You are here

Planet Ubuntu

Subscribe to Feed Planet Ubuntu
Planet Ubuntu - http://planet.ubuntu.com/
Përditësimi: 18 orë 36 min më parë

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, June 2018

Pre, 20/07/2018 - 4:28md

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In June, about 202 work hours have been dispatched among 13 paid contributors. Their reports are available:

  • Abhijith PA did 8 hours (out of 10 hours allocated, thus keeping 2 extra hours for July).
  • Antoine Beaupré did 24 hours (out of 12 hours allocated + 12 extra hours).
  • Ben Hutchings did 12 hours (out of 15 hours allocated, thus keeping 3 extra hours for July).
  • Brian May did 10 hours.
  • Chris Lamb did 18 hours.
  • Emilio Pozuelo Monfort did 17 hours (out of 23.75 hours allocated, thus keeping 6.75 extra hours for July).
  • Holger Levsen did nothing (out of 8 hours allocated, thus keeping 8 extra hours for July).
  • Hugo Lefeuvre did 4.25 hours (out of 23.75 hours allocated, but gave back 10 hours, thus keeping 9.5 hours for July).
  • Markus Koschany did 23.75 hours.
  • Ola Lundqvist did 6 hours (out of 8 hours allocated + 17.5 remaining hours, but gave back 15.5 unused hours, thus keeping 4 extra hours for July).
  • Roberto C. Sanchez did 29.5 hours (out of 18 hours allocated + 11.5 extra hours).
  • Santiago Ruano Rincón did 5.5 hours (out of 8 hours allocated + 7 extra hours, thus keeping 9.5 extra hours for July).
  • Thorsten Alteholz did 23.75 hours.
Evolution of the situation

The number of sponsored hours increased to 210 hours per month. We lost a silver sponsor but gained a new platinum sponsor with the Civil Infrastructure Platform project (hosted by the Linux Foundation, see their announce).

We are very happy to see the CIP project engage directly with the Debian project and try to work together to build the software stack for tomorrow’s world’s infrastructure.

The security tracker currently lists 57 packages with a known CVE and the dla-needed.txt file 52.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

The Fridge: Ubuntu 17.10 (Artful Aardvark) End of Life reached on July 19 2018

Pre, 20/07/2018 - 1:59pd

This is a follow-up to the End of Life warning sent earlier this month to confirm that as of today (July 19, 2018), Ubuntu 17.10 is no longer supported. No more package updates will be accepted to 17.10, and it will be archived to old-releases.ubuntu.com in the coming weeks.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 17.10 (Artful Aardvark) release almost 9 months ago, on October 19, 2017. As a non-LTS release, 17.10 has a 9-month support cycle and, as such, the support period is now nearing its end and Ubuntu 17.10 will reach end of life on Thursday, July 19th.

At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 17.10.

The supported upgrade path from Ubuntu 17.10 is via Ubuntu 18.04.

Instructions and caveats for the upgrade may be found at:

https://help.ubuntu.com/community/BionicUpgrades

Ubuntu 18.04 continues to be actively supported with security updates and select high-impact bug fixes. Announcements of security updates for Ubuntu releases are sent to the ubuntu-security-announce mailing list, information about which may be found at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Since its launch in October 2004 Ubuntu has become one of the most highly regarded Linux distributions with millions of users in homes, schools, businesses and governments around the world. Ubuntu is Open Source software, costs nothing to download, and users are free to customise or alter their software in order to meet their needs.

Originally posted to the ubuntu-announce mailing list on Thu Jul 19 22:47:22 UTC 2018 by Adam Conrad, on behalf of the Ubuntu Release Team

Ubuntu Podcast from the UK LoCo: S11E19 – Nineteen Minutes - Ubuntu Podcast

Enj, 19/07/2018 - 4:00md

This week we recover from a failed disk in a ReadyNAS and get to grips with the Amazon Kindle Oasis E-reader. npm gets pwned, Debian 9.5 is released, the Snap Store get verified publishers, categories and other improvements. Humble Bundle offer a Linux Geek Book Bundle, we also round up the community news and events.

It’s Season 11 Episode 19 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Ryan are connected and speaking to your brain.

In this week’s show:

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

David Tomaschik: Hacker Summer Camp 2018: Cyberwar?

Enj, 19/07/2018 - 9:00pd

I actually thought I was done with the pre-con portion of my Hacker Summer Camp blog post series, but it turns out that people wanted to know more about “the most dangerous network in the world”. Specifically, I got questions about how to protect yourself in this hostile environment, like whether people should bring a burner device, how to avoid getting hacked, what to do after the con, etc.

The Network

So, is it “the most dangerous network in the world”? Well, there’s probably some truth to that in the sense that in terms of density of threats, it’s likely fairly high. In terms of sheer volume of threats, the open internet is obviously going to be a leader.

First off, the DEF CON network is really multiple networks. There’s the open WiFi, which is undeniably the Wild West of computers, and there’s the DEF CON “secure” network, which uses WPA2-Enterprise (802.1x) with certificates to verify the APs. The secure network also features client isolation. Additionally, the secure network is monitored by a dedicated NOC/SOC with some very talented and hard-working individuals. I would assert that being compromised on the secure network is approximately the same risk as being compromised on any internet connection.

So, there’s 0-day flying around left and right? Not so much. Most of the malicious traffic is likely coming from someone who just learned how to use Metasploit or just found out about some cool tool in a talk or workshop. Consequently, it’s unlikely to have much impact for those who patch and are security-aware.

What you will see a ton of is WiFi pineapples. People will go buy one at the Hak5 booth, and then immediately turn it on and try to mess with other attendees. It gets pretty old, pretty quickly. Just make sure you’re connected to the DEF CON Secure WiFi and this will be a minimal problem (maybe a denial of service).

In all honesty, the con hotel WiFi is a worse place to be than DEF CON secure, by a large margin. Plenty of stupid things happening there.

3 Approaches The Minimalist

The minimalist carries a flip phone with a burner SIM. He/she maintains contact with friends using SMS or (gasp) actual phone calls. No laptop, no smart phone to be compromised. This is a great approach if you’re not going to participate in any activities that require tech on hand. If you’re going to hang out, listen to a few talks, and drink, this is the approach with no need to worry about getting compromised.

The Burner

No, this isn’t about Burning Man, although DEF CON is kinda like Burning Man for “400-lb hackers in basements”. This hacker brings a burner version of everything: so a smart phone, but a cheap burner. This probably will get compromised, as their carrier hasn’t pushed a patch in 3 years. (And even before that, it shipped with some shady pre-installed apps that send all your contacts over plaintext to a server in China…). They also bring a $200 Dell or HP laptop with Kali Linux on board.

They connect to the first WiFi they see, never mind that it’s labeled “FBI Surveillance Van 404”. If you plan for your hardware to get pwned, it doesn’t really matter if it’s bad WiFi, right?

Of course, in order for this to work correctly, you have to never use your devices for anything sensitive. Hopefully the urge to check your real email doesn’t get too strong. Or maybe your card is suspended for potentially fraudulent activity (like that $300 SDR) and you decide to log in “briefly” to reactivate it. This route really only works if you can maintain good OpSec.

“Good Enough” Security

If you can set aside ego and assume nobody is willing to try using a $100k+ O-day on you, you can get by with a reasonable level of security. This involves bringing a modern fully-patched phone (iPhone or “flagship” Android phone), and optionally a well-secured laptop.

For the laptop, I’ve previously discussed using a Chromebook. Even with dev mode for crouton, I believe this to be reasonably safe from remote exploitation. This can also be cheap enough to be a disposable device. In my previous post, I suggested 3 Chromebook options:

Alternatively, you can get a cheap laptop and run fully-updated Windows 10 or Linux with a firewall enabled and be in a pretty good state for passive attacks over the network.

In either case, you should then run a VPN. I like Private Internet Access, but there’s a lot of options out there, or you can even run your own OpenVPN server if you’re feeling adventurous.

Summary

There’s never a guarantee of security, but with updated devices & good security hygiene, you can survive the DEF CON networks. The basic elements involved are:

  • Fully updated OS
  • Be super careful
  • Use a VPN
  • No Services Exposed

Good luck and see you at Hacker Summer Camp!

Simon Raffeiner: Improving data safety on Linux systems using ZFS and BTRFS

Mar, 17/07/2018 - 3:20md

Why everybody should you care about data safety, and how ZFS and BTRFS can help protect the data on your Linux systems.

The post Improving data safety on Linux systems using ZFS and BTRFS appeared first on LIEBERBIBER.

Sergio Schvezov: New Laptop

Mar, 17/07/2018 - 2:50md
Triggers Recently, as of last week, I decided to purchase a new laptop to replace my Microsoft Surface Pro 4 with which I was having a bittersweet relationship. The Surface Pro 4 is really nice hardware, I originally got it to get a head start and collaborate on the convergence story with Unity 8 on the desktop, but as is of folk knowledge now, some strategic choices were made.

David Tomaschik: Useful Metasploit Reminders

Mar, 17/07/2018 - 5:52pd

This isn’t an intro to metasploit, but more a reminder to myself of things that are useful to know, but maybe not used all the time (or relatively new).

Meterpreter

The Fridge: Ubuntu Weekly Newsletter Issue 536

Hën, 16/07/2018 - 10:58md

Welcome to the Ubuntu Weekly Newsletter, Issue 536 for the week of July 8 – 14, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Colin King: Comparing Latencies and Power consumption with various CPU schedulers

Hën, 16/07/2018 - 2:22md
The low-latency kernel offering with Ubuntu provides a kernel tuned for low-latency environments using low-latency kernel configuration options.  The x86 kernels by default run with the Intel-Pstate CPU scheduler set to run with the powersave scaling governor biased towards power efficiency.

While power efficiency is fine for most use-cases, it can introduce latencies due to the fact that the CPU can be running at a low frequency to save power and also switching from a deep C state when idle to a higher C state when servicing an event can also increase on latencies.

In a somewhat contrived experiment, I rigged up an i7-3770 to collect latency timings of clock_nanosleep() wake-ups with timer event coalescing disabled (timer_slack set to zero) over 60 seconds across a range of CPU scheduler and governor settings on a 4.15 low-latency kernel.  This can be achieved using stress-ng, for example:

sudo stress-ng --cyclic 1 --cyclic-dist 100 –cyclic-sleep=10000 --cpu 1 -l 0 -v \
--cyclic-policy rr --cyclic-method clock_ns --cpu 0 -t 60 --timer-slack 0

..the above runs a cyclic measurement collecting latency counts in 100ns buckets with a clock_nanosecond wakeup interval of 10,000 nanoseconds with zero % load CPU stressor and timer slack set to 0 nanoseconds.  This dumps latency distribution stats that can be plotted to see where the modal latency points occur and the latency characteristics of the CPU scheduler.

I also used powerstat to measure the power consumed by the CPU package over a 60 second interval.  Measurements for the Intel-Pstate CPU scheduler [performance, powersave] and the ACPI CPU scheduler (intel_pstate=disabled) [performance, powersave, conservative and ondemand] were taken for 1,000,000 down to 10,000 nanosecond timer delays.

1,000,000 nanosecond timer delays (1 millisecond) Strangely the powersave Intel-Pstate is using the most power (not what I expected).

The ACPI CPU scheduler in performance mode has the best latency distribution followed by the Intel-Pstate CPU scheduler also in performance mode.

100,000 nanosecond timer delays (100 microseconds)Note that Intel-Pstate performance consumes the most power...
...and also has the most responsive low-latency distribution.

10,000 nanosecond timer delays (10 microseconds)In this scenario, the ACPI CPU scheduler in performance mode was consuming the most power and had the best latency distribution.

It is clear that the best latency responses occur when a CPU scheduler is running in performance mode and this consumes a little more power than other CPU scheduler modes.  However, it is not clear which CPU scheduler (Intel-Pstate or ACPI) is best in specific use-cases.

The conclusion is rather obvious;  but needs to be stated.  For best low-latency response, set the CPU governor to the performance mode at the cost of higher power consumption.  Depending on the use-case, the extra power cost is probably worth the improved latency response.

As mentioned earlier, this is a somewhat contrived experiment, only one CPU was being exercised with a predictable timer wakeup.  A more interesting test would be with data handling, such as incoming packet handling over ethernet at different rates; I will probably experiment with that if and when I get more time.  Since this was a synthetic test using stress-ng, it does not represent real world low-latency scenarios, however, it may be worth exploring CPU scheduler settings to tune a low-latency configuration rather than relying on the default CPU scheduler setting.

Lubuntu Blog: This Week in Lubuntu Development #7

Hën, 16/07/2018 - 7:40pd
Here is the seventh issue of This Week in Lubuntu Development. You can read the last issue here. Changes General This week was focused on polishing the installer experience and the desktop in general. Here are the changes made, with links to the full details. Lubuntu Artwork Rename sddm-theme-lubuntu-chooser to sddm-theme-lubuntu. Since Ubuntu's sddm is […]

Robert Ancell: GUADEC 2018 Almería

Hën, 16/07/2018 - 4:41pd
I recently attended the recent GNOME Users and Developers European Conference (GUADEC) in Almería, Spain. This was my fifth GUADEC and as always I was able to attend thanks to my employer Canonical paying for me to be there. This year we had seven members of the Ubuntu desktop team present. Almería was a beautiful location for the conference and a good trade for the winter weather I left on the opposite side of the world in New Zealand.

This was the second GUADEC since the Ubuntu desktop switched back to shipping GNOME and it’s been great to be back. I was really impressed how positive and co-operative everyone was; the community seems to be in a really healthy shape. The icing on the cake is the anonymous million dollar donation the foundation has received which they announced will be used to hire some staff.

The first talk of the week was from my teammates Ken VanDine, Didier Roche and Marco Treviño who talked about how we’d done the transition from Unity to GNOME in Ubuntu desktop. I was successful in getting an open talk slot and did a short talk about the state of Snap integration into GNOME. I talked about the work I’d done making snapd-glib and the Snap plugin in GNOME Software. I also touched on some of the work James Henstridge has been working on making Snaps work with portals. It was quite fun to see James be a bit of a celebrity after a long period of not being at a GUADEC - he is the JH in JHBuild!

After the first three days of talks the remaining three days are set for Birds of a Feather sessions where we get together in groups around a particular topic and discuss and hack on that. I organised a session on settings which turned out to be surprisingly popular! It was great to see everyone that I work with online in-person and allowed us to better understand each other. In particular I caught up with Georges Stavracas who has been very patient in reviewing the many patches I have been working on in GNOME Control Center.

I hope to see everyone again next year!