Sponsored Links

Certified Ubuntu Cloud Guest – The best of Ubuntu on the best clouds

eBook Certified Ubuntu Cloud Guest

Ubuntu has a long history in the cloud. It is the number one guest operating system on AWS, Azure and Google Cloud Platform. In fact there are more Ubuntu images running in the public cloud than all other operating systems combined.

Ubuntu is a free operating system which means anyone can download an image, whenever they want. So why should cloud providers offer certified Ubuntu images to their customers?

This eBook explains why certified Ubuntu images are essential for organisations and individuals that require the highest level of security and reliability.

Download this eBook to learn:

  • How cloud providers differentiate themselves from their competitors by offering customers certified Ubuntu images
  • How to make sure your cloud provider is using certified Ubuntu images

Submit your details to download the eBook:

 

System76 Developer Works on GNOME Encrypted Home Folder Support for Ubuntu 17.10

System76’s kernel engineer Jeremy Soller announced that he’s been working on bringing encrypted Home folder support in the GNOME desktop environment for the upcoming Ubuntu 17.10 (Artful Aardvark) operating system.
Last month, the Denver-based computer reseller specializing in the sale of laptops, desktops, and servers pre-loaded with the Ubuntu Linux operating system revealed their plans for preparing a consistent GNOME experience for their computers powered by Ubuntu 17.10 later this year when the OS launches officially.
While not many were impressed by the new Pop theme that System76 wants to offer by default for their Ubuntu 17.10 system with GNOME desktop, some were thrilled to learn that KDE Connect will become a first class citizen to provide users with seamless notifications from their Android devices.
And now you’ll also be surprised to find out that System76 plans on allowing the Home directory on new installs of Ubuntu 17.10 with the GNOME desktop environment to be encrypted during the creation of a new user, a functionality that appears to be implemented in the CreateUser D-bus call.

Source: http://news.softpedia.com/news/system76-developer-works-on-gnome-encrypted-home-folder-support-for-ubuntu-17-10-516602.shtml
Submitted by: Arnfried Walbrecht

Kernel Team Summary: June 22, 2017

This newsletter is to provide a status update from the Ubuntu Kernel Team. There will also be highlights provided for any interesting subjects the team may be working on.

If you would like to reach the kernel team, you can find us at the #ubuntu-kernel channel on FreeNode. Alternatively, you can mail the Ubuntu Kernel Team mailing list at: kernel-team@lists.ubuntu.com

Highlights

  • FWTS 17.06.00 released: https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/17.06.00
  • Released stress-ng 0.08.05, new Real Time cyclic stressor and Real Time scheduling softlockup stressor.
  • Prepare 4.4.73 (Xenial)
  • Update artful/4.11 to v4.11.6
  • The embargo for CVE-2017-1000364 [1] has expired and the fix was
    released for the following packages in the updates and security pockets:
    • * Trusty
    • – linux 3.13.0-121.170
    • – linux-lts-xenial 4.4.0-81.104~14.04.1
    • * Xenial
    • – linux 4.4.0-81.104
    • – linux-aws 4.4.0-1020.29
    • – linux-gke 4.4.0-1016.16
    • – linux-raspi2 4.4.0-1059.67
    • – linux-snapdragon 4.4.0-1061.66
    • – linux-hwe 4.8.0-56.61~16.04.1
    • – linux-hwe-edge 4.10.0-24.28~16.04.1
    • – linux-joule 4.4.0-1003.8
    • * Yakkety
    • – linux 4.8.0-56.61
    • – linux-raspi2 4.8.0-1040.44
    • * Zesty
    • – linux 4.10.0-24.28
    • – linux-raspi2 4.10.0-1008.11

    Due to that, the proposed updates for the above packages being prepared
    on the current SRU cycle are being re-spun to include the fix.

    [1] CVE description: It was discovered that the stack guard page for
    processes in the Linux kernel was not sufficiently large enough to
    prevent overlapping with the heap. An attacker could leverage this with
    another vulnerability to execute arbitrary code and gain administrative
    privileges.

Devel Kernel Announcements

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The Ubuntu 17.10 Kernel Freeze is Thurs Oct 5, 2017.

Stable Kernel Announcements

Current cycle: 02-Jun through 24-Jun

  • 02-Jun Last day for kernel commits for this cycle
  • 05-Jun – 10-Jun Kernel prep week.
  • 11-Jun – 23-Jun Bug verification & Regression testing.
  • 26-Jun Release to -updates.

Next cycle: 23-Jun through 15-Jul

  • 23-Jun Last day for kernel commits for this cycle
  • 26-Jun – 01-Jul Kernel prep week.
  • 02-Jul – 14-Jul Bug verification & Regression testing..
  • 17-Jul Release to -updates.

Status: CVE’s

The current CVE status can be reviewed at the following:
http://people.canonical.com/~kernel/cve/pkg/ALL-linux.html

Stack Clash flaws blow local root holes in loads of top Linux programs

Powerful programs run daily by users of Linux and other flavors of Unix are riddled with holes that can be exploited by logged-in miscreants to gain root privileges, researchers at Qualys have warned.
Essentially, it’s possible to pull off a “Stack Clash” attack in various tools and applications to hijack the whole system, a situation that should have been prevented long ago.
It’s pretty simple: an application’s stack – used to hold short-term data in memory – grows down into another memory area known as the heap – which is used to hold chunks of information, such as files being viewed or edited, and so on. If you can control what’s in the heap, by feeding carefully crafted data to the program, you can end up overwriting parts of the stack and hijack the flow of execution within the application. Alternatively, you can extend the stack down into the heap, and tamper with important data structures.
When that happens, and if the program has root privileges, an attacker can commandeer the trusted app to take over the whole system as an administrator. These security shortcomings were picked up last month by Qualys, which held off warning of the flaws until patches were in the works.
The issue was first noted by security researcher Gaël Delalleau in 2005, and the vulnerability resurfaced in 2010 when another researcher, Rafal Wojtczuk, noted similar issues while running an Xorg server running on Linux. Fixes were issued after both discoveries.

Source: https://www.theregister.co.uk/2017/06/20/stack_clash_linux_local_root_holes/
Submitted by: Arnfried Walbrecht

OpenStack and Containers live Q&A session

Join us for a 1 hour online session with a cloud expert

OpenStack and Containers Office Hours are online Q&A sessions held on an ongoing basis. Their aim is to help community members and customers deploy, manage and scale their Ubuntu-based cloud infrastructure.

What’s covered?

These interactive online sessions are hosted by an expert from our Cloud Team who will:

  • Outline how to leverage the latest features of Ubuntu OpenStack, LXD, MAAS, Kubernetes and Juju
  • Answer questions on OpenStack and containers technology

Who should attend?

These sessions are ideal for IT Pros, DevOps and SysAdmins wanting a relaxed, informal environment to discuss their experiences using Ubuntu Cloud technology.

Such sessions are normally attended by a small group, making them ideal for networking with other OpenStack and scale-out cloud enthusiasts.

Why join?

Get the chance to ask any questions about our software and support services.

These sessions are attended by a small group, making them ideal for networking with other OpenStack and scale-out cloud enthusiasts.

Upcoming sessions

Book your place

Canonical Wants to Add Hardware Accelerated Video Playback by Default to Ubuntu

In his latest report, Canonical’s Will Cooke reports on the efforts the Ubuntu Desktop team is making to enable hardware-accelerated video playback for the upcoming Ubuntu 17.10 (Artful Aardvark) by default.
According to Will Cooke, the team’s goal right now is to lay the groundwork for a solution that would enable hardware-accelerated playback of video files by default, with a focus on making it work on Intel graphics cards. Suppor for Nvidia and AMD Radeon GPUs should come at a later time thanks to Canonical’s new testing infrastructure.
The Intel SDK (Software Development Kit) issue with the LibVA library should soon be resolved as Intel is currently working on a fix. In related news, Canonical announced that it will soon unveil a call-for-testing programme for Ubuntu, inviting users to take part of small and quick tests that they can regularly perform for continued feedback on the work done so far by the Ubuntu Desktop team for the upcoming release of the operating system, Ubuntu 17.10.
This will help the Ubuntu Desktop team and Canonical ensure the overall quality of the Ubuntu Desktop Live images is kept high throughout the entire development cycle, which will end on October 19, 2017, when the final release of the Ubuntu 17.10 (Artful Aardvark) operating system hits the streets.

Source: http://news.softpedia.com/news/canonical-wants-to-add-hardware-accelerated-video-playback-by-default-to-ubuntu-516555.shtml
Submitted by: Arnfried Walbrecht

MAAS Development Summary: June 12th – 16th

The purpose of this update is to keep our community engaged and informed about the work the team is doing. We’ll cover important announcements, work-in-progress for the next release of MAAS and bugs fixes in release MAAS versions.

MAAS Sprint

The Canonical MAAS team sprinted at Canonical’s London offices this week. The purpose was to review the previous development cycle & release (MAAS 2.2), as well as discuss and finalize the plans and goals for the next development release cycle (MAAS 2.3).

MAAS 2.3 (current development release)

The team has been working on the following features and improvements:

  • New Feature – support for ‘upstream’ proxy (API only)Support for upstream proxies has landed in trunk. This iteration contains API only support. The team continues to work on the matching UI support for this feature.
  • Codebase transition from bzr to git – This week the team has focused efforts on updating all processes to the upcoming transition to Git. The progress so far is:
    • Prepared the MAAS CI infrastructure to fully support Git once the transition is complete.
    • Started working on creating new processes for PR’s auto-testing and landing.
  • Django 1.11 transition – The team continues to work through the Django 1.11 transition; we’re down to 130 unittest failures!
  • Network Beaconing & better network discovery – Prototype beacons have now been sent and received! The next steps will be to work on the full protocol implementation, followed by making use of beaconing to enhance rack registration. This will provide a better out-of-the-box experience for MAAS; interfaces which share network connectivity will no longer be assumed to be on separate fabrics.
  • Started the removal of ‘tgt’ as a dependency – We have started the removal of ‘tgt’ as a dependency. This simplies the boot process by not loading ephemeral images from tgt, but rather, having the initrd download and load the ephemeral environment.
  • UI Improvements
    • Performance Improvements – Improved the loading of elements in the Device Discovery, Node listing and Events page, which greatly improve UI performance.
    • LP #1695312 – The button to edit dynamic range says ‘Edit’ while it should say ‘Edit reserved range’
    • Remove auto-save on blur for the Fabric details summary row. Applied static content when not in edit mode.

Bug Fixes

The following issues have been fixed and backported to MAAS 2.2 branch. This will be available in the next point release of MAAS 2.2 (2.2.1) in the coming weeks:

  • LP: #1678339 – allow physical (and bond) interfaces to be placed on VLANs with a known 802.1q tag.
  • LP: #1652298 – Improve loading of elements in the device discovery page

Debian 9 ‘Stretch’ GNU/Linux Distro Released

The Debian Release team has finally released the Debian 9.0 “Stretch” stable GNU/Linux distribution. Named after Toy Story’s rubber toy octopus, Stretch, this release will remain supported for 5 years. Debian 9 ships with Linux kernel 4.9, new digital forensics tools, GNOME 3.22, default MariaDB, etc. You can either update your exisiting installation or download the new installation media from the project’s website. Last month, we reported about the Debian Release Team’s plans to ship the final release of Debian 9.0 “Stretch” GNU/Linux distribution on June 17. Well, acting well on their promise, they have shipped the new stable version, i.e., Debian 9, code named Stretch. For those who don’t know, Debian codenames are based on the characters in the famous animated movie Toy Story. This release is named after the glittery purple rubber toy octopus, Stretch.
After a combined effort of Debian Security team and Debian LTS team, this release will be supported for the next 5 years. The Release Team has also dedicated this release to Debian founder Ian Murdock, who passed away in December 2015.
Debian 9 could be easily called one of the most important Linux distro releases of 2017 because in the upcoming months, tons of other distros will be based on it.

Source: https://fossbytes.com/debian-9-stretch-features-download-torrent/
submitted by: Arnfried Walbrecht

Linux 4.14 Will Be The Next LTS Kernel Branch

In a Google+ post, Linux kernel developer and maintainer Greg Kroah-Hartman said that Linux kernel 4.14 will be the next LTS kernel series. He asked for suggestions from the community and told that 4.14 will remain supported for at least two years. If the development process gets completed at the regular pace, we can expect to witness the final release in November. Last year in August, we told you that Linux 4.9 was going to be the next LTS kernel release. It arrived towards the November end and brought tons of new features and hardware support. That official announcement was first made by renowned Linux kernel developer Greg Kroah-Hartman.
Now, first spotted by Softpedia, Greg has once again announced on his Google+ page that the next LTS kernel branch will be Linux kernel 4.14.
In his post, Greg wrote: “As no one seemed to make 4.9 blow up too badly, let’s try this again! 4.14 == next LTS kernel.” He further wrote that Linux kernel 4.14 will be supported for at least 2 years.

Source: https://fossbytes.com/linux-4-14-next-lts-kernel/
Submitted by: Arnfried Walbrecht

Ubuntu Server Development Summary – 16 Jun 2017

The purpose of this weekly update is to make sure our community can follow development with toes dipped in before and between jumping headlong into helping shape Ubuntu Server!

Spotlight: Task Tracking

The Canonical Server Team is using Trello to track our weekly tasks. Feel free to take a peek and follow along on the Ubuntu Server Daily board.

cloud-init and curtin

cloud-init

  • Uploaded package to Artful and supported releases proposed
  • Met with Redhat team to discuss packaging and release processes
  • Change config/cloud.cfg to act as template to allow downstream distributions to generate this for special needs
  • Added makefile target to install dependencies on various downstream distributions
  • Enable auto-generation of module docs from schema attribute if present
  • Change Redhat spec file based on init system
  • Convert templates from cheetah to jinja to allow building in python3 environments
  • Setup testing of daily cloud-init COPR builds
  • Fix LP: #1693361 race between apt-daily and cloud-init
  • Fix LP: #1686754 sysconfig renderer from leaving CIDR notation instead of netmask
  • Fix LP: #1686751 selinux issues while running under Redhat

curtin

  • Created PPA for MAAS passthrough networking test
  • Fix LP: #1645680 adding PPA due to new GPG agent

Bug Work and Triage

  • Extended Ubuntu Server triage tool to assist with expiration of bugs in backlog
  • Review expiring ubuntu-server subscribed bugs in backlog
  • Review server-next tagged bugs for priority and relevance
  • Triage samba bugs from backlog
  • 64 bugs reviewed, 1 accepted, 317 in the backlog
  • Notes on daily bug triage

IRC Meeting

Ubuntu Server Packages

Below is a summary of uploads to the development and supported releases. Current status of the Debian to Ubuntu merges is tracked on the Merge-o-Matic page.

Uploads to the Development Release (Artful)

billiard, 3.5.0.2-0ubuntu1, nacc celery, 4.0.2-0ubuntu1, nacc cloud-initramfs-tools, 0.38ubuntu1, smoser curtin, 0.1.0~bzr505-0ubuntu1, smoser lxcfs, 2.0.7-0ubuntu3, stgraber lxd, 2.14-0ubuntu4, stgraber lxd, 2.14-0ubuntu3, stgraber nss, 2:3.28.4-0ubuntu2, mdeslaur python-boto, 2.44.0-1ubuntu2, racb python-tornado, 4.5.1-0ubuntu1, mwhudson rrdtool, 1.6.0-1ubuntu1, vorlon ruby2.3, 2.3.3-1ubuntu1, mdeslaur samba, 2:4.5.8+dfsg-2ubuntu1, mdeslaur Total: 13 

Uploads to Supported Releases (Trusty, Xenial, Yakkety, Zesty)

cloud-init, xenial, 0.7.9-153-g16a7302f-0ubuntu1~16.04.1, smoser cloud-init, yakkety, 0.7.9-153-g16a7302f-0ubuntu1~16.10.1, smoser cloud-init, zesty, 0.7.9-153-g16a7302f-0ubuntu1~17.04.1, smoser ebtables, trusty, 2.0.10.4-3ubuntu1.14.04.1, slashd ebtables, xenial, 2.0.10.4-3.4ubuntu2, slashd ebtables, yakkety, 2.0.10.4-3.5ubuntu1.16.10.1, slashd ebtables, zesty, 2.0.10.4-3.5ubuntu1.17.04.1, slashd lxc, zesty, 2.0.8-0ubuntu1~17.04.2, stgraber lxc, yakkety, 2.0.8-0ubuntu1~16.10.2, stgraber lxc, xenial, 2.0.8-0ubuntu1~16.04.2, stgraber lxd, zesty, 2.14-0ubuntu3~17.04.1, stgraber lxd, yakkety, 2.14-0ubuntu3~16.10.1, stgraber lxd, xenial, 2.14-0ubuntu3~16.04.1, stgraber multipath-tools, yakkety, 0.5.0+git1.656f8865-5ubuntu7.3, cyphermox vlan, trusty, 1.9-3ubuntu10.4, slashd vlan, xenial, 1.9-3.2ubuntu1.16.04.3, slashd vlan, yakkety, 1.9-3.2ubuntu2.16.10.2, slashd vlan, zesty, 1.9-3.2ubuntu2.17.04.2, slashd Total: 18 

Contact the Ubuntu Server team