key "Marek Marczykowski-Górecki (Qubes Documentation Signing Key)" imported
gpg: key 6E7A27B909DAFB92: public key "Hakisho Nukama (Qubes Documentation Signing Key)" imported
gpg: key 485C7504F27D0A72: 1 signature not checked due to a missing key
gpg: key 485C7504F27D0A72: public key "Sven Semmler (Qubes Documentation Signing Key)" imported
gpg: key BB52274595B71262: public key "unman (Qubes Documentation Signing Key)" imported
gpg: key DC2F3678D272F2A8: 1 signature not checked due to a missing key
gpg: key DC2F3678D272F2A8: public key "Wojtek Porczyk (Qubes OS documentation signing key)" imported
gpg: key FD64F4F9E9720C4D: 1 signature not checked due to a missing key
gpg: key FD64F4F9E9720C4D: public key "Zrubi (Qubes Documentation Signing Key)" imported
gpg: key DDFA1A3E36879494: "Qubes Master Signing Key" not changed
gpg: key 1848792F9E2795E9: public key "Qubes OS Release 4 Signing Key" imported
gpg: qubes-secpack/keys/release-keys/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key D655A4F21830E06A: public key "Marek Marczykowski-Górecki (Qubes security pack)" imported
gpg: key ACC2602F3F48CB21: public key "Qubes OS Security Team" imported
gpg: qubes-secpack/keys/security-team/retired: read error: Is a directory
gpg: no valid OpenPGP data found.
gpg: key 4AC18DE1112E1490: public key "Simon Gaiser (Qubes Security Pack signing key)" imported
gpg: Total number processed: 17
gpg: imported: 16
gpg: unchanged: 1
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 0 trust: 6-, 0q, 0n, 0m, 0f, 0u
Verify signed Git tags.
$cd qubes-secpack/
$git tag -v`git describe`object 266e14a6fae57c9a91362c9ac784d3a891f4d351
type commit
tag marmarek_sec_266e14a6
tagger Marek Marczykowski-Górecki 1677757924 +0100
Tag for commit 266e14a6fae57c9a91362c9ac784d3a891f4d351
gpg: Signature made Thu 02 Mar 2023 03:52:04 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
The exact output will differ, but the final line should always start with gpg: Good signature from... followed by an appropriate key. The [full] indicates full trust, which this key inherits in virtue of being validly signed by the QMSK.
Verify PGP signatures, e.g.:
$cd QSBs/
$gpg --verify qsb-087-2022.txt.sig.marmarek qsb-087-2022.txt
gpg: Signature made Wed 23 Nov 2022 04:05:51 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
$gpg --verify qsb-087-2022.txt.sig.simon qsb-087-2022.txt
gpg: Signature made Wed 23 Nov 2022 03:50:42 AM PST
gpg: using RSA key EA18E7F040C41DDAEFE9AA0F4AC18DE1112E1490
gpg: Good signature from "Simon Gaiser (Qubes Security Pack signing key)" [full]
$cd ../canaries/
$gpg --verify canary-034-2023.txt.sig.marmarek canary-034-2023.txt
gpg: Signature made Thu 02 Mar 2023 03:51:48 AM PST
gpg: using RSA key 2D1771FE4D767EDC76B089FAD655A4F21830E06A
gpg: Good signature from "Marek Marczykowski-Górecki (Qubes security pack)" [full]
$gpg --verify canary-034-2023.txt.sig.simon canary-034-2023.txt
gpg: Signature made Thu 02 Mar 2023 01:47:52 AM PST
gpg: using RSA key EA18E7F040C41DDAEFE9AA0F4AC18DE1112E1490
gpg: Good signature from "Simon Gaiser (Qubes Security Pack signing key)" [full]
Again, the exact output will differ, but the final line of output from each gpg --verify command should always start with gpg: Good signature from... followed by an appropriate key.
For this announcement (QSB-105), the commands are:
You can also verify the signatures directly from this announcement in addition to or instead of verifying the files from the qubes-secpack. Simply copy and paste the QSB-105 text into a plain text file and do the same for both signature files. Then, perform the same authentication steps as listed above, substituting the filenames above with the names of the files you just created.
AVEIRO TREMEU. Numa cave mal iluminada, rodeados de cervejas e patinhos de borracha, um bando de perigosos meliantes reuniu-se em assembleia secreta, perturbando gravemente o sono das gentes sérias e trabalhadoras dessa malograda cidade, para espalharem a sua mensagem de Software Livre. O que aconteceu? Uma gravação clandestina, que obtivemos em exclusivo, revelar-vos-á TUDO!
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
AVEIRO TREMEU. Numa cave mal iluminada, rodeados de cervejas e patinhos de borracha, um bando de perigosos meliantes reuniu-se em assembleia secreta, perturbando gravemente o sono das gentes sérias e trabalhadoras dessa malograda cidade, para espalharem a sua mensagem de Software Livre. O que aconteceu? Uma gravação clandestina, que obtivemos em exclusivo, revelar-vos-á TUDO!
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
In our last update, PureOS development was blocked in August as the Laniakea maintainer was away. In September, we tasked another team member to start learning Laniakea and address these issues. We've now addressed the two issues that we discussed previously, and we expect to have a build worker processing the job queue soon. This effort was funded by Purism, providing us more resources to get Crimson out to devices.
Next week, it-sa, one of the largest platforms for IT security solutions, will kick off. On the opening day, October 22, 2024, from 11:00 a.m., Greenbone’s CEO Dr. Jan-Oliver Wagner will show how companies can remain capable of managing crisis situations. With the “Action” in Forum 6-B “Be secure and stay secure” he shows ways out of the growing threats posed by cyber risks. It is not for nothing that his overview of the possibilities and potential of vulnerability management is not called a “lecture”, but “action”: action is needed!
Take Action!
In times when ransomware gangs are trying to extort tens of millions of dollars, it’s essential for companies and organizations to act as early as possible to ensure the security of their IT systems, data and business operations. Every investment in cyber security pays off many times over when the acquisition costs of a corresponding proactive solution are compared with the costs incurred by a security breach – the costs of paying ransom are devastating. As with any calculation of interest and compound interest: the earlier the investment, the more it pays off.
Greenbone’s solutions start at the earliest possible point in the history of cyber risks: the proactive detection of security vulnerabilities in your own IT infrastructure. Proactive vulnerability management goes hand in hand with a well-founded security strategy. Security intelligence is continuously provided, systems are monitored and results are compared and matched to known vulnerabilities.
Gaining a Knowledge Advantage
Because criminals make their attacks on their victims’ networks as impactful and widespread as possible in order to maximize their profits, IT managers should make it as difficult as possible in return. Vulnerability management offers companies a decisive advantage in the race against potential attackers. Vulnerabilities are often exploited before they are publicly announced, but once they are known, the race between attacker and the attacked enters the hot phase: attack vectors should be closed faster than cybercriminals can exploit them.
Manage Risks
To prevent the security risk from escalating, Greenbone solutions now access over 180,000 automated vulnerability tests. This reduces the potential attack surface by 99.9% compared to companies that do not use vulnerability management. These immense opportunities for risk minimization require prudent security management. The more vulnerabilities get uncovered, the more pressing the need for action becomes. Which IT systems require immediate help? Which assets and interaction paths in the company are particularly critical and which security measures should be prioritized?
Only those who have plausible answers to these questions will be able to keep the overall risk of cyber attacks as low as possible in the long term. Jan-Oliver Wagner will identify top priorities and how a corresponding “triage” can be practiced among data and systems in day-to-day operations in the it-sa action “Be secure and stay secure”. Join us!
Visit us at our booth 6-346 or make an appointment right away and get your free ticket to the trade show. We look forward to your visit!
Apache Spark is a popular framework for developing distributed, parallel data processing applications. Our solution for Apache Spark on Kubernetes has made significant progress in the past year since we launched, adding support for Apache Iceberg, a new GPU accelerated image using the NVIDIA Spark-RAPIDS plugin, and support for the Volcano Kubernetes workload scheduler.
A data warehouse, on a cloud-native data lake with Apache Kyuubi
We’ve also been busy adding initial support for Apache Kyuubi to our Charmed Spark solution, so that you can deploy an enterprise-grade, fault-tolerant, ANSI-SQL-compliant data warehouse on your Kubernetes data lake infrastructure, building a so-called ‘lakehouse’. You can deploy a comprehensive, hyper-automated data lake infrastructure using our all-open source control plane, software defined storage and cloud-native compute infrastructure solutions. We’ve even built a couple of runbooks that should get you started in both cloud and on-premise contexts.
There are many benefits to adopting the cloud-native approach to building a data lake:
Disaggregated storage means you can scale and manage your storage tier independently of your compute tier, shut down or scale down your compute tier when not being used, and take advantage of cost-optimized object storage systems for hosting your big data.
Using cloud-native technologies for the compute tier (ie. Kubernetes) assures a high level of portability between infrastructure providers, so you need not be locked in to any one cloud service provider or data center systems vendor.
Using a cloud-native approach means you can build clusters both on the cloud and in your on-premise facility, but use the same operational management approach in a consistent way.
You can potentially “bin pack” other applications onto the same cloud-native platform as your data lake infrastructure, for more efficient resource utilization, if you so wish.
Do you want to use GPUs to accelerate your Spark applications? Kubernetes has excellent support for exposing GPUs to Spark and can greatly simplify setup of this useful acceleration feature.
While we do have some work to do until our Kyuubi integration is fully ready for business, you can already try it out – see our docs for the lowdown.
Spark 4.0 beta – the new features of tomorrow’s Spark, today
Another thing I’ve been itching to announce is our new Spark 4 beta image. This new beta image joins our collection of Spark 3 images – and whilst the beta image isn’t eligible for official support from Canonical, it gives you an easy way to try out the latest upstream Apache Spark 4 beta features today!
Some of the new features of Spark 4 include:
The new Spark Connect API simplifies writing applications that connect to a remote spark cluster, and includes support for the Python, Java, Scala, Golang and Rust languages.
ANSI SQL is enabled by default.
A new Python-based data source API to simplify creating data connectors for Spark using Python. This opens up developing connectors to software engineers that don’t wish to learn or use the Scala language.
Python based UDTFs (User-defined Table Functions) enable users to create custom functions that they can use in queries, similar to a UDF in a more traditional database management system.
There are some cool new things there – well oriented towards advanced data management at whopping scale – so if you’d like to take them for a spin, head on over to our user docs to learn how to quickly set up our Charmed Spark solution for Apache Spark on Kubernetes.
Preview today using Charmed Spark and our Spark container image
You can freely access our Apache Spark 4 beta container image in Github Container Registry right here –
If you’d like to learn more about getting enterprise-grade support for Apache Spark from Canonical, contact us and we’ll be happy to jump on a call with you to discuss further, or you can browse our Charmed Spark product page if you prefer.
While the German government has yet to implement the necessary adjustments for the NIS2 directive, organizations shouldn’t lose momentum. Although the enforcement is now expected in Spring 2025 instead of October 2024, the core requirements remain unchanged. While there remains a lot of work for companies, especially operators of critical infrastructure, most of it is clear and well-defined. Organizations must still focus on robust vulnerability management, such as that offered by Greenbone.
Missed Deadlines and the Need for Action
Initially, Germany was supposed to introduce the NIS2 compliance law by October 17, 2024, but the latest drafts failed to gain approval, and even the Ministry of the Interior does not anticipate a timely implementation. If the parliamentary process proceeds swiftly, the law could take effect by Q1 2025, the Ministry announced.
A recent study by techconsult (only in German), commissioned by Plusnet, reveals that while 67% of companies expect cyberattacks to increase, many of them still lack full compliance. NIS2 mandates robust security measures, regular risk assessments and rapid response to incidents. Organizations must report security breaches within 24 hours and deploy advanced detection systems, especially those already covered under the previous NIS1 framework.
Increased Security Budgets and Challenges
84% of organizations plan to increase their security spending, with larger enterprises projecting up to a 12% rise. Yet only 29% have fully implemented the necessary measures, citing workforce shortages and lack of awareness as key obstacles. The upcoming NIS2 directive presents not only a compliance challenge but also an opportunity to strengthen cyber resilience and gain customer trust. Therefore, 34% of organizations will invest in vulnerability management in the future.
Despite clear directives from the EU, political delays are undermining the urgency. The Bundesrechnungshof and other institutions have criticized the proposed exemptions for government agencies, which could weaken overall cybersecurity efforts. Meanwhile, the healthcare sector faces its own set of challenges, with some facilities granted extended transition periods until 2030.
Invest now to Stay Ahead
Latest since the NIS2 regulations impend, businesses are aware of the risks and are willing to invest in their security infrastructure. As government action lags, companies must take proactive measures. Effective vulnerability management solutions, like those provided by Greenbone, are critical to maintaining compliance and security.
Networking is a complex topic, and there is lots of confusion around the definition of an “online” system. Sometimes the boot process gets delayed up to two minutes, because the system still waits for one or more network interfaces to be ready. Systemd provides the network-online.target that other service units can rely on, if they are deemed to require network connectivity. But what does “online” actually mean in this context, is a link-local IP address enough, do we need a routable gateway and how about DNS name resolution?
The requirements for an “online” network interface depend very much on the services using an interface. For some services it might be good enough to reach their local network segment (e.g. to announce Zeroconf services), while others need to reach domain names (e.g. to mount a NFS share) or reach the global internet to run a web server. On the other hand, the implementation of network-online.target varies, depending on which networking daemon is in use, e.g. systemd-networkd-wait-online.service or NetworkManager-wait-online.service. For Ubuntu, we created a specification that describes what we as a distro expect an “online” system to be. Having a definition in place, we are able to tackle the network-online-ordering issues that got reported over the years and can work out solutions to avoid delayed boot times on Ubuntu systems.
In essence, we want systems to reach the following networking state to be considered online:
Do not wait for “optional” interfaces to receive network configuration
Have IPv6 and/or IPv4 “link-local” addresses on every network interface
Have at least one interface with a globally routable connection
Have functional domain name resolution on any routable interface
A common implementation
NetworkManager and systemd-networkd are two very common networking daemons used on modern Linux systems. But they originate from different contexts and therefore show different behaviours in certain scenarios, such as wait-online. Luckily, on Ubuntu we already have Netplan as a unification layer on top of those networking daemons, that allows for common network configuration, and can also be used to tweak the wait-online logic.
With the recent release of Netplan v1.1 we introduced initial functionality to tweak the behaviour of the systemd-networkd-wait-online.service, as used on Ubuntu Server systems. When Netplan is used to drive the systemd-networkd backend, it will emit an override configuration file in /run/systemd/system/systemd-networkd-wait-online.service.d/10-netplan.conf, listing the specific non-optional interfaces that should receive link-local IP configuration. In parallel to that, it defines a list of network interfaces that Netplan detected to be potential global connections, and waits for any of those interfaces to reach a globally routable state.
In addition to the new features implemented in Netplan, we reached out to upstream systemd, proposing an enhancement to the systemd-networkd-wait-online service, integrating it with systemd-resolved to check for the availability of DNS name resolution. Once this is implemented upstream, we’re able to fully control the systemd-networkd backend on Ubuntu Server systems, to behave consistently and according to the definition of an “online” system that was lined out above.
Future work
The story doesn’t end there, because Ubuntu Desktop systems are using NetworkManager as their networking backend. This daemon provides its very own nm-online utility, utilized by the NetworkManager-wait-online systemd service. It implements a much higher-level approach, looking at the networking daemon in general instead of the individual network interfaces. By default, it considers a system to be online once every “autoconnect” profile got activated (or failed to activate), meaning that either a IPv4 or IPv6 address got assigned.
There are considerable enhancements to be implemented to this tool, for it to be controllable in a fine-granular way similar to systemd-networkd-wait-online, so that it can be instructed to wait for specific networking states on selected interfaces.
A note of caution
Making a service depend on network-online.target is considered an antipattern in most cases. This is because networking on Linux systems is very dynamic and the systemd target can only ever reflect the networking state at a single point in time. It cannot guarantee this state to be remained over the uptime of your system and has the potentially to delay the boot process considerably. Cables can be unplugged, wireless connectivity can drop, or remote routers can go down at any time, affecting the connectivity state of your local system. Therefore, “instead of wondering what to do about network.target, please just fix your program to be friendly to dynamically changing network configuration.” [source].
Package reiser4progs was removed from live system.
Program ocs-scan-disk: use lsblk so the codes is neater. The block device with file system (e.g., sda has ntfs file system) can be correctly shown now. Ref: https://github.com/stevenshiau/clonezilla/issues/67
Merged zstd and zstdmt, use "zstd -T0" by default. Hence the following extra_zstdmt_* variables are dropped: extra_zstdmt_opt, extra_zstdmt_dc_opt, extra_zstdmt_opt_onthefly & extra_zstdmt_dc_opt_onthefly. This will be easier for user to customize that using boot parameters. Now only available variables for zstd are: extra_zstd_opt, extra_zstd_dc_opt, extra_zstd_opt_onthefly & extra_zstd_dc_opt_onthefly. Thanks to trfl for asking. Ref: https://sourceforge.net/p/clonezilla/discussion/Clonezilla_live/thread/27e0b4559d/?limit=25#0d85/99ae
Replaced reboot with "systemctl -f reboot" so that root over NFS won't hang when rebooting. Same for poweroff command. The option HALT_REBOOT_OPT is set as "-f" in drbl-ocs.conf.
The third issue of the deepin Bi-Weekly Technical Report has been released. We will briefly list the progress of various deepin teams over the past two weeks and outline the general plan for the next two weeks! DDE (deepin Desktop Environment) Defect fixes for deepin 23 and requirement development for deepin 25 are progressing steadily in parallel. The specific progress and plans are as follows: Progress The development of the new QML Control Center for deepin 25 is progressing steadily, with support for modules such as Network, Personalization, Bluetooth, and Keyboard now completed. The taskbar has improved the accuracy of ...Read more
In the relatively short time Micko01 has been a BL forum member he has made numerous contributions to the project.
The team came to the conclusion that his work - and ours - would go more smoothly if he was a BunsenLabs developer, and we are delighted to announce that he accepted our offer to join.
Sorry my blog updates have been MIA. Let me tell you a story…
As some of you know, 3 months ago I was in a no fault car accident. Thankfully, the only injury was I ended up with a broken arm. ER sends me home in a sling and tells me it was a clean break and it will mend itself in no time. After a week of excruciating pain I went to my follow up doctor appointment, and with my x-rays in hand, the doc tells me it was far from a clean break and needs surgery. So after a week of my shattered bone scraping my nerves and causing pain I have never felt before, I finally go in for surgery! They put in a metal plate with screws to hold the bone in place so it can properly heal. The nerve pain was gone, so I thought I was on the mend. Some time goes by and the swelling still has not subsided, the doctors are not as concerned about this as I am, so I carry on until it becomes really inflamed and developed fever blisters. After no success in reaching the doctors office my husband borrows the neighbors car and rushes me to the ER. Good thing too, I had an infection. So after a 5 day stay in the hospital, they sent us home loaded with antibiotics and trained my husband in wound packing. We did everything right, kept the place immaculate, followed orders with the wound care, took my antibiotics, yet when they ran out there was still no sign of relief, or healing. Went to doctors and they gave me another month supply of antibiotics. Two days after my final dose my arm becomes inflamed again and with extra spectacular levels of pain to go with it. I call the doctor office… They said to come in on my appointment day ( 4 days away ). I asked, “You aren’t concerned with this inflammation?”, to which they replied, “No.”. Ok, maybe I am over reacting and it’s all in my head, I can power through 4 more days. The following morning my husband observed fever blisters and the wound site was clearly not right, so once again off we go to the ER. Well… thankfully we did. I was in Sepsis and could have died… After deliberating with the doctor on the course of action for treatment, the doctor accepted our plea to remove the plate, rather than tighten screws and have me drive 100 miles to hospital everyday for iv antibiotics (Umm I don’t have a car!?) So after another 4 day stay I am released into the world, alive and well. I am happy to report, the swelling is almost gone, the pain is minimal, and I am finally healing nicely. I am still in a sling and I have to be super careful and my arm was not fully knitted. So with that I am bummed to say, no traveling for me, no Ubuntu Summit
I still need help with that car, if it weren’t for our neighbor, this story would have ended much differently.
As we celebrate 20 years of Ubuntu, we wanted to take a moment to reflect on the value of partnership. The idea that software should be open source and accessible to all gave birth to a vibrant community of users and a partner ecosystem who help us take Ubuntu across industries.
So who do we work with? We are fortunate to count over 100 partners, all of whom have a different relationship with Ubuntu.
Our partnership journey
When Ubuntu launched in 2004, one of our goals was to encourage adoption by the Linux community and establish Ubuntu as a reliable and user-friendly distro. Our first partner was the Debian and Linux community, partners that remain with us to this day.
As Ubuntu became more widely adopted, other organizations would soon take notice and draw on Ubuntu’s robustness, adaptability and reliability.
We created our Global Partner Programme in 2007 to drive awareness of Ubuntu as an enterprise-ready server platform. We enlisted the help of partners across the development lifecycle, from application testing and engineering to installation support.
In this blog, we reflect on how our partners have helped us shape Ubuntu in the face of evolving technology needs. We’ll celebrate how, through collaboration, we’ve made sure that our open source values reach different countries, industries and devices. Here’s to celebrating 20 years of partnership!
Delivering value to developers for 20 years with Intel
Intel has been working with Canonical since our foundation in 2004 – it suffices to say that to tell the whole story would take a blog of its own. The length of our partnership is a testament to how Canonical and Intel have tackled the changing tech landscape, without compromising on our belief in delivering value to developers.
Whilst our mission has stayed the same, the technology has vastly evolved. To bring truly scalable AI within the reach of developers, Canonical worked to optimize Ubuntu for the Intel® Tiber™ Cloud. This is a development environment that increases performance by 10-100X. Together, we’re proud to broaden access to innovation.
In Intel’s video, we talk to their EVP, Chief Technology Officer, Greg Lavender. He reflects on our joint goals of enhancing security and delivering innovation in burgeoning areas like AI.
Securing devices with ASUS IoT
When Ubuntu launched 20 years ago, the Internet of Things looked quite different to how it does today. For end consumers, internet connectivity was associated with computers alone. Mobile phones at the time were primarily for calls and SMS. Whilst devices such as smart fridges and connected phones existed, they were either a proof-of-concept or prohibitively expensive.
However, it would not be long before the IoT ecosystem truly began to flourish. The advent of smartphones, fitness trackers and industrial IoT was just around the corner. Nowadays, we see specialized hardware for use cases as varied as agricultural tracking, 5G network management and robotics.
ASUS IoT is a sub-brand of ASUS dedicated to the creation of solutions in the fields of AI and IoT. We began working together in 2021, with the goal of offering more choice to customers in the device market. ASUS IoT chose Ubuntu as a solid choice for security and stability. Given Ubuntu’s track record of successful cross-industry usage, we value collaborating with partners to create solutions for new use cases that work out of the box.
It’s incredibly important for us to work with partners like ASUS IoT, who are at the cutting edge of technology. As use cases become more specialized, we will continue working with partners to identify where Ubuntu can have the biggest impact.
Access our video to hear more from Leslie Yu, Deputy Division Director of Software Design Department at ASUS IoT.
Going to the edge with ADLINK
When we first launched Ubuntu Server (known at the time as “Ubuntu Server Edition”), centralized servers were the predominant mode of organizing a network. Edge computing began to develop around this time with content delivery networks, which were used by eCommerce sites to deliver web content from servers located near to end users.
The rise of distributed computing and edge computing, powered by the increased power offered by 5G technology, has led organizations to invest in systems that can efficiently distribute their workloads dynamically, reflecting real-time shifts in usage and customer needs.
Linux-based systems offer the light weight, flexibility and freedom required to run increasingly specialized functions in networks. As a provider of embedded computing solutions, ADLINK chose Ubuntu as their OS for delivering secure, reliable IoT gateways for their customers. Together, we combine the flexibility and transparency that Ubuntu is known for with the robust security practices that enterprises expect.
Check out our video to hear Henri Parmentier, Senior Product Manager at ADLINK, reflect on using Ubuntu for IoT gateways.
Building trust in new markets with Edensoft
From the outset, our mission was to create an OS that anybody could use, regardless of their location or background. That’s why when we first launched 20 years ago, our ShipIT service would send CDs at no cost to anyone who requested them in the world.
As the device market has expanded over the past 20 years, new markets have emerged and began to flourish across the globe. Whilst downloads have largely replaced CDs, our partners often act as the vehicle to bringing Ubuntu to new users. Enterprises often contract managed service providers to advise and build the solutions they need. They place their trust in the provider to recommend the best tools for the job.
One such partner that we are proud to collaborate with is Edensoft, an integrated IT and cloud managed solutions provider based in China. Our channel partners are key in establishing Ubuntu as a secure, enterprise-grade OS across regions and taking Ubuntu to the forefront of the latest technological developments across the world.
Explore our video to learn more from Diana Ding, Board Chairman at Edensoft, about our 10 years of collaboration.
High performance when pushing the boundaries with Advantech
We’ve worked to ensure Ubuntu offers both stability and versatility when performing in novel situations. That’s what makes partnerships with leaders like Advantech so important.
Advantech is a global leader in the fields of IoT intelligent systems and embedded platforms. They work regularly with clients looking for innovation through AMR (autonomous mobile robots) solutions. A recent example is the optimization of Ubuntu for the RSB-3810. This single board computer, which utilizes the MediaTek Genio-1200 chipset, delivers seamless on-device AI processing, without overconsumption of power. As AI hardware continues to mature and play a role in innovation, we’re delighted to see Ubuntu powering the change.
In their celebratory video, we hear from Advantech’s Joe Chen, Director, Embedded IoT-Group. He reflects on the importance of Ubuntu’s extensive ecosystem of tools, which provide a stable base for Advantech to draw upon when tailoring to their customers’ needs.
Engineering excellence with Qualcomm
The emergence and maturity of new technologies always provides an opportunity for us to take Ubuntu in new directions. As enterprises move towards AI maturity, it’s important for Canonical to ensure that Ubuntu is available on specialized hardware, so that the choice and transparency of open source is represented there.
Our partnership with Qualcomm is one way in which we are giving developers that choice. Qualcomm is a multinational semiconductor, software and service provider with a strong presence in telecommunications. Qualcomm chose Ubuntu as the basis for creating a development environment on Qualcomm chipsets, with use cases ranging from enabling multimedia hardware acceleration to extracting the best possible system level power and performance from the combination of hardware and software.
Check out our video to hear from Sandeep Singhai, VP of Engineering at Qualcomm, about how our engineering teams collaborate to ensure that together our efforts produce real results for customers.
Thank you to all of our partners
As we celebrate 20 years of Ubuntu, we want to thank every single one of our partners for their well-wishes.
Come and celebrate with us by visiting our 20 years content hub. You’ll find information about other partners, as well as tales from our wider community.
The RISC-V Summit North America is a premier annual event that brings together the global RISC-V community – including technical, industry, domain, ecosystem and special interest groups who define the architecture’s specifications. All the experts will meet in Santa Clara, California, to share technology breakthroughs, industry milestones, and case studies. Canonical is proud to sponsor the RISC-V Summit again – come meet us at booth G4!
Canonical and Ubuntu’s expanding role in RISC-V’s future
As RISC-V expands its footprint across industries, Canonical is accelerating this evolution with the newest Ubuntu 24.04 LTS release, designed for optimal performance on RISC-V platforms.
Canonical is at the forefront of the RISC-V revolution. By enabling Ubuntu on multiple RISC-V boards and contributing to open source projects, Canonical strengthens the RISC-V ecosystem, driving adoption across industries like data center, IoT, and client computing. We ensure RISC-V developers have access to secure, scalable, and reliable operating systems, empowering them to innovate faster with Ubuntu.
We are proud to collaborate with RISC-V partners to enable Ubuntu on various RISC-V use cases. We help accelerate the time-to-market by letting developers focus on their core applications without having to worry about the stability of the underlying operating system.
This year we have collaborated with a myriad of partners in enabling their unique use cases:
If you’re keen to learn more about Ubuntu on RISC-V, be sure to join our presentation: Super-optimized Ubuntu and Open Source on RISC-V.
In this session, Canonical will introduce the work being done by the organization to optimize Ubuntu, the most popular Linux operating system, for RISC-V. We will present the Canonical roadmap and vision for Ubuntu on RISC-V, this will include:
Ubuntu and Canonical roadmap for RISC-V profiles
How to enable vendor differentiation and make the unique vendor IP shine in Ubuntu
We will present the depth of our partnerships and contributions towards open source and community projects via RISC-V International and RISE
Date & Time: Tuesday October 22, 3:50 pm – 4:00 pm PDT
Location: Expo Hall – Exhibit Hall A – Demo Theater
Presented by Gordan Markuš, Director of Silicon Alliances, Canonical
While at the conference, come say hi to our team at the Canonical Ubuntu booth G4 and discover:
Details about the availability of Ubuntu on RISC-V
Live demos of Ubuntu running on the latest RISC-V boards
Insights into how you can combine RISC-V open ISA and Ubuntu open-source software to build projects for a range of use cases, from embedded devices to datacenter and HPC deployments
You will also get access to relevant resources and have the opportunity to discuss your specific needs with the experts on our team.
A slightly less busy release this time, mostly due to traveling to the Linux Plumbers Conference and associated events a few weeks ago.
But still far from a boring release. On top of the usual bugfix and performance improvements, we’re getting a number of nice additions for virtual machines, improved clustered LVM support, improvements to incus-migrate and a number of new network features!
The highlights for this release are:
OS info for virtual machines
Console history for virtual machines
Ability to create clustered LVM volume groups
QCOW2 and VMDK support in incus-migrate
Configurable macvlan mode
Load-balancer health information
External interfaces in OVN networks
Parallel cluster evacuation/restoration
The full announcement and changelog can be found here. And for those who prefer videos, here’s the release overview video:
And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus
Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.
In today’s rapidly evolving tech world, the need for fast and efficient data management is more critical than ever. One name that frequently stands out in the NoSQL database world is Redis. Since its introduction in 2009, Redis has become a go-to choice for real-time applications that require exceptional speed and flexibility in handling data.
In this article, we’ll explore the history of Redis, how it’s used, and the benefits it offers to various modern applications.
The History of Redis: Origins and Evolution
Redis, which stands for Remote Dictionary Server, was developed by Salvatore Sanfilippo in 2009. Initially launched as an open-source project to address scalability issues faced by large-scale systems, Redis quickly gained popularity among developers for its ability to process data at lightning speeds.
Redis operates as an in-memory database, meaning it stores all data in RAM rather than on disk. This design enables Redis to deliver significantly faster performance compared to traditional databases, making it ideal for applications that demand real-time speed.
How is Redis Used?
One of the primary reasons Redis is so popular is its flexibility, allowing it to be used in various scenarios. Here are some real-world examples of how Redis is utilized:
Caching Redis is well-known for its use in caching due to its speed. By storing data in memory, Redis drastically reduces the time it takes to retrieve data. This is especially useful in web applications where users need instant access to information such as previously loaded pages, images, or API data.
Session Management Many large platforms use Redis to store user session information. When users log into a system, Redis can store their session data in memory, ensuring quick access. This is crucial for maintaining a smooth user experience without delays.
Real-Time Analytics In a data-driven world, companies need instant analytics to make informed decisions. Redis enables companies to process and analyze data in real time, such as tracking user behavior on websites, monitoring IoT devices, or analyzing financial transactions as they occur.
Message Queuing Redis is also widely used for message queuing via its Pub/Sub (Publisher/Subscriber) feature. This is particularly helpful in systems where real-time communication between services or applications is required, such as notification systems or instant messaging services.
The Benefits of Redis: What Makes It Great?
Incredible Speed Redis stands out because of its speed. As an in-memory database, Redis delivers sub-millisecond response times, making it one of the fastest technologies available for data management. This is why it is often the preferred choice for real-time applications.
Versatile Data Structures Another feature that sets Redis apart is its support for various data structures like strings, lists, sets, and hashes. This versatility allows developers to use Redis in a wide range of scenarios, from storing user information to managing complex data in e-commerce systems.
Persistence Options Even though Redis stores data in memory, it also offers persistence options, allowing users to periodically save data to disk. This provides an added layer of security in case of system failures, ensuring that data is backed up and recoverable.
Easy Scalability Redis is easily scalable, whether vertically (by adding more RAM) or horizontally (by adding more Redis servers). This is essential for growing applications where the need to process more data increases over time.
Conclusion
Redis has proven itself to be one of the most powerful tools in modern data management. Its incredible speed, support for multiple data types, and scalability make it the top choice for real-time applications. Whether you’re a developer building web apps or a company looking to process real-time analytics, Redis is a technology worth exploring.
There you have it—a brief guide to Redis and the benefits it brings. This technology not only accelerates application performance but also provides a flexible and reliable solution for managing data at scale.
When it comes to choosing an operating system for your projects, two names often come up: FreeBSD and Ubuntu. Both have unique strengths and characteristics that make them suitable for different tasks. In this post, we’ll dive deep into the differences and similarities between these two powerful systems, helping you determine which one is the best fit for your needs.
Overview of FreeBSD and Ubuntu
FreeBSD
FreeBSD is an operating system that is derived from the Berkeley Software Distribution (BSD). Known for its performance and advanced networking features, FreeBSD provides a robust environment ideal for servers, embedded systems, and networking applications. The entire operating system, from the kernel to the userland tools, is developed from a single source, which helps ensure consistency and stability.
Ubuntu
Ubuntu is a popular Linux distribution based on Debian. It is widely used for both desktop and server environments due to its user-friendliness and extensive software repositories. Ubuntu emphasizes ease of use and regular updates, making it a favorite among beginners and experienced users alike.
Key Comparisons
1. System Base
FreeBSD: The entire OS is developed from a single source, providing a consistent and cohesive experience. This unified approach allows for seamless integration between the kernel and userland tools.
Ubuntu: As a Linux-based system, Ubuntu relies on the Debian base. While it offers a rich ecosystem of software, the diversity of packages can sometimes lead to compatibility issues.
2. Performance & Efficiency
FreeBSD: Renowned for its lightweight and minimal design, FreeBSD excels in server environments where performance is critical. It manages system resources efficiently, making it ideal for high-traffic applications.
Ubuntu: While Ubuntu performs well in most situations, its default installation comes with a variety of services and applications that can consume more system resources than necessary.
3. Software Availability
FreeBSD: With its Ports Collection and package management system, FreeBSD offers access to over 40,000 software options. However, it may lack some of the more niche applications available on Linux.
Ubuntu: As one of the most popular Linux distributions, Ubuntu boasts extensive software repositories, providing compatibility with nearly all Linux applications. This makes it a go-to choice for developers and users looking for variety.
4. Security
FreeBSD: Security is a core focus of FreeBSD. It features built-in security mechanisms such as jails (which provide a form of lightweight virtualization) and a strong emphasis on minimizing vulnerabilities.
Ubuntu: While Ubuntu is secure and receives regular updates, its wider range of installed software can lead to a larger attack surface. However, it also offers tools like AppArmor for enhanced security.
5. Community & Support
FreeBSD: The FreeBSD community may be smaller, but it is dedicated and knowledgeable. Comprehensive documentation is available, ensuring users have access to the resources they need.
Ubuntu: Ubuntu has a large and active community, along with professional support available through Canonical. The extensive community means users can find help quickly, whether through forums or official channels.
6. Use Cases
FreeBSD: Ideal for servers, network appliances, and scenarios where stability and performance are paramount. Its strong networking capabilities make it a popular choice for firewalls and routers.
Ubuntu: Excellent for desktop use, development environments, and general-purpose servers. Its ease of use makes it particularly appealing for users who are new to Linux.
Conclusion
Choosing between FreeBSD and Ubuntu ultimately comes down to your specific needs and goals. If you’re looking for an operating system that excels in performance, security, and stability, especially in server or networking environments, FreeBSD is an excellent choice. On the other hand, if you prefer a user-friendly interface with a wide array of applications for both desktop and server use, Ubuntu may be the way to go.
Both systems have their strengths, and understanding them can help you make an informed decision. Whichever you choose, you’ll be working with powerful tools that are widely respected in the tech community. Happy computing!
Ubuntu 24.10, codenamed “Oracular Oriole”, is here. This release continues Ubuntu’s proud tradition of integrating the latest and greatest open-source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, partnering with the community and our partners, to introduce new features and fix bugs.
Ubuntu 24.10 features the latest Linux 6.11 kernel for improved performance and hardware support, marking a shift to a more aggressive kernel version selection policy going forward.
Building on our previous LTS efforts around performance engineering, Ubuntu 24.10 now includes kdump-tools on relevant platforms for automatic kernel crashdumps. The default desktop installation also includes sysprof for application and workload profiling.
Ubuntu Desktop delivers GNOME 47 with improvements to performance, user experience and enhanced touchscreen support. The power-profiles-daemon improves power management for AMD CPUs and GPUs while libfprint adds support for many new fingerprint reader devices. Ubuntu Desktop now defaults to Wayland on devices with NVIDIA graphics cards and defaults to the NVIDIA 560 open driver version.
Snap management has also been improved on desktop with better update management and messaging in both the dock and the App Center, alongside an experimental new permissions prompting feature which can be enabled in the new Security Center application.
Valkey now replaces Redis in Ubuntu 24.10 with a configuration migration package to support the transition. As always Ubuntu provides updated toolchains for GCC, LLVM, Rust, Golang and .Net alongside TCK certified packages for OpenJDK 21 and 17.
The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, Ubuntu Unity, and Xubuntu are also being released today. More details can be found for these at their individual release notes under the Official Flavours section:
Users of Ubuntu 24.04 LTS will be offered an automatic upgrade to 24.10 if they have selected to be notified of all releases rather than just LTS upgrades. For further information about upgrading, see:
As always, upgrades to the latest version of Ubuntu are entirely free of charge.
We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:
Ubuntu is a full-featured Linux distribution for desktops, laptops, IoT, cloud, and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.
Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:
Originally posted to the ubuntu-announce mailing list on Thu Oct 10 16:03:21 UTC 2024 by Łukasz ‘sil2100’ Zemczak, on behalf of the Ubuntu Release Team.
The Xubuntu team is happy to announce the immediate release of Xubuntu 24.10.
Xubuntu 24.10, codenamed Oracular Oriole, is a regular release and will be supported for 9 months, until July 2025.
Xubuntu 24.10, featuring the latest updates from Xfce 4.19 and GNOME 47.
Xubuntu 24.10 features the latest updates from Xfce 4.19, GNOME 47, and MATE 1.26. For Xfce enthusiasts, you’ll appreciate the new features and improved hardware support found in Xfce 4.19. Xfce 4.19 is the development series for the next release, Xfce 4.20, due later this year. As pre-release software, you may encounter more bugs than usual. Users seeking a stable, well-supported environment should opt for Xubuntu 24.04 “Noble Numbat” instead.
The final release images for Xubuntu Desktop and Xubuntu Minimal are available as torrents and direct downloads from xubuntu.org/download/.
As the main server might be busy in the first few days after the release, we recommend using the torrents if possible.
We’d like to thank everybody who contributed to this release of Xubuntu!
Highlights and Known Issues
Highlights
Xfce 4.19 is included as a development preview of the upcoming Xfce 4.20. Among several new features, it features early Wayland support and improved scaling.
GNOME 47 apps, including Disk Usage Analyzer (baobab) and Sudoku (gnome-sudoku), include a refreshed appearance and usability improvements
Known Issues
The shutdown prompt may not be displayed at the end of the installation. Instead you might just see a Xubuntu logo, a black screen with an underscore in the upper left hand corner, or just a black screen. Press Enter and the system will reboot into the installed environment. (LP: #1944519)
Xorg crashes and the user is logged out after logging in or switching users on some virtual machines, including GNOME Boxes. (LP: #1861609)
You may experience choppy audio or poor system performance while playing audio, but only in some virtual machines (observed in VMware and VirtualBox)
OEM installation options are not currently supported or available, but will be included for Xubuntu 24.04.1
For more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions, please refer to the Xubuntu Release Notes.
The main Ubuntu Release Notes cover many of the other packages we carry and more generic issues.
Support
For support with the release, navigate to Help & Support for a complete list of methods to get help.
The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 24.10 code-named “Oracular Oriole”. This marks Ubuntu Studio’s 35th release. This release is a Regular release and as such, it is supported for 9 months, until July 2025.
Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a more complete list of changes and known issues. Listed here are some of the major highlights.
You can download Ubuntu Studio 24.10 from our download page.
Special Notes
The Ubuntu Studio 24.10 disk image (ISO) exceeds 4 GB and cannot be downloaded to some file systems such as FAT32 and may not be readable when burned to a standard DVD. For this reason, we recommend downloading to a compatible file system. When creating a boot medium, we recommend creating a bootable USB stick with the ISO image or burning to a Dual-Layer DVD.
Minimum installation media requirements: Dual-Layer DVD or 8GB USB drive.
Full updated information, including Upgrade Instructions, are available in the Release Notes.
Upgrades from 24.04 LTS should be enabled within a month after release, so we appreciate your patience.
New This Release
Minimal Installation
We have now implemented minimal installations in the system installer. This will let you install a minimal desktop to get going and then install what you need via Ubuntu Studio Installer. This will make a faster installation process and lets you customize what you need for your personal Studio.
Unfortunately, at least for the time being, we also had to get rid of the default shortcuts in the panel since it would cause an error when loading without the applications being installed. A solution for this is coming in 25.04.
Generic Kernel
The Generic Ubuntu Kernel is now fully capable of low-latency workloads. As such, with this release, we have switched from the LowLatency Kernel to the Generic Kernel with the boot options to enable the low-latency configuration enabled by default.
These options can be changed via Ubuntu Studio Audio Configuration and customized depending on your use-case and your workload. If you don’t need the low-latency and wish to have a computer that is more energy-efficient, you may wish to turn off all three options. The choice is yours.
Plasma 6
Ubuntu Studio, in cooperation with Kubuntu, switched to Plasma 6 this cycle. This switch was not without issues, so we expect many of the issues to be Plasma 6 related, especially when it comes to the default configuration and theming.
New Look
Ubuntu Studio had been using the same theming, “Materia” (except for the 22.04 LTS release which was a re-colored Breeze theme) since 19.04. However, Materia has gone dead upstream. To stay consistent, we found a fork called “Orchis” which seems to match closely and have switched to that.
As you can see from the screenshot, it has more vivid colors, round corners, and a more modern look. We hope you enjoy it. We are aware of a bug involving a dark bar under windows which may be an issue, but sometimes switching the window decorations to another variation of the theme is a solution.
PipeWire 1.2.4
This release contains PipeWire 1.2. With PipeWire 1.2, FireWire devices requiring FFADO are supported. Do note that the Ubuntu Studio team does not have any FireWire devices and could not test this.
PipeWire’s JACK compatibility is configured to use out-of-the-box and is zero-latency internally. System latency is configurable via Ubuntu Studio Audio Configuration.
However, if you would rather use straight JACK 2 instead, that’s also possible. Ubuntu Studio Audio Configuration can disable and enable PipeWire’s JACK compatibility on-the-fly. From there, you can simply use JACK via QJackCtl.
Complete Deprecation of PulseAudio/JACK setup/Studio Controls
Due to the maturity of PipeWire, the traditional PulseAudio/JACK setup, where JACK would be started/stopped by Studio Controls and bridged to PulseAudio, is now fully deprecated and the option is not offered anymore. This configuration is no longer installable via Ubuntu Studio Audio Configuration. Studio Controls may return someday as a PipeWire fine-tuning solution, but for now it is unsupported by the developer.
Ardour 8.6
While this does not represent the latest release of Ardour, Ardour 8.6 is a great release. If you would like the latest release, we highly recommend purchasing one-time or subscribing to Ardour directly from the developers to help support this wonderful application.
To help support Ardour’s funding, you may obtain later versions directly from ardour.org. To do so, please one-time purchase or subscribe to Ardour from their website. If you wish to get later versions of Ardour from us, you will have to wait until the next regular release of Ubuntu Studio, due in April 2025.
Ubuntu Studio Audio Configuration
Ubuntu Studio Audio Configuration’s Dummy Audio Device now also has a much-requested Dummy Audio Input.
Additionally as described above, Ubuntu Studio Audio Configuration has an option to configure the default boot parameters that are commonly used to enable the low-latency capabilities of the Linux kernel used in Ubuntu. For more information about that, see the Ubuntu Studio Audio Configuration page.
We’re back on Matrix
You’ll notice that the menu links to our support chat and on our website will now take you to a Matrix chat. This is due to the Ubuntu community carving its own space within the Matrix federation.
However, this is not only a support chat. This is also a creativity discussion chat. You can pass ideas to each other and you’re welcome to it if the topic remains within those confines. However, if a moderator or admin warns you that you’re getting off-topic (or the intention for the chat room), please heed the warning.
This is a persistent connection, meaning if you close the window (or chat), it won’t lose your place as you may only need to sign back in to resume the chat.
Frequently Asked Questions
Q: Does Ubuntu Studio contain snaps? A: Yes. Mozilla’s distribution agreement with Canonical changed, and Ubuntu was forced to no longer distribute Firefox in a native .deb package. We have found that, after numerous improvements, Firefox now performs just as well as the native .deb package did.
Thunderbird also became a snap so that the maintainers can get security patches delivered faster.
Additionally, Freeshow is an Electron-based application. Electron-based applications cannot be packaged in the Ubuntu repositories in that they cannot be packaged in a traditional Debian source package. While such apps do have a build system to create a .deb binary package, it circumvents the source package build system in Launchpad, which is required when packaging for Ubuntu. However, Electron apps also have a facility for creating snaps, which can be uploaded and included. Therefore, for Freeshow to be included in Ubuntu Studio, it had to be packaged as a snap.
We have additional snaps that are Ubuntu-specific, such as the Firmware Updater and the Security Center. Contrary to popular myth, Ubuntu does not have any plans to switch all packages to snaps, nor do we.
Q: Will you make an ISO with {my favorite desktop environment}? A: To do so would require creating an entirely new flavor of Ubuntu, which would require going through the Official Ubuntu Flavor application process. Since we’re completely volunteer-run, we don’t have the time or resources to do this. Instead, we recommend you download the official flavor for the desktop environment of your choice and use Ubuntu Studio Installer to get Ubuntu Studio – which does *not* convert that flavor to Ubuntu Studio but adds its benefits.
Q: What if I don’t want all these packages installed on my machine? A: Simply use the Ubuntu Studio Installer to remove the features of Ubuntu Studio you don’t want or need!
Get Involved!
A wonderful way to contribute is to get involved with the project directly! We’re always looking for new volunteers to help with packaging, documentation, tutorials, user support, and MORE! Check out all the ways you can contribute!
Our project leader, Erich Eickmeyer, is now working on Ubuntu Studio at least part-time, and is hoping that the users of Ubuntu Studio can give enough to generate a monthly part-time income. We’re not there, but if every Ubuntu Studio user donated monthly, we’d be there! Your donations are appreciated! If other distributions can do it, surely we can! See the sidebar for ways to give!
Special Thanks
Huge special thanks for this release go to:
Eylul Dogruel: Artwork, Graphics Design
Ross Gammon: Upstream Debian Developer, Testing, Email Support
Sebastien Ramacher:Upstream Debian Developer
Dennis Braun: Upstream Debian Developer
Rik Mills: Kubuntu Council Member, help with Plasma desktop
Scarlett Moore: Kubuntu Project Lead, help with Plasma desktop
Cristian Delgado: Translations for Ubuntu Studio Menu
Dan Bungert: Subiquity, seed fixes
Len Ovens: Testing, insight
Wim Taymans: Creator of PipeWire
Mauro Gaspari: Tutorials, Promotion, and Documentation, Testing, keeping Erich sane
Krytarik Raido: IRC Moderator, Mailing List Moderator
Erich Eickmeyer: Project Leader, Packaging, Development, Direction, Treasurer
The Kubuntu Team is happy to announce that Kubuntu 24.10 has been released, featuring the new and beautiful KDE Plasma 6.1 simple by default, powerful when needed.
Codenamed “Oracular Oriole”, Kubuntu 24.10 continues our tradition of giving you Friendly Computing by integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution.
Under the hood, there have been updates to many core packages, including a new 6.11 based kernel, KDE Frameworks 5.116 and 6.6.0, KDE Plasma 6.1 and many updated KDE gear applications.
Kubuntu 24.10 with Plasma 6.1
Kubuntu has seen many updates for other applications, both in our default install, and installable from the Ubuntu archive.
Applications for core day-to-day usage are included and updated, such as Firefox, and LibreOffice.
For a list of other application updates, and known bugs be sure to read our release notes.
Wayland as default Plasma session.
The Plasma wayland session is now the default option in sddm (display manager login screen). An X11 session can be selected instead if desired. The last used session type will be remembered, so you do not have to switch type on each login.
Note: For upgrades from 24.04, there may a delay of a few hours to days between the official release announcements and the Ubuntu Release Team enabling upgrades.
Wake up and hear the birds sing! Thanks to the hard work from our contributors, Lubuntu 24.10 has been released. With the codename Oracular Oriole, Lubuntu 24.10 is the 27th release of Lubuntu, the 13th release of Lubuntu with LXQt as the default desktop environment. Download and Support Lifespan With Lubuntu 24.10 being an interim […]
This release is an emergency release to fix a critical security
vulnerability in Tor Browser.
Changes and updates
Update Tor Browser to
13.5.7, which
fixes MFSA 2024-51,
a major use-after-free vulnerability. Using this vulnerability, an attacker
could take control of Tor Browser, but probably not deanonymize you in
Tails.
Mozilla is aware of this attack being used in the wild.
A 2023 World Economic Forum report surveyed 151 global organizational leaders and found that 93% of cyber leaders and 86% business leaders believe a catastrophic cyber event is likely within the next two years. Still, many software vendors prioritize rapid development and product innovation above security. This month, CISA’s Director Jen Easterly stated software vendors “are building problems that open the doors for villains” and that “we don’t have a cyber security problem – we have a software quality problem”. Downstream, customers benefit from innovative software solutions, but are also exposed to the risks from poorly written software applications; financially motivated ransomware attacks, wiper malware, nation-state espionage and data theft, costly downtime, reputational damage and even insolvency.
At the end of the day, organizations hold responsibility to their stakeholders, customers and the general public. They need to stay focused and protect themselves with fundamental IT security activities including Vulnerability Management. In September 2024’s Threat Tracking blog post, we review the most pressing new developments in the enterprise cybersecurity landscape threatening SMEs and large organizations alike.
SonicOS Exploited in Akira Ransomware Campaigns
CVE-2024-40766 (CVSS 10 Critical) impacting SonicWall’s flagship OS SonicOS, has been identified as a known vector for campaigns distributing Akira ransomware. Akira, originally written in C++, has been active since early 2023. A second Rust-based version became the dominant strain in the second half of 2023. The primary group behind Akira is believed to stem from the dissolved Conti ransomware gang. Akira is now operated as a Ransomware as a Service (RaaS) leveraging a double extortion tactic against targets in Germany and across the EU, North America, and Australia. As of January 2024, Akira had compromised over 250 businesses and critical infrastructure entities, extorting over 42 million US-Dollar.
Akira’s tactics include exploiting known vulnerabilities for initial access such as:
Greenbone includes tests to identify SonicWall devices vulnerable to CVE-2024-40766 [1][2] and all other vulnerabilities exploited by the Akira ransomware gang for initial access.
Urgent Patch for Veeam Backup and Restoration
Ransomware is the apex cyber threat, especially in healthcare. The US Human and Healthcare Services (HHS) reports that large breaches increased by 256% and ransomware incidents by 264% over the past five years. Organizations have responded with more proactive cybersecurity measures to prevent initial access and more robust incident response and recovery, including more robust backup solutions. Backup systems are thus a prime target for ransomware operators.
Veeam is a leading vendor of enterprise backup solutions globally and promotes its products as a viable safeguard against ransomware attacks. CVE-2024-40711 (CVSS 10 Critical), a recently disclosed vulnerability in Veeam Backup and Recovery is especially perilous since it could allow hackers to target the last line of protection against ransomware – backups. The vulnerability was discovered and responsibly reported by Florian Hauser of CODE WHITE GmbH, a German cybersecurity research company. Unauthorized Remote Code Execution (RCE) via CVE-2024-40711 was quickly verified by security researchers within 24 hours of the disclosure, and proof-of-concept code is now publicly available online, compounding the risk.
Veeam Backup & Replication version 12.1.2.172 and all earlier v12 builds are vulnerable and customers need to patch affected instances with urgency. Greenbone can detect CVE-2024-40711 in Veeam Backup and Restoration allowing IT security teams to stay one step ahead of ransomware gangs.
Blast-RADIUS Highlights a 20 Year old MD5 Collision Attack
RADIUS is a powerful and flexible authentication, authorization, and accounting (AAA) protocol used in enterprise environments to validate user-supplied credentials against a central authentication service such as Active Directory (AD), LDAP, or VPN services. Dubbed BlastRADIUS, CVE-2024-3596 is a newly disclosed attack against the UDP implementation of RADIUS, accompanied by a dedicated website, research paper, and attack details. Proof-of-concept code is also available from a secondary source.
Blast-RADIUS is an Adversary in The Middle (AiTM) attack that exploits a chosen-prefix collision weakness in MD5 originally identified in 2004 and improved in 2009. The researchers exponentially reduced the time required to spoof MD5 collisions and released their improved version of hashclash. The attack can allow an active AiTM positioned between a RADIUS client and a RADIUS server to trick the client into honoring a forged Access-Accept response despite the RADIUS server issuing a Access-Reject response. This is accomplished by computing an MD5 collision between the expected Access-Reject and a forged Access-Accept response allowing an attacker to approve login requests.
Greenbone can detect a wide array vulnerable RADIUS implementations in enterprise networking devices such as F5 BIG-IP [1], Fortinet FortiAuthenticator [2] and FortiOS [3], Palo Alto PAN-OS [4], Aruba CX Switches [5] and ClearPass Policy Manager [6], and on the OS level in Oracle Linux [7][8], SUSE [9][10][11], OpenSUSE [12][13], Red Had [14][15], Fedora [16][17], Amazon [18], Alma [19][20], and Rocky Linux [21][22] among others.
Urgent: CVE-2024-27348 in Apache HugeGraph-Server
CVE-2024-27348 (CVSS 9.8 Critical) is a RCE vulnerability in the open-source Apache HugeGraph-Server that affects all versions of 1.0 before 1.3.0 in Java8 and Java11. HugeGraph-Server provides an API interface used to store, query, and analyze complex relationships between data points and is commonly used for analyzing data from social networks, recommendation systems and for fraud detection.
CVE-2024-27348 allows attackers to bypass the sandbox restrictions within the Gremlin query language by exploiting inadequate Java reflection filtering. An attacker can leverage the vulnerability by crafting malicious Gremlin scripts and submitting them via API to the HugeGraph /gremlin endpoint to execute arbitrary commands. The vulnerability can be exploited via remote, adjacent, or local access to the API and can enable privilege escalation.
It is being actively exploited in hacking campaigns. Proof-of-concept exploit code [1][2][3] and an in-depth technical analysis are publicly available giving cyber criminals a head start in developing attacks. Greenbone includes an active check and version detection test to identify vulnerable instances of Apache HugeGraph-Server. Users are advised to update to the latest version.
Ivanti has Been an Open Door for Attackers in 2024
Our blog has covered vulnerabilities in Invati products several times this year [1][2][3]. September 2024 was another hot month for weaknesses in Ivanti products. Ivanti finally patched CVE-2024-29847 (CVSS 9.8 Critical), a RCE vulnerability impacting Ivanti Endpoint Manager (EPM), first reported in May 2024. Proof-of-concept exploit code and a technical description are now publicly available, increasing the threat. Although there is no evidence of active exploitation yet, this CVE should be considered high priority and patched with urgency.
However, in September 2024, CISA also identified a staggering four new vulnerabilities in Ivanti products being actively exploited in the wild. Greenbone can detect all of these new additions to CISA KEV and previous vulnerabilities in Ivanti products. Here are the details:
CVE-2024-29824 (CVSS 9.6 Critical): An SQL Injection vulnerability [CWE-89] in the Core server component of Ivanti Endpoint Manager (EPM) 2022 SU5 and prior. Exploitation allows an unauthenticated attacker with network access to execute arbitrary code. Exploit code is publicly available on GitHub. The vulnerability was initially disclosed in May 2024.
CVE-2024-8963 (CVSS 9.1 Critical): A Path Traversal [CWE-22] in Ivanti Cloud Services Appliance (CSA) version 4.6 and earlier allows a remote unauthenticated attacker to access restricted functionality. The vulnerability was both disclosed and added to CISA KEV on September 19, 2024. A fix had already been issued by Ivanti on September 10th, allowing users to remediate. However, Ivanti’s recommended mitigation is to upgrade to CSA 5.0. CSA version 4.6 reached its end-of-life (EOL) for security updates just last month in August 2024, however according to its EOL policy, Ivanti will issue security patches for one more year. When used in conjunction with CVE-2024-8190 described below, admin authentication can be bypassed and arbitrary RCE on CSA devices is possible.
CVE-2024-8190 (CVSS 7.5 High): An OS command injection vulnerability [CWE-78] in Ivanti Cloud Services Appliance (CSA) can allow a remote authenticated attacker to obtain RCE. The attacker must have admin level privileges to exploit this vulnerability. Recommended mitigation is to upgrade to CSA 5.0 for continued support. Proof-of-concept exploit code is publicly available for CVE-2024-8190.
Summary
In this month’s Threat Tracking blog, we highlighted major cybersecurity developments including critical vulnerabilities such as CVE-2024-40766 exploited by Akira ransomware, CVE-2024-40711 impacting Veeam Backup and the newly disclosed Blast-RADIUS attack that could impact enterprise AAA. Proactive cybersecurity activities such as continuous vulnerability management and compliance attestation help to mitigate risks from ransomware, wiper malware, and espionage campaigns, allowing defenders to close security gaps before adversaries can exploit them.
A Joana Simões voltou e contou-nos as muitas aventuras que teve (e ainda vai ter) um pouco por todo o mundo; ainda falámos dos nossos Fairphones, das muitas Cimeiras, Encontros, Convenções e encontrões de comunidades por esse mundo fora - e a nossa favorita: a Festa do Software Livre e a Ubucon de 2024, cujo programa estivemos a rever em antecipação. A Festa ’tá forte, pá!
Podem apoiar o podcast usando os links de afiliados do Humble Bundle, porque ao usarem esses links para fazer uma compra, uma parte do valor que pagam reverte a favor do Podcast Ubuntu Portugal.
E podem obter tudo isso com 15 dólares ou diferentes partes dependendo de pagarem 1, ou 8.
Achamos que isto vale bem mais do que 15 dólares, pelo que se puderem paguem mais um pouco mais visto que têm a opção de pagar o quanto quiserem.
Se estiverem interessados em outros bundles não listados nas notas usem o link https://www.humblebundle.com/?partner=PUP e vão estar também a apoiar-nos.
There is a new application available for Sparkers: Floorp Browser What is Floorp Browser? Goals: – Strong Tracking Protection – Flexible Layout – Customizable Design – Regular Updates – No User Tracking – Powered by Open Source Installation (Sparky 7 & 8 amd64): License: MPL and others, open-source Web: github.com/floorp-Projects/floorp/
In the fast-paced world of high-end audio, standing still is not an option. We audiophiles are always on the hunt for that next level of hi-fi, right? That’s what guides our approach at Volumio. Remember our original Primo? The one that had reviewers raving and nabbed a few shiny awards? We thought to ourselves, “How could we make this even better?”
That’s why we created the Primo 2 streamer dac. It’s not just a new model number – it was our way of improving a beloved streamer and seeing where it needed work. We took everything great about the original and gave it a serious upgrade. Whether you’re a die-hard Primo fan looking to level up your listening experience, or you’re just dipping your toes into the world of high-fidelity streaming, we think the Primo 2 hits all the right notes.
. We’re about to break down all the key differences and improvements that make the Primo 2 a game-changer. Trust us, your ears are in for a treat!
The Foundation: What Remains the Same
At Volumio, we’re all about evolution, not revolution. When we set out to create the Primo2, we knew we had a winning formula with the original Primo. Our team has always been passionate about delivering audiophile-grade sound without the audiophile-grade price tag or complexity. These are the things we wanted to keep the same that we knew our Volumiophiles loved about the Primo:
Core DAC: Both versions utilize the renowned Sabre ES9038 DAC chip, known for its excellent detail retrieval and low noise floor.
Streaming Capabilities: The basic streaming functionality remains intact, allowing users to access their favorite music services and local libraries easily.
Key Upgrades: Primo2 vs. Original Primo
1. Enhanced Analog Output Stage
Even though the DAC chip is the same, the Primo2 really steps things up with a much better analog output stage. The new circuit design is specially crafted to get the most out of the DAC, making everything sound better We’ve refined the details to get a cleaner sound:
New Circuit Topology: A custom-designed circuit that optimizes the DAC’s performance.
Improved Components: Higher quality components in the signal path for cleaner sound.
2. Power Supply Upgrades
The Primo2 boasts an upgraded internal power circuit, which contributes to:
Lower Noise Floor: Cleaner power leads to less interference and better overall sound quality.
Improved Dynamics: Better power delivery can enhance the system’s ability to handle dynamic swings in music.
A lower noise floor means there’s less unwanted electrical noise creeping into the sound, so the music you hear is much clearer and more detailed. On top of that, improved dynamics ensure that the quiet moments stay soft and the loud ones hit with full impact, all without any distortion. In short, this power supply helps the Primo2 deliver music the way it was meant to be experienced—pure, immersive, and interference-free
3. Balanced Analog Output
One of the most significant additions to the Primo2:
Superior Noise Rejection: When used with compatible amplifiers, the balanced output can provide better resistance to electromagnetic interference.
Potential for Higher Sound Quality: In many setups, balanced connections can offer improved clarity and soundstage.
The noise rejection in a balanced analog output is essential for preserving signal integrity. By using balanced connections, any external noise or interference picked up during transmission—like hum or RF noise—is effectively canceled out. This is particularly important when running longer cables or in environments with lots of electronic equipment. The result is a cleaner, more accurate signal, ensuring the audio remains as pure and transparent as possible, which is crucial for achieving that high-fidelity sound we all chase.
4. Performance Enhancements
The Primo2 comes with several under-the-hood improvements:
Faster CPU: This results in smoother system responsiveness and quicker navigation.
Upgraded WiFi: The addition of 5G WiFi support ensures faster and more stable streaming capabilities.
Updated Bluetooth: Improved Bluetooth connectivity for those who utilize wireless audio transmission.
We wanted to ensure there were no issues with connectivity, our goal was to have better stability with Primo2 and this meant 5G WiFi and better Bluetooth connectivity.
5. Design and Usability Upgrades
The Primo 2 isn’t just about internal improvements:
Refreshed Aesthetic: A new design that many users find more appealing than the original.
Power Button Addition: Unlike the original, the Primo 2 features a power button, allowing users to turn off the device without unplugging it.
A new Primo also meant a streamer dac that looked new and improved chassis and additions to the overall design. We got award-winning Design Narratives Ltd. to create the unique design of our streamers. And earlier this year they won an IF Design Award
The Listening Experience: Has It Changed?
While the beloved core sound signature of the original Primo remains intact—a classic that audiophiles have come to know and love—the Primo 2 brings a host of upgrades that elevate your listening experience to new heights:
Enhanced Detail: with an improved analog stage and power supply, you’ll likely uncover subtle nuances in recordings that you may have missed before.
Potentially Wider Soundstage: The new balanced outputs can create a more expansive soundstage, allowing you to feel more immersed in the music.
Smoother Operation: The faster CPU means the interface responds with agility. No more lag or awkward pauses—just seamless navigation that lets you dive straight into the music without missing a beat.
Is It Worth Upgrading?
For owners of the original Primo, the decision to upgrade to the Primo 2 hinges on a few key factors:
Balanced Output Need: If your audio system can take advantage of balanced connections, the Primo 2 offers a substantial upgrade in terms of noise rejection and overall sound clarity.
Desire for Refinement: The subtle improvements in sound quality and usability may resonate with discerning listeners who appreciate the finer details in their music.
Aesthetic Preferences: If you’re drawn to the sleek new design, that might also sway your decision to upgrade.
Many audiophiles find that these enhancements justify the investment. Plus, you can always repurpose the original Primo as a high-quality streaming system in a secondary location.
The Evolution of Excellence
The Primo 2 represents a thoughtful evolution of an already excellent product. By maintaining the core strengths of the original Primo while addressing potential areas for improvement, the designers have created a device that pushes the boundaries of what’s possible in an all-in-one streamer/DAC at this price point.
Whether you’re considering an upgrade from the original Primo or looking to enter the world of high-quality audio streaming, the Primo 2 offers a compelling package that combines cutting-edge technology with carefully tuned audio performance. It’s a testament to the idea that there’s always room for improvement in the world of high-end audio – even when the starting point is already impressive.
Ready to experience the next level of audio perfection? Visit our shop to learn more about the Primo 2 and hear the difference for yourself. Don’t miss out on our limited-time Lineo5+ Primo2 offer – upgrade your listening experience today!
Since the mass-adoption of consumer smartphones in 2007, much has been written about the tradeoffs consumers and business users alike have been forced to accept when it comes to mobile computing.
Azure Accelerated Networking and its integration with VyOS Universal Router. In this discussion, we'll delve into how this powerful feature can be leveraged to create high-performance routers in the Azure cloud environment.
Our focus will be on:
Understanding Azure Accelerated Networking.
Steps to integrate this feature with VyOS.
Practical use cases for building efficient, high-speed routers on Azure.
Ubuntu MATE 24.10 is more of what you like, stable MATE Desktop on top of current Ubuntu. Read on to learn more 👓️
Ubuntu MATE 24.10
Thank you! 🙇
My sincere thanks to everyone who has played an active role in improving Ubuntu MATE for this release 👏
I’d like to acknowledge the close collaboration with the Ubuntu Foundations team and the Ubuntu flavour teams, in particular Erich Eickmeyer who pushed critical fixes while I was travelling.
Thank you! 💚
Ships stable MATE Desktop 1.26.2 with a handful of bug fixes 🐛
Switched back to Slick Greeter (replacing Arctica Greeter) due to race-condition in the boot process which results the display manager failing to initialise.
Returning to Slick Greeter reintroduces the ability to easily configure the login screen via a graphical application, something users have been requesting be re-instated 👍
Ubuntu MATE 24.10 .iso 📀 is now 3.3GB 🤏 Down from 4.1GB in the 24.04 LTS release.
This is thanks to some fixes in the installer that no longer require as many packages in the live-seed.
Login Window
What didn’t change since the Ubuntu MATE 24.04 LTS?
If you follow upstream MATE Desktop development, then you’ll have noticed that Ubuntu MATE 24.10 doesn’t ship with the recently released MATE Desktop 1.28 🧉
I have prepared packaging for MATE Desktop 1.28, along with the associated components but encountered some bugs and regressions 🐞 I wasn’t able to get things to a standard I’m happy to ship be default, so it is tried and true MATE 1.26.2 one last time 🪨
Major Applications
Accompanying MATE Desktop 1.26.2 🧉 and Linux 6.11 🐧 are Firefox 131 🔥🦊,
Celluloid 0.27 🎥, Evolution 3.54 📧, LibreOffice 24.8.2 📚
See the Ubuntu 24.10 Release Notes
for details of all the changes and improvements that Ubuntu MATE benefits from.
Download Ubuntu MATE 24.10
Ubuntu MATE 24.10 (Oracular Oriole) is available for PC/Mac users.
There are no offline upgrade options for Ubuntu MATE. Please ensure you have
network connectivity to one of the official mirrors or to a locally accessible
mirror and follow the instructions above.
File system repair when unlocking the Persistent Storage
When the file system of the Persistent Storage has errors, Tails now offers you
to repair the file system when unlocking from the Welcome Screen.
Because not all file system errors can be safely recovered this way, we wrote
comprehensive documentation on how to recover data from the Persistent
Storage using complementary techniques.
Community Data Overview Community Products 1、deepin 25 version planning released In September, the deepin 25 version planning was officially confirmed and released. The main goal is to fix the legacy issues in deepin 23, improve system stability, and complete the functional pilot of technology upgrade (Treeland). >>> Why is there no deepin 24? >>> deepin 25 Version Planing 2、deepin 23 update This month, the internal test was updated 4 times, 16 new features were added, and 77 issues were fixed. 3、deepin Home In September 2024, Deepin Home received a total of 316 user bug and demand feedback: ...Read more
On September 27, 2024, security researcher Simone "evilsocket" Margaritelli reported on his personal blog that the Unix-based printing framework CUPS has multiple high-risk security vulnerabilities[1]. Unauthenticated remote attackers can impersonate printers, using malicious IPP URLs to replace the URLs of existing printers or add new malicious printers. In this scenario, when a user initiates a print job from the affected computer, attackers can silently execute arbitrary commands on that computer through the fake printer URL, thereby achieving the attack. These vulnerabilities have been confirmed by the upstream software maintainers and security personnel, and temporary measures have been taken to disable ...Read more
Happy 28th Birthday KDE!
Xubuntu 24.10, featuring the latest updates from Xfce 4.19 and GNOME 47.
Kubuntu 24.10 with Plasma 6.1
Ubuntu MATE 24.10
Login Window
![[RSS 1.0 Feed]](common/rss10.png){kind=small}
![[RSS 2.0 Feed]](common/rss20.png){kind=small}
![[Atom Feed]](common/atom.png){kind=small}
![[FOAF Subscriptions]](common/foaf.png){kind=small}
![[OPML Subscriptions]](common/opml.png){kind=small}
![[Hacker]](common/hacker.png){kind=small}
![[Planet]](common/planet.png){kind=small}