Linux News

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Linux Slashdot - Tue, 09/12/2014 - 18:03
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Read more of this story at Slashdot.








Categories: Linux News

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Linux Slashdot - Tue, 09/12/2014 - 18:03
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Read more of this story at Slashdot.








Categories: Linux News

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Linux Slashdot - Tue, 09/12/2014 - 18:03
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Read more of this story at Slashdot.








Categories: Linux News

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Linux Slashdot - Tue, 09/12/2014 - 18:03
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Read more of this story at Slashdot.








Categories: Linux News

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987

Linux Slashdot - Tue, 09/12/2014 - 18:03
An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Read more of this story at Slashdot.








Categories: Linux News

Open-source PaaS Cloud Foundry Foundation opens its doors

Zdnet news - Tue, 09/12/2014 - 17:32
There have long been community infrastructure-as-a-service projects such as OpenStack, and now there's a community platform-as-a-service project: Cloud Foundry.
Categories: Linux News

Skinny Ubuntu Linux 'Snapped' up by fat Microsoft cloud

The Register - Tue, 09/12/2014 - 16:28
All the libraries, just 110MB

A smartphone-inspired version of Ubuntu Server for Docker minimalists has been revealed with initial backing from Microsoft.

Categories: Linux News

​Best Linux desktop of 2014: Linux Mint 17.1

Zdnet news - Tue, 09/12/2014 - 16:22
The new version of Mint may be the best Linux desktop ever. Heck, it may be the best desktop operating system ever, period.
Categories: Linux News

Announcing Ubuntu Core, with snappy transactional updates!

Mark Shuttleworth - Tue, 09/12/2014 - 16:00

What if your cloud instances could be updated with the same certainty and precision as your mobile phone – with carrier grade assurance that an update applies perfectly or is not applied at all? What if your apps could be isolated from one another completely, so there’s no possibility that installing one app could break another, and stronger assurance that a compromise of one app won’t compromise the data from another? When we set out to build the Ubuntu Phone we took on the challenge of raising the bar for reliability and security in the mobile market. And today that same technology is coming to the cloud, in the form of a new “snappy” image called Ubuntu Core, which is in beta today on Azure and as a KVM image you can run on any Linux machine.

This is in a sense the biggest break with tradition in 10 years of Ubuntu, because snappy Ubuntu Core doesn’t use debs or apt-get. We call it “snappy” because that’s the new bullet-proof mechanism for app delivery and system updates; it’s completely different to the traditional package-based Ubuntu server and desktop. The snappy system keeps each part of Ubuntu in a separate, read-only file, and does the same for each application. That way, developers can deliver everything they need to be confident their app will work exactly as they intend, and we can take steps to keep the various apps isolated from one another, and ensure that updates are always perfect. Of course, that means that apt-get won’t work, but that’s OK since developers can reuse debs to make their snappy apps, and the core system is exactly the same as any other Ubuntu system – server or desktop.

Whenever we make a fix to packages in Ubuntu, we’ll publish the same fix to Ubuntu Core, and systems can get that fix transactionally. In fact, updates to Ubuntu Core are even smaller than package updates because we only need to send the precise difference between the old and new versions, not the whole package. Of course, Ubuntu Core is in addition to all the current members of the Ubuntu family – desktop, server, and cloud images that use apt-get and debs, and all the many *buntu remixes which bring their particular shine to our community. You still get all the Ubuntu you like, and there’s a new snappy Core image on all the clouds for the sort of deployment where precision, specialism and security are the top priority.

This is the biggest new thing in Ubuntu since we committed to deliver a mobile phone platform, and it’s very delicious that it’s borne of exactly the same amazing technology that we’ve been perfecting for these last three years. I love it when two completely different efforts find underlying commonalities, and it’s wonderful to me that the work we’ve done for the phone, where carriers and consumers are the audience, might turn out to be so useful in the cloud, which is all about back-end infrastructure.

Why is this so interesting?

Transactional updates have lots of useful properties: if they are done well, you can know EXACTLY what’s running on a particular system, and you can coordinate updates with very high precision across thousands of instances in the cloud. You can run systems as canaries, getting updates ahead of other identical systems to see if they cause unexpected problems. You can roll updates back, because each version is a complete, independent image. That’s very nice indeed.

There have been interesting developments in the transaction systems field over the past few years. ChromeOS is updated transactionally, when you turn it on, it makes sure it’s running the latest version of the OS. CoreOS brought aspects of Chrome OS and Gentoo to the cloud, Red Hat has a beta of Atomic as a transactional version of RHEL, and of course Docker is a way of delivering apps transactionally too (it combines app and system files very neatly). Ubuntu Core raises the bar for certainty, extensibility and security in the transactional systems game. What I love about Ubuntu Core is the way it embraces transactional updates not just for the base system but for applications on top of the system as well. The system is just one layer that can be updated transactionally, and so are each of the apps on the system. You get an extensible platform that retains the lovely properties of transactionality but lets you choose exactly the capabilities you want for yourself, rather than having someone else force you to use a particular tool.

For example, in CoreOS, things like Fleet are built-in, you can’t opt out. In Ubuntu Core, we aim for a much smaller Core, and then enable you to install Docker or any other container system as a framework, with snappy. We’re working with all the different container vendors, and app systems, and container coordination systems, to help them make snappy versions of their tools. That way, you get the transactional semantics you want with the freedom to use whichever tools suit you. And the whole thing is smaller and more secure because we baked fewer assumptions into the core.

The snappy system is also designed to provide security guarantees across diverse environments. Because there is a single repository of frameworks and packages, and each of them has a digital fingerprint that cannot be faked, two people on opposite ends of the world can compare their systems and know that they are running exactly the same versions of the system and apps. Atomic might allow you to roll back, but it’s virtually impossible to customise the system for your own preferences rather than Red Hat’s, and still know you are running the same secure bits as anybody else.

Developers of snappy apps get much more freedom to bundle the exact versions of libraries that they want to use with their apps. It’s much easier to make a snappy package than a traditional Ubuntu package – just bundle up everything you want in one place, and ship it. We use strong application isolation to keep data confidential between apps. If you install a bad app, it only has access to the data you create with that app, not to data from other applications. This is a key piece of security that comes from our efforts to bring Ubuntu to the mobile market, where malware is a real problem today. And as a result, we can enable developers to go much faster – they can publish their app on whatever schedule suits them, regardless of the Ubuntu release cadence. Want the very latest app? Snappy makes that easiest.

This is also why I think snappy will result in much simpler systems management. Instead of having literally thousands of packages on your Ubuntu server, with tons of dependencies, a snappy system just has a single package for each actual app or framework that’s installed. I bet the average system on the cloud ends up with about three packages installed, total! Try this sort of output:

$ snappy info release: ubuntu-core/devel frameworks: docker, panamax apps: owncloud

That’s much easier to manage and reason about at scale. We recently saw how complicated things can get in the old packaging system, when Owncloud upstream wanted to remove the original packages of Owncloud from an old Ubuntu release. With snappy Ubuntu, Owncloud can publish exactly what they want you to use as a snappy package, and can update that for you directly, in a safe transactional manner with full support for rolling back. I think upstream developers are going to love being in complete control of their app on snappy Ubuntu Core.

$ sudo snappy install hello-world

Welcome to a snappy new world!

Things here are really nice and simple:

$ snappy info $ snappy build . $ snappy install foo $ snappy update foo $ snappy rollback foo $ snappy remove foo $ snappy update-versions $ snappy versions

Just for fun, download the image and have a play. I’m delighted that Ubuntu Core is today’s Qemu Advent Calendar image too! Or launch it on Azure, coming soon to all the clouds.

It’s important for Ubuntu to continue to find new ways to bring free software to a wider audience. The way people think about software is changing, and I think Ubuntu Core becomes a very useful tool for people doing stuff at huge scale in the cloud. If you want crisp, purposeful, tightly locked down systems that are secure by design, Ubuntu Core and snappy packages are the right tool for the job. Running docker farms? Running transcode farms? I think you’ll like this very much!

We have the world’s biggest free software community because we find ways to recognise all kinds of contributions and to support people helping one another to bring their ideas to fruition. One of the goals of snappy was to reduce the overhead and bureaucracy of packaging software to make it incredibly easy for anybody to publish code they care about to other Ubuntu users. We have built a great community of developers using this toolchain for the phone, I think it’s going to be even better on the cloud where Ubuntu is already so popular. There is a lot to do in making the most of existing debs in the snappy environment, and I’m excited that there is a load of amazing software on github that can now flow more easily to Ubuntu users on any cloud.

Welcome to the family, Ubuntu Core!

Categories: Linux News

One-click, net-modelled UK copyright hub comes a step closer

The Register - Tue, 09/12/2014 - 15:57
Dignified usage reform begins. What could possibly go wrong?

Britain's experiment in "making copyright work like the internet" reached beta stage on Tuesday following a deal with a major picture library which gives developers half a million photos to work with.

Categories: Linux News

Unity 8 Will Bring 'Pure' Linux Experience To Mobile Devices

Linux Slashdot - Tue, 09/12/2014 - 15:16
sfcrazy writes If you have tried the live images of Ubuntu Next you may worry that Canonical is trying to do a Windows 8 with Ubuntu. That's not true. There is no need to worry though: A great deal of work is happening at a deeper level that may not have yet surfaced. It will surface eventually, however. Will Cooke of Canonical clarifies: "We are trying to make it clear that Unity 8 desktop will look like the traditional desktop and will behave like a normal desktop. We are very aware that our users expect a normal desktop there." Unity 8 will offer the traditional desktop interface when it detects a desktop. The same OS will switch to a touch-based interface on touch-based devices such as tablets and smartphones.

Read more of this story at Slashdot.








Categories: Linux News

Yes, This Trojan Infects Linux. No, It’s Not The Tuxpocalypse

Omgubuntu - Tue, 09/12/2014 - 13:25

Grab a crate of canned food, start digging a deep underground bunker and prepare to settle into a world that will never be the same again: a powerful trojan has been uncovered on Linux.

The post Yes, This Trojan Infects Linux. No, It’s Not The Tuxpocalypse first appeared on OMG! Ubuntu!.

Categories: Linux News

Stealthy Linux Trojan May Have Infected Victims For Years

Linux Slashdot - Tue, 09/12/2014 - 13:10
An anonymous reader writes: Researchers from Moscow-based Kaspersky Labs have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world. The malware may have sat unnoticed on at least one victim computer for years, although Kaspersky Lab researchers still have not confirmed that suspicion. The trojan is able to run arbitrary commands even though it requires no elevated system privileges.

Read more of this story at Slashdot.








Categories: Linux News

Linux software nasty slithers out of online watering holes

The Register - Tue, 09/12/2014 - 00:32
Windows-popping Trojan thought to be govt-built takes a bite from penguinistas

A malware instance built on the shoulders of a trojan so powerful it lead to the creation of the US Cyber Command has been updated with Linux-popping capabilities, Kaspersky researcher Kurt Baumgartner says.

Categories: Linux News

Fedora 21 Release Review: An Impressive Developer Workstation

Linux.com - Mon, 08/12/2014 - 23:05

Fedora 21 has just been released and I have been playing with the beta for a while. There are now three editions of Fedora: server, workstation and cloud. Since I am using it for my desktop I downloaded and installed the Workstation.

Categories: Linux News

Linux 3.18 Released, Lockup Bug Still Present

Linux Slashdot - Mon, 08/12/2014 - 21:13
jones_supa writes As anticipated, Linus Torvalds officially released Linux 3.18. The new version is now out there, though that nasty lockup issue has still yet to be resolved. Dave Jones is nearing the end of dissecting the issue, but since it also affects Linux 3.17 and not too many people seem to get hit by the lockups, Linus Torvalds decided to go ahead and do the 3.18 release on schedule. Linus was also concerned that dragging out the 3.18 release would then complicate the Linux 3.19 merge window due to the holidays later this month. Now the Linux 3.19 kernel merge window is open for two weeks of exciting changes.

Read more of this story at Slashdot.








Categories: Linux News

Linux Kernel 3.18 Released, This Is What’s New

Omgubuntu - Mon, 08/12/2014 - 10:54

A new month means a new stable release of the Linux Kernel and today Linus Torvalds has announced the immediate availability of Linux 3.18.

The post Linux Kernel 3.18 Released, This Is What’s New first appeared on OMG! Ubuntu!.

Categories: Linux News

Linus Torvalds releases Linux 3.18 as 3.17 wobbles

The Register - Mon, 08/12/2014 - 06:27
Seven release candidates is enough

Linus Torvalds has pressed the go button for a new release of his eponymous kernel.

Categories: Linux News

Reds hoist flag of glorious SDN internationale

The Register - Mon, 08/12/2014 - 05:02
The packets, abstracted, will never be repeated, say Huawei and Red Hat

Huawei and Red Hat are the latest vendors to join hands and clink champagne in the ever-expanding software-defined networks (SDN) love-in.

Categories: Linux News

'A strong response from Apple would be a lawsuit' – Steve Jobs

The Register - Sun, 07/12/2014 - 09:00
QuoTW Hawking's AI dangers, Wikipedia’s begging bowl, and fab phablets

This was the week when the years-old iPod antitrust case finally had its first days in court, and kicked off with testimony from beyond the grave courtesy of emails and video depositions from late Apple founder and supremo Steve Jobs.

Categories: Linux News
Syndicate content