Subscribe: Planet Ubuntu
Added By: Feedage Forager Feedage Grade B rated
Language: English
bug  canonical livepatch  canonical  hours  kde  kernel  linux  livepatch  months  new  release  support  team  ubuntu  work 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Planet Ubuntu

Planet Ubuntu

Planet Ubuntu -


Valorie Zimmerman: Happy 20th birthday, KDE!

Sun, 23 Oct 2016 05:22:29 +0000

KDE turned twenty recently, which seems significant in a world that seems to change so fast. Yet somehow we stay relevant, and excited to continue to build a better future.Lydia asked recently on the KDE-Community list what we were most proud of.For the KDE community, I'm proud that we continue to grow and change, while remaining friendly, welcoming, and ever more diverse. Our software shows that. As we change and update, some things get left behind, only to re-appear in fresh new ways. And as people get new jobs, or build new families, sometimes they disappear for awhile as well. And yet we keep growing, attracting students, hobbyist programmers, writers, artists, translators, designers and community people, and sometimes we see former contributors re-appear too. See more about that in our 20 Years of KDE Timeline.I'm proud that we develop whole new projects within the community. Recently Peruse, Atelier, Minuet, WikitoLearn, KDEConnect, Krita, Plasma Mobile and neon have all made the news. We welcome projects from outside as well, such as Gcompris, Kdenlive, and the new KDE Store. And our established projects continue to grow and extend. I've been delighted to hear about Calligra Author, for instance, which is for those who want to write and publish a book or article in pdf or epub. Gcompris has long been available for Windows and Mac, but now you can get it on your Android phone or tablet. Marble is on Android, and I hear that Kstars will be available soon.I'm proud of how established projects continue to grow and attract new developers. The Plasma team, hand-in-hand with the Visual Design Group, continues to blow testers and users away with power, beauty and simplicity on the desktop. Marble, Kdevelop, Konsole, Kate, KDE-PIM, KDElibs (now Frameworks), KOffice (now Calligra), KDE-Edu, KDE-Games, Digikam, kdevplatform, Okular, Konversation and Yakuake, just to mention a few, continue to grow as projects, stay relevant and often be offered on new platforms. Heck, KDE 1 runs on modern computer systems!For myself, I'm proud of how the KDE community welcomed in a grandma, a non-coder, and how I'm valued as part of the KDE Student Programs team, and the Community Working Group, and as an author and editor. Season of KDE, Google Summer of Code, and now Google Code-in all work to integrate new people into the community, and give more experienced developers a way to share their knowledge as mentors. I'm proud of how the Amarok handbook we developed on the Userbase wiki has shown the way to other open user documentation. And thanks to the wonderful documentation and translation teams, the help is available to millions of people around the world, in multiple forms.I'm proud to be part of the e.V., the group supporting the fantastic community that creates the software we offer freely to the world.[...]

Ubuntu Insights: Managing your physical infrastructure from the top of rack switch

Fri, 21 Oct 2016 15:25:53 +0000


At the last OpenStack Design Summit in Austin, TX we showed you a preview of deploying your physical server and network infrastructure from the top-of-rack switch, which included OpenStack with your choice of SDN solution.

This was made possible by disaggregating the network stack functionality (the “N” in Network Operating System) to run on general purpose, devices-centric, operating systems. In the world of the Open Compute Project and whitebox switches, a switch can be more than just a switch. Switches are no longer closed systems where you can only see the command line of the network operating system. Whitebox switches are produced by marrying common server components with high powered switching ASICs, loading a Linux OS, and running a network operating system (NOS) functionality as an application.


The user has the ability to not only choose hardware from multiple providers, they can chose the Linux distribution, and the NOS that best matches their environment. Commands can be issued from the Linux prompt or the NOS prompt and most importantly, other applications can be securely installed alongside the NOS. This new switch design opens up the ability to architect secure distributed data center networks with higher scale and more efficient utilization of existing resources in each rack.


Since the last ODS we have witnessed a continued trend for whitebox switches to provide more server like and general purpose functionality from increases in CPU, memory, storage, internal bandwidth between the CPU and ASIC, to power-management (BMC), and secure boot options (UEFI+PXE). This month Mellanox announced the availability of their standard Linux kernel driver included in Ubuntu Core 16 (and classic Ubuntu) for their Open Ethernet Spectrum switch platforms. More recently Facebook announced the acceptance of the Wedge 100 into OCP that includes Facebook’s OpenBMC and their continued effort to disaggregate the stack.
“We are excited to work with Facebook on next generation switch hardware, adding Facebook’s Wedge OpenBMC power driver to our physical cloud (‘Metal-As-A-Service’) MAAS 2.1, and packaging the Facebook Open Switch System (FBOSS) as a snap.” said David Duffey, Director of Technical Partnerships, Canonical. “Facebook with OCP is leading the way to modern, secure, and flexible datacenter design and management. Canonical’s MAAS and snaps give the datacenter operator free choice of network bootloader, operating system, and network stack.”

At this OpenStack Design Summit we are also going to show you the latest integration with MAAS, how you can use snaps as a universal way to install across Linux distributions (including non-Ubuntu non-Debian based distributions), and deploying WiFi-based solutions, like OpenWrt, as a snap.

Please stop by our booth and let us help you plan your transition to a fully automated, secure modern datacenter.

Kees Cook: CVE-2016-5195

Thu, 20 Oct 2016 23:02:04 +0000

My prior post showed my research from earlier in the year at the 2016 Linux Security Summit on kernel security flaw lifetimes. Now that CVE-2016-5195 is public, here are updated graphs and statistics. Due to their rarity, the Critical bug average has now jumped from 3.3 years to 5.2 years. There aren’t many, but, as I mentioned, they still exist, whether you know about them or not. CVE-2016-5195 was sitting on everyone’s machine when I gave my LSS talk, and there are still other flaws on all our Linux machines right now. (And, I should note, this problem is not unique to Linux.) Dealing with knowing that there are always going to be bugs present requires proactive kernel self-protection (to minimize the effects of possible flaws) and vendors dedicated to updating their devices regularly and quickly (to keep the exposure window minimized once a flaw is widely known).

So, here are the graphs updated for the 668 CVEs known today:

  • Critical: 3 @ 5.2 years average
  • High: 44 @ 6.2 years average
  • Medium: 404 @ 5.3 years average
  • Low: 216 @ 5.5 years average



© 2016, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Jono Bacon: All Things Open Next Week – MCing, Talks, and More

Thu, 20 Oct 2016 20:20:18 +0000

Last year I went to All Things Open for the first time and did a keynote. You can watch the keynote here.

I was really impressed with All Things Open last year and have subsequently become friends with the principle organizer, Todd Lewis. I loved how the team put together a show with the right balance of community and corporation, great content, exhibition and more.

All Thing Open 2016 is happening next week and I will be participating in a number of areas:

  • I will be MCing the keynotes for the event. I am looking forward to introducing such a tremendous group of speakers.
  • Jeremy King, CTO of Walmart Labs and I will be having a fireside chat. I am looking forward to delving into the work they are doing.
  • I will also be participating in a panel about openness and collaboration, and delivering a talk about building a community exoskeleton.
  • It is looking pretty likely I will be doing a book signing with free copies of The Art of Community to be given away thanks to my friends at O’Reilly!

The event takes place in Raleigh, and if you haven’t registered yet, do so right here!

Also, a huge thanks to Red Hat and for flying me out. I will be joining the team for a day of meetings prior to All Things Open – looking forward to the discussions!

The post All Things Open Next Week – MCing, Talks, and More appeared first on Jono Bacon.

Canonical Design Team: Working to make Juju more accessible

Thu, 20 Oct 2016 16:22:23 +0000

In the middle of July the Juju team got together to work towards making Juju more accessible. For now the aim was to reach Level AA compliant, with the intention of reaching AAA in the future.

We started by reading through the W3C accessibility guidelines and distilling each principle into sentences that made sense to us as a team and documenting this into a spreadsheet.

We then created separate columns as to how this would affect the main areas across Juju as a product. Namely static pages on, the GUI and the inspector element within the GUI.




GUI live on




Inspector within the GUI




Example of static page content from the homepage




The Juju team working through the accessibility guidelines



Tackling this as a team meant that we were all on the same page as to which areas of the Juju GUI were affected by not being AA compliant and how we could work to improve it.

We also discussed the amount of design effort needed for each of the areas that isn’t AA compliant and how long we thought it would take to make improvements.

You can have a look at the spreadsheet we created to help us track the changes that we need to make to Juju to make more accessible:




Spreadsheet created to track changes and improvements needed to be done



This workflow has helped us manage and scope the tasks ahead and clear up uncertainties that we had about which tasks done or which requirements need to be met to achieve the level of accessibility we are aiming for.



Canonical Design Team: Download Ubuntu Yakkety Yak 16.10 wallpaper

Thu, 20 Oct 2016 14:54:07 +0000

The Yakkety Yak 16.10 is released and now you can download the new wallpaper by clicking here. It’s the latest part of the set for the Ubuntu 2016 releases following Xenial Xerus. You can read about our wallpaper visual design process here.

Ubuntu 16.10 Yakkety Yak


Ubuntu 16.10 Yakkety Yak (light version)


Ubuntu Podcast from the UK LoCo: S09E34 – The Mutant Killer Zombie Manhattan Project Thingy - Ubuntu Podcast

Thu, 20 Oct 2016 14:00:09 +0000

It’s Episode Thirty-Four of Season-Nine of the Ubuntu Podcast! Alan Pope, Mark Johnson, Martin Wimpress and Emma Marshall are connected and speaking to your brain. The three amigos are back with our new amiga! In this week’s show: We discuss going to a Randall Munroe book signing of What If? and Thing Explainer and getting extra signed copies for you to try and win in a c-o-m-p-e-t-i-t-i-o-n! We share a Command Line Lurve: direnv – An environment switcher for the shell We also discuss fixing bugs in Ubuntu and visiting Barcelona. And we go over all your amazing feedback – thanks for sending it – please keep sending it! This weeks cover image is taken from Wikimedia. Thing Explainer Competition! Prize: Signed copies of “What If?” and “Thing Explainer” by Randall Munroe (creator of XKCD) Question: Listen to the podcast for instructions You can use the upgoer5 editor to help. Send your entries to competition AT ubuntupodcast DOT org. We’ll pick our favourite and announce the winner on the show. Here are some examples to help get you in the groove: Mark I write words that are read by a computer. Students who want to learn about something ask their computer for part of a book. Their computer talks to another computer over phone lines, and that computer uses the words I’ve written to send them the book part they want. Sometimes students want new types of book parts that they can use to share their learning with other students. I have to work out the right words for the computer to let them do this, and write them. When I can, I share my words with other people so that their computers can send better book parts to their students. Alan I talk to people about computer things to help make the stuff they make and the stuff we make better. Also I sometimes write things that the computer gets but I am not great at that. We give away a lot of the things we make which is not like the way some other people share their work. It makes me happy inside that we do this. Martin I help write a group of books that a computer reads and stores. These books make the computer work much better. When a computer has stored the books I help make you can do things with your computer, like write to people and send what you wrote to the other peoples computers. Or you can ask your computer to talk to other computers to learn things, look at moving pictures, listen to music or buy shopping. The group of books I help write are free for anyone to give to their computer. You are also free to change these books and share those changes with anyone. This way everyone can help make the books even better so your computer can do more for you. Emma I help people change their computer to something better. I fix things that are broken and make people happy again. I talk to a lot of people about computers all day. I put my heart into every conversation so people feel like they are talking with a human instead of speaking with a pretend human. That’s all for this week! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit. Join us on IRC in #ubuntu-podcast on Freenode [...]

Media Files:

Ubuntu Insights: Live kernel patching from Canonical now available for Ubuntu 16.04 LTS

Thu, 20 Oct 2016 13:00:18 +0000


We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service.

This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.

First a bit of background…

Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service:

  • The Canonical Livepatch Service is available for free to all users up to 3 machines.
  • If you want to enable the Canonical Livepatch Service on more than three machines, please purchase an Ubuntu Advantage support package from or get in touch.

Beyond securing your desktop, server, IoT device or virtual guest, the Canonical Livepatch Service is particularly useful in container environments since every container will share the same kernel.

“Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads,” says Dustin Kirkland, Ubuntu Product and Strategy for Canonical.

Here’s how to enable the Canonical Livepatch Service today

First, go to the Canonical Livepatch Service portal and retrieve your livepatch token.

Next, install the livepatch ‘Snap’ using the first command below, and then enable your account using the token obtained in the second command below:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable [Token]

That’s it! You’ve just enabled kernel live patching for your Ubuntu system, and you can do that, for free, on two more installations! However, if you want to enable the Canonical Livepatch Service on more than three systems you’ll need to purchase an Ubuntu Advantage support package from as little as $12 per month.

Need a bit more help?

Here’s a quick video to guide you through the steps in less than a minute:

For further details on the Canonical Livepatch Service please read Dustin Kirkland’s useful list of FAQs.

Daniel Pocock: Choosing smartcards, readers and hardware for the Outreachy project

Thu, 20 Oct 2016 07:25:44 +0000

One of the projects proposed for this round of Outreachy is the PGP / PKI Clean Room live image. Interns, and anybody who decides to start using the project (it is already functional for command line users) need to decide about purchasing various pieces of hardware, including a smart card, a smart card reader and a suitably secure computer to run the clean room image. It may also be desirable to purchase some additional accessories, such as a hardware random number generator. If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki. Choice of smart card For standard PGP use, the OpenPGP card provides a good choice. For X.509 use cases, such as VPN access, there are a range of choices. I recently obtained one of the SmartCard HSM cards, Card Contact were kind enough to provide me with a free sample. An interesting feature of this card is Elliptic Curve (ECC) support. More potential cards are listed on the OpenSC page here. Choice of card reader The technical factors to consider are most easily explained with a table: On disk Smartcard reader without PIN-pad Smartcard reader with PIN-pad Software Free/open Mostly free/open, Proprietary firmware in reader Key extraction Possible Not generally possible Passphrase compromise attack vectors Hardware or software keyloggers, phishing, user error (unsophisticated attackers) Exploiting firmware bugs over USB (only sophisticated attackers) Other factors No hardware Small, USB key form-factor Largest form factor Some are shortlisted on the GnuPG wiki and there has been recent discussion of that list on the GnuPG-users mailing list. Choice of computer to run the clean room environment There are a wide array of devices to choose from. Here are some principles that come to mind: Prefer devices without any built-in wireless communications interfaces, or where those interfaces can be removed Even better if there is no wired networking either Particularly concerned users may also want to avoid devices with opaque micro-code/firmware Small devices (laptops) that can be stored away easily in a locked cabinet or safe to prevent tampering No hard disks required Having built-in SD card readers or the ability to add them easily SD cards and SD card readers The SD cards are used to store the master private key, used to sign the certificates/keys on the smart cards. Multiple copies are kept. It is a good idea to use SD cards from different vendors, preferably not manufactured in the same batch, to minimize the risk that they all fail at the same time. For convenience, it would be desirable to use a multi-card reader: although the software experience will be much the same if lots of individual card readers or USB flash drives are used. Other devices One additional idea that comes to mind is a hardware random number generator (TRNG), such as the FST-01. Can you help with ideas or donations? If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki. [...]

Dustin Kirkland: Hotfix Your Ubuntu Kernels with the Canonical Livepatch Service!

Wed, 19 Oct 2016 15:50:23 +0000

Introducting the Canonical Livepatch ServiceHowdy!Ubuntu 16.04 LTS’s 4.4 Linux kernel includes an important new security capability in Ubuntu -- the ability to modify the running Linux kernel code, without rebooting, through a mechanism called kernel livepatch.Today, Canonical has publicly launched the Canonical Livepatch Service -- an authenticated, encrypted, signed stream of Linux livepatches that apply to the 64-bit Intel/AMD architecture of the Ubuntu 16.04 LTS (Xenial) Linux 4.4 kernel, addressing the highest and most critical security vulnerabilities, without requiring a reboot in order to take effect.  This is particularly amazing for Container hosts -- Docker, LXD, etc. -- as all of the containers share the same kernel, and thus all instances benefit.I’ve tried to answer below some questions that you might have. As you have others, you’re welcometo add them to the comments below or on Twitter with hastag #Livepatch.Retrieve your token from How do I enable the Canonical Livepatch Service?A: Three easy steps, on a fully up-to-date 64-bit Ubuntu 16.04 LTS system.Go to and retrieve your livepatch tokenInstall the canonical-livepatch snap $ sudo snap install canonical-livepatch Enable the service with your token $ sudo canonical-livepatch enable [TOKEN] And you’re done! You can check the status at any time using:$ canonical-livepatch status --verboseQ: What are the system requirements?A: The Canonical Livepatch Service is available for the generic and low latency flavors of the 64-bit Intel/AMD (aka, x86_64, amd64) builds of the Ubuntu 16.04 LTS (Xenial) kernel, which is a Linux 4.4 kernel. Canonical livepatches work on Ubuntu 16.04 LTS Servers and Desktops, on physical machines, virtual machines, and in the cloud. The safety, security, and stability firmly depends on unmodified Ubuntu kernels and network access to the Canonical Livepatch Service (  You also will need to apt update/upgrade to the latest version of snapd (at least 2.15).Q: What about other architectures?A: The upstream Linux livepatch functionality is currently limited to the 64-bit x86 architecture, at this time. IBM is working on support for POWER8 and s390x (LinuxOne mainframe), and there’s also active upstream development on ARM64, so we do plan to support these eventually. The livepatch plumbing for 32-bit ARM and 32-bit x86 are not under upstream development at this time.Q: What about other flavors?A: We are providing the Canonical Livepatch Service for the generic and low latency (telco) flavors of the the Linux kernel at this time.Q: What about other releases of Ubuntu?A: The Canonical Livepatch Service is provided for Ubuntu 16.04 LTS’s Linux 4.4 kernel. Older releases of Ubuntu will not work, because they’re missing the Linux kernel support. Interim releases of Ubuntu (e.g. Ubuntu 16.10) are targeted at developers and early adopters, rather than Long Term Support users or systems that require maximum uptime.  We will consider providing livepatches for the HWE kernels in 2017.Q: What about derivatives of Ubuntu?A: Canonical livepatches are fully supported on the 64-bit Ubuntu 16.04 LTS Desktop, Cloud, and Server operating systems. On other Ubuntu derivatives, your mileage may vary! These are not part of our automated continuous integration quality assurance testing framework for Canonical Livepatches. Canonical Livepatch safety, security, and stability will firmly depend on unmodified Ubuntu generic kernels and network access to the Canonical Livepatch Service.Q: How does Canonical test livepatches?A: Every livepatch is rigorously tested in Canonical's in-house CI/CD (Continuous Integration / Continuous Delivery) quality assurance system, which tests hundreds of combinations of liv[...]

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, September 2016

Wed, 19 Oct 2016 10:29:10 +0000

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In September, about 152 work hours have been dispatched among 13 paid contributors. Their reports are available: Balint Reczey did 15 hours (out of 12.25 hours allocated + 7.25 remaining, thus keeping 4.5 extra hours for October). Ben Hutchings did 6 hours (out of 12.3 hours allocated + 1.45 remaining, he gave back 7h and thus keeps 9.75 extra hours for October). Brian May did 12.25 hours. Chris Lamb did 12.75 hours (out of 12.30 hours allocated + 0.45 hours remaining). Emilio Pozuelo Monfort did 1 hour (out of 12.3 hours allocated + 2.95 remaining) and gave back the unused hours. Guido Günther did 6 hours (out of 7h allocated, thus keeping 1 extra hour for October). Hugo Lefeuvre did 12 hours. Jonas Meurer did 8 hours (out of 9 hours allocated, thus keeping 1 extra hour for October). Markus Koschany did 12.25 hours. Ola Lundqvist did 11 hours (out of 12.25 hours assigned thus keeping 1.25 extra hours). Raphaël Hertzog did 12.25 hours. Roberto C. Sanchez did 14 hours (out of 12.25h allocated + 3.75h remaining, thus keeping 2 extra hours). Thorsten Alteholz did 12.25 hours. Evolution of the situation The number of sponsored hours reached 172 hours per month thanks to maxcluster GmbH joining as silver sponsor and RHX Srl joining as bronze sponsor. We only need a couple of supplementary sponsors now to reach our objective of funding the equivalent of a full time position. The security tracker currently lists 39 packages with a known CVE and the dla-needed.txt file 34. It’s a small bump compared to last month but almost all issues are affected to someone. Thanks to our sponsors New sponsors are in bold. Platinum sponsors: TOSHIBA (for 12 months) GitHub (for 3 months) Gold sponsors: The Positive Internet (for 28 months) Blablacar (for 27 months) Linode LLC (for 17 months) Babiel GmbH (for 6 months) Plat’Home (for 6 months) UR Communications BV Silver sponsors: Domeneshop AS (for 27 months) Université Lille 3 (for 27 months) Trollweb Solutions (for 25 months) Nantes Métropole (for 21 months) University of Luxembourg (for 19 months) Dalenys (for 18 months) Univention GmbH (for 13 months) Université Jean Monnet de St Etienne (for 13 months) Sonus Networks (for 7 months) maxcluster GmbH Bronze sponsors: David Ayers – IntarS Austria (for 28 months) Evolix (for 28 months) Offensive Security (for 28 months), a.s. (for 28 months) Freeside Internet Service (for 27 months) MyTux (for 27 months) Intevation GmbH (for 25 months) Linuxhotel GmbH (for 25 months) Daevel SARL (for 23 months) Bitfolk LTD (for 22 months) Megaspace Internet Services GmbH (for 22 months) Greenbone Networks GmbH (for 21 months) NUMLOG (for 21 months) WinGo AG (for 21 months) Ecole Centrale de Nantes – LHEEA (for 17 months) Sig-I/O (for 14 months) Entr’ouvert (for 12 months) Adfinis SyGroup AG (for 9 months) GNI MEDIA (for 4 months) Laboratoire LEGI – UMR 5519 / CNRS (for 4 months) Quarantainenet BV (for 4 months) RHX Srl No comment | Liked this article? Click here. | My blog is Flattr-enabled.[...]

Kees Cook: Security bug lifetime

Wed, 19 Oct 2016 04:46:05 +0000

In several of my recent presentations, I’ve discussed the lifetime of security flaws in the Linux kernel. Jon Corbet did an analysis in 2010, and found that security bugs appeared to have roughly a 5 year lifetime. As in, the flaw gets introduced in a Linux release, and then goes unnoticed by upstream developers until another release 5 years later, on average. I updated this research for 2011 through 2016, and used the Ubuntu Security Team’s CVE Tracker to assist in the process. The Ubuntu kernel team already does the hard work of trying to identify when flaws were introduced in the kernel, so I didn’t have to re-do this for the 557 kernel CVEs since 2011. As the README details, the raw CVE data is spread across the active/, retired/, and ignored/ directories. By scanning through the CVE files to find any that contain the line “Patches_linux:”, I can extract the details on when a flaw was introduced and when it was fixed. For example CVE-2016-0728 shows: Patches_linux: break-fix: 3a50597de8635cd05133bd12c95681c82fe7b878 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 This means that CVE-2016-0728 is believed to have been introduced by commit 3a50597de8635cd05133bd12c95681c82fe7b878 and fixed by commit 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2. If there are multiple lines, then there may be multiple SHAs identified as contributing to the flaw or the fix. And a “-” is just short-hand for the start of Linux git history. Then for each SHA, I queried git to find its corresponding release, and made a mapping of release version to release date, wrote out the raw data, and rendered graphs. Each vertical line shows a given CVE from when it was introduced to when it was fixed. Red is “Critical”, orange is “High”, blue is “Medium”, and black is “Low”: And here it is zoomed in to just Critical and High: The line in the middle is the date from which I started the CVE search (2011). The vertical axis is actually linear time, but it’s labeled with kernel releases (which are pretty regular). The numerical summary is: Critical: 2 @ 3.3 years High: 34 @ 6.4 years Medium: 334 @ 5.2 years Low: 186 @ 5.0 years This comes out to roughly 5 years lifetime again, so not much has changed from Jon’s 2010 analysis. While we’re getting better at fixing bugs, we’re also adding more bugs. And for many devices that have been built on a given kernel version, there haven’t been frequent (or some times any) security updates, so the bug lifetime for those devices is even longer. To really create a safe kernel, we need to get proactive about self-protection technologies. The systems using a Linux kernel are right now running with security flaws. Those flaws are just not known to the developers yet, but they’re likely known to attackers, as there have been prior boasts/gray-market advertisements for at least CVE-2010-3081 and CVE-2013-2888. (Edit: see my updated graphs that include CVE-2016-5195.) © 2016, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License. [...]

Sebastian Kügler: Plasma’s road ahead

Tue, 18 Oct 2016 12:29:02 +0000

My Plasma Desktop in 2016On Monday, KDE’s Plasma team held its traditional kickoff meeting for the new development cycle. We took this opportunity to also look and plan ahead a bit further into the future. In what areas are we lacking, where do we want or need to improve? Where do we want to take Plasma in the next two years? Our general direction points towards professional use-cases. We want Plasma to be a solid tool, a reliable work-horse that gets out of the way, allowing to get the job done quickly and elegantly. We want it to be faster and of better quality than the competition. With these big words out there, let’s have a look at some specifics we talked about. Release schedule until 2018 Our plan is to move from 4 to 3 yearly releases in 2017 and 2018, which we think strikes a nice balance between our pace of development, and stabilization periods around that. Our discussion of the release schedule resulted in the following plan: Plasma 5.9: 31 January 2017 Plasma 5.10: May 2017 Plasma 5.11: September 2017 Plasma 5.12: December 2017 Plasma 5.13: April 2018 Plasma 5.14 LTS: August 2018 A cautionary note, we can’t know if everything exactly plays out like this, as this schedule, to a degree depends on external factors, such as Qt’s release schedule. Here’s what we intend to do, it is really our “best guess”. Still, this aligns with Qt’s plans, who are also looking at an LTS release in summer 2018. So, what will these upcoming releases bring? Breeze Look and Feel UI and Theming The Breeze icon theme will see further completion work and refinements in its existing icons details. Icon usage over the whole UI will see more streamlining work as well. We also plan to tweak the Breeze-themed scrollbars a bit, so watch out for changes in that area. A Breeze-themed Firefox theme is planned, as well as more refinement in the widget themes for Qt, GTK, etc.. We do not plan any radical changes in the overall look and feel of our Breeze theme, but will further improve and evolve it, both in its light and dark flavors. Feature back-log The menu button is a first sign of the global menu returning to PlasmaOne thing that many of our users are missing is support for a global menu similar to how MacOS displays application menus outside of the app’s window (for example at the top of the screen). We’re currently working on bringing this feature, which was well-supported in Plasma 4 back in Plasma 5, modernized and updated to current standards. This may land as soon as the upcoming 5.9 release, at least for X11. Better support for customizing the locale (the system which shows things like time, currencies, numbers in the way the user expects them) is on our radar as well. In this area, we lost some features due to the transition to Frameworks 5, or rather QLocale, away from kdelibs’ custom, but sometimes incompatible locale handling classes. Wayland The next releases overall will bring further improvements to our Wayland session. Currently, Plasma’s KWin brings an almost feature-complete Wayland display server, which already works for many use-cases. It hasn’t seen the real-world testing it needs, and it is lacking certain features that our users expect from their X11 session, or new features which we want to offer to support modern hardware better. We plan to improve multi-screen rendering on Wayland and the input stack in areas such as relative pointers, pointer confinement, touchpad gestures, wacom tablet support, clipboard management (for example, Klipper). X11 dependencies in KWin will be further reduced with the goal to make it possible to start up KWin entirely without hard X11 dependencies. One new feature which we want to offer in our Wayland session is support for scaling[...]

Paul White: More on bug reports, September 1973 and a jumping mouse

Tue, 18 Oct 2016 05:16:18 +0000

Incomplete bug reportsSince writing an earlier post on the subject I've continued to monitor new bug reports. I have been very disappointed to see that so many have to be marked as being "incomplete" as they give little information about the problem and don't really give anyone an incentive to work on and help fix. So many are very vague about the problem being reported while some are just an indication that a problem exists. Reports which just say something along the lines of:helpbugi don't knowdont rememberdon't do a lot to point to the problem that is being reported. May be some information can be gleaned from any attached log files but please bug reporters, tell us what the problem is as it will greatly increase the chances of your issue being fixed, investigated or (re)assigned to the correct package. Reporters need to reply when asked for further information about the bug or the version of Ubuntu being used even if it is to say that, for whatever reason, the problem no longer affects them. And I say to all novice reporters: "Please don't keep the Ubuntu version or flavour that you are using a secret!"Bug report or support request?Some reports are probably submitted as a desperate measure when help is needed and no-one is around to help. Over the last couple of months I've seen dozens of bug reports being closed as they have "expired" because there has been no response to a request for information within 59 days of the request being made, Obviously Ubuntu users are having problems but are their issues being resolved? Are those users moving back to Windows or to another Linux distribution because they aren't getting help they need and don't know how to ask for it?Many of the issues that I'm referring to should have been posted initially as support requests at the Ubuntu Forums, Ask Ubuntu or Launchpad Answers and then filed as bug reports once sufficient help and guidance had been obtained and the presence of a bug confirmed.A bug with the bug reporting tool ubuntu-bug?Sometimes trying to establish the correct package against which to file a bug is a difficult task especially if you are not conversant with the inner workings of Ubuntu. Launchpad can often guide the reporter but it seems many reports are being incorrectly filed against the xorg package in error. Bug #1631748 (ubuntu-bug selects wrong category) seems to confirm this widespread problem. If a bug is reported against the wrong package and no description of the issue is given there is no chance of the issue being investigated.Further readingThe following links will give those who are new to bug reporting some help in filing a good bug report that can be worked on by a bug triager or developer.How to Report BugsHow to Report Bugs EffectivelyImproving Ubuntu: A Beginners Guide to Filing Bug ReportsHow do I report a bug?To the future and some events of September 1973In just a couple of weeks I'll no longer have to worry about getting up early for work, fighting my way though the local traffic and aiming for an 8 o'clock start which is something that I seldom manage to achieve these days. No doubt I'll be able to devote much more time to work on Ubuntu and who knows I may well revisit some of the teams and projects that I've left over the past couple of years.Looking at Mark Shuttleworth's Wikipedia page it seems that he was born just a week or two after I started my working life in September 1973. A lot has changed since then. We didn't have personal computers or mobile phones and as far as I can remember we managed perfectly well without them. Back then I had very different interests, some of which I've recently returned to but obviously I had no idea what was in store for me around 40 years later.Tha[...]

Stephen Michael Kellat: From Yakkety To Zesty

Tue, 18 Oct 2016 02:43:00 +0000

I've seen Ms. Belkin go ahead and wrap up the Y (Yakkety) season while giving a look ahead to the Z (Zesty) season. I'm afraid I cannot give as much of a report. My participation in the Ubuntu realm has been a bit held back by things beyond my control. During the Y season I was stuck at work. I have a hefty commute to work which pretty much wrecks my day when included with my working hours. My work is considered seasonal which for a federal civil servant means that it is subject to workload constraints. Apparently we did not have a proper handle on workload this year. The estimate was that our work would be done by a certain date and we would go on "seasonal release" or furlough until we are recalled to duty. We missed that date by quite a longshot. After quite a bit of attrition, angry resignations, people checking into therapy, people developing cardiac issues, and worse my unit received "seasonal release" only last Friday. Recall could be as soon as two weeks away. The only main action I really wanted to handle during Y was to get a backport in of dianara and pumpa if they dropped new releases. I was a little late in doing so but I just got the backport bug for dianara filed tonight. I kept stating I would wait for furlough to do the testing but furlough took long enough that a couple versions of dianara went by in the interim. Folks looking at have to remember that even the website to a server is itself a client and new features have to be implemented in clients for the main server engine to pass around. The website isn't the point to but rather the use of a client of your choice is and a list is being maintained. I don't really know what the plan is for Z for me. Right now many eyes around the world are focused on the election for President of the United States. People regard that office as the so-called leader of the free world. That person also happens to be head of the civil service in the United States. Neither of the major party candidates have nice plans for my employing agency. Both scare me. A good chunk of the attrition and angry resignations at work has been people fleeing for the safety of the private sector in light of what is expected from either major party candidate. Backporting will continue subject to resource restrictions. I remain a student in the Emergency Management and Planning Administration program at Lakeland Community College with graduation expected in May 2017 subject to course availability. Right now I'm working on learning about the Incident Command System and how it is applied in addition to Continuity of Operations. Graphic From FEMA's Emergency Management Institute IS-800 Class of the Incident Command System Time will tell where things go. Clues are not readily available to me. I wish they were, perhaps...[...]

The Fridge: Ubuntu Weekly Newsletter Issue 484

Tue, 18 Oct 2016 00:47:04 +0000

Welcome to the Ubuntu Weekly Newsletter. This is issue #484 for the weeks October 3 – 16, 2016, and the full version is available here. In this issue we cover: Ubuntu 16.10 (Yakkety Yak) released Winners of the Ubuntu 16.10 Free Culture Showcase Ubuntu Stats LoCo News LoCo Events Kees Cook: security things in Linux v4.8 Jonathan Riddell: Plasma 5.8 LTS now in KDE neon, Time to Look Again at Comprehensive Features; Gwenview Plugins Install Valorie Zimmerman: 2016-2017 Season of KDE begins Canonical Design Team: A week in Vancouver with the Landscape team Canonical Design Team: Ubuntu Core Will Cooke: What to do with Unity 8 now Svetlana Belkin: Goals for Z Cycle And Reflection on Goals from Y Cycle 10 desktop snaps written in September Ubuntu Cloud News Canonical News In The Blogosphere Featured Audio and Video Weekly Ubuntu Development Team Meetings Updates and Security for 12.04, 14.04, 16.04 and 16.10 And much more! The issue of The Ubuntu Weekly Newsletter is brought to you by: Elizabeth K. Joseph Chris Guiver Simon Quigley Mary Frances Hull Chris Sirrs And many others If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki! Except where otherwise noted, content in this issue is licensed under a Creative Commons Attribution 3.0 License BY SA Creative Commons License[...]

Sebastian Kügler: to not breathe

Tue, 18 Oct 2016 00:10:17 +0000

I’ve always loved diving down while snorkeling or swimming, and it’s been intriguing to me how long I can hold my breath, how far and deep I could go just like that. (The answer so far, 14m.) Last week, I met with Jeanine Grasmeijer. Jeanine is one of the world’s top freedivers, two times world record holder, 11 times Dutch national record holder. She can hold her breath for longer than 7 minutes. Just last month she dove down to -92m without fins. (For the mathematically challenged, that’s 6.6 times 14m.) Diving with Jeanine GrasmeijerJeanine showed me how to not breathe properly. We started with relaxation and breathing exercises on dry land. Deep relaxation, breathing using the proper and most effective technique, then holding  breath and recovering. In the water, this actually got a bit easier. Water has better pressure characteristics on the lungs, and the mammalian diving reflex helps shutting off the air ways, leading to a yet more efficient breath hold. A cycle starts with breathing in the water through the snorkel for a few minutes, focusing on a calm and regular, relaxed breathing rhythm. After a few cycles of static apnea (breath holding under water, no movement), I passed the three-minute-mark at 3:10. We then moved on to dynamic apnea (swimming a horizontal distance under water on one breath). Jeanine did a careful weight check with me, making sure my position would need as little as possible correction movements while swimming. With a reasonable trim achieved, I swam some 50m, though we mainly focused not on distance, but on technique of finning, arms usage and horizontal trim. The final exercise in the pool was about diving safety. We went over the procedure to surface an unconscious diver, and get her back to her senses. Freediving, as it turns out, is a way to put the world around on pause for a moment. You exist in the here and now, as if the past and future do not exist. The mind is in a completely calm state, while your body floats in a world of weightless balance. As much as diving is a physical activity, it can be a way to enter a state of Zen in the under water world. Jeanine has not only been a kind, patient and reassuring mentor to me, but opened the door to a world which has always fascinated and intrigued me. A huge, warm thanks for so much inspiration of this deep passion! The cutest whale in the world! In other news on the “mammals that can hold their breath really well” topic: I’ve adopted a cute tiny orphaned whale![...]

Elizabeth K. Joseph: Seeking a new role

Mon, 17 Oct 2016 23:23:18 +0000

Today I was notified that I am being laid off from the upstream OpenStack Infrastructure job I have through HPE. It’s a workforce reduction and our whole team at HPE was hit. I love this job. I work with a great team on the OpenStack Infrastructure team. HPE has treated me very well, supporting travel to conferences I’m speaking at, helping to promote my books (Common OpenStack Deployments and The Official Ubuntu Book, 9th and 8th editions) and other work. I spent almost four years there and I’m grateful for what they did for my career. But now I have to move on. I’ve worked as a Linux Systems Administrator for the past decade and I’d love to continue that. I live in San Francisco so there are a lot of ops positions around here that I can look at, but I really want to find a place where my expertise with open source, writing and public speaking can will be used and appreciated. I’d also be open to a more Community or Developer Evangelist role that leverages my systems and cloud background. Whatever I end up doing next the tl;dr (too long; didn’t read) version of what I need in my next role are as follows: Most of my job to be focused on open source Support for travel to conferences where I speak at (6-12 per year) Work from home Competitive pay My resume is over here: Now the long version, and a quick note about what I do today. OpenStack project Infrastructure Team I’ve spent nearly four years working full time on the OpenStack project Infrastructure Team. We run all the services that developers on the OpenStack project interact with on a daily basis, from our massive Continuous Integration system to translations and the Etherpads. I love it there. I also just wrote a book about OpenStack. HPE has paid me to do this upstream OpenStack project Infrastructure work full time, but we have team members from various companies. I’d love to find a company in the OpenStack ecosystem willing to pay for me to continue this and support me like HPE did. All the companies who use and contribute to OpenStack rely upon the infrastructure our team provides, and as a root/core member of this team I have an important role to play. It would be a shame for me to have to leave. However, I am willing to move on from this team and this work for something new. During my career thus far I’ve spent time working on both the Ubuntu and Debian projects, so I do have experience with other large open source projects, and reducing my involvement in them as my life dictates. Most of my job to be focused on open source This is extremely important to me. I’ve spent the past 15 years working intensively in open source communities, from Linux Users Groups to small and large open source projects. Today I work on a team where everything we do is open source. All system configs, Puppet modules, everything but the obvious private data that needs to be private for the integrity of the infrastructure (SSH keys, SSL certificates, passwords, etc). While I’d love a role where this is also the case, I realize how unrealistic it is for a company to have such an open infrastructure. An alternative would be a position where I’m one of the ops people who understands the tooling (probably from gaining an understanding of it internally) and then going on to help manage the projects that have been open sourced by the team. I’d make sure best practices are followed for the open sourcing of things, that projects are paid attention to and contributors outside the organization are well-supported. I’d also go to conferences to present on this work, write about it [...]

Mark Shuttleworth: The mouse that jumped

Mon, 17 Oct 2016 12:23:29 +0000

The naming of Ubuntu releases is, of course, purely metaphorical. We are a diverse community of communities – we are an assembly of people interested in widely different things (desktops, devices, clouds and servers) from widely different backgrounds (hello, world) and with widely different skills (from docs to design to development, and those are just the d’s).

As we come to the end of the alphabet, I want to thank everyone who makes this fun. Your passion and focus and intellect, and occasionally your sharp differences, all make it a privilege to be part of this body incorporate.

Right now, Ubuntu is moving even faster to the centre of the cloud and edge operations. From AWS to the zaniest new devices, Ubuntu helps people get things done faster, cleaner, and more efficiently, thanks to you. From the launch of our kubernetes charms which make it very easy to operate k8s everywhere, to the fun people seem to be having with snaps at for shipping bits from cloud to top of rack to distant devices, we love the pace of change and we change the face of love.

We are a tiny band in a market of giants, but our focus on delivering free software freely together with enterprise support, services and solutions appears to be opening doors, and minds, everywhere. So, in honour of the valiantly tiny leaping long-tailed over the obstacles of life, our next release which will be Ubuntu 17.04, is hereby code named the ‘Zesty Zapus’.


Stéphane Graber: LXD is now available in the Ubuntu Snap Store

Mon, 17 Oct 2016 05:55:50 +0000

What are snaps? Snaps were introduced a little while back as a cross-distro package format allowing upstreams to easily generate and distribute packages of their application in a very consistent way, with support for transactional upgrade and rollback as well as confinement through AppArmor and Seccomp profiles. It’s a packaging format that’s designed to be upstream friendly. Snaps effectively shift the packaging and maintenance burden from the Linux distribution to the upstream, making the upstream responsible for updating their packages and taking action when a security issue affects any of the code in their package. The upside being that upstream is now in complete control of what’s in the package and can distribute a build of the software that matches their test environment and do so within minutes of the upstream release. Why distribute LXD as a snap? We’ve always cared about making LXD available to everyone. It’s available for a number of Linux distribution already with a few more actively working on packaging it. For Ubuntu, we have it in the archive itself, push frequent stable updates, maintain official backports in the archive and also maintain a number of PPAs to make our releases available to all Ubuntu users. Doing all that is a lot of work and it makes tracking down bugs that much harder as we have to care about a whole lot of different setups and combination of package versions. Over the next few months, we hope to move away from PPAs and some of our backports in favor of using our snap package. This will allow a much shorter turnaround time for new releases and give us more control on the runtime environment of LXD, making our lives easier when dealing with bugs. How to get the LXD snap? Those instructions have only been tested on fully up to date Ubuntu 16.04 LTS or Ubuntu 16.10 with snapd installed. Please use a system that doesn’t already have LXD containers as the LXD snap will not be able to take over existing containers. Make sure you don’t have a packaged version of LXD installed on your system. sudo apt remove --purge lxd lxd-client Create the “lxd” group and add yourself to it. sudo groupadd --system lxd sudo usermod -G lxd -a Install LXD itself sudo snap install lxd This will get the current version of LXD from the “stable” channel. If your user wasn’t already part of the “lxd” group, you may now need to run: newgrp lxd Once installed, you can set it up and spawn your first container with: Configure the LXD daemon sudo lxd init Launch your first container lxd.lxc launch ubuntu:16.04 xenial Channels and updates The Ubuntu Snap store offers 4 different release “channels” for snaps: stable candidate stable edge For LXD, we currently use “stable”, “candidate” and “edge”. “stable” contains the latest stable release of LXD. “candidate” is a testing area for “stable”. We’ll push new releases there a couple of days before releasing to “stable”. “edge” is the current state of our development tree. This channel is entirely automated with uploads triggered after the upstream CI confirms that the development tree looks good. You can switch between channels by using the “snap refresh” command: snap refresh lxd --edge This will cause your system to install the current version of LXD from the “edge” channel. Be careful when hopping channels though as LXD may break when moving back to an earlier version (going from edge to stable), especially when database schema changes occurred in between. [...]

David Mohammed: budgie-remix 16.10 released

Sun, 16 Oct 2016 19:31:24 +0000

I’m very pleased to announce the release of budgie-remix based on the solid 16.10 Ubuntu foundations. For the uninitiated, budgie-remix utilises the wonderful budgie-desktop graphical interface from the Solus team. This is our first release following the standard Ubuntu release … Continue reading (image)

Stuart Langridge: My nominations for the Silicon Canal Tech Awards 2016

Sun, 16 Oct 2016 18:02:00 +0000

The Silicon Canal tech awards are coming up here in Birmingham, so I thought I’d write down who I’ve nominated and why! Along with a few categories where I had difficulty deciding, in which an honourable mention or two may be awarded, although such things do not get submitted to the actual award ceremony :-) Best Tech Start-Up ImpactHub Birmingham As ImpactHub say, “We want to empower a collective movement to bring about change in our city, embracing a diverse range of people and organisations with a whole host of experiences and skills.” ImpactHub is a place enabling the tech scene in Birmingham, which is the most important part of it all; that’s what makes Birmingham great and more than just some half-baked clone of London or San Francisco. Bringing tech companies together with the rest of the city also hugely increases the number of connections made and opportunities created right here in Birmingham itself, and helps tech entrepreneurs meet other communities and unify everyone’s goals. Most Influential Female in Technology Jessica Rose Jess tirelessly advocates technology and Birmingham, both inside and outside the city. She’s great at connecting dots, showing people who they can work with to get things done, and advising on how best to grow a community or a company into areas you might not have otherwise pursued. And she’s helpful and engaging and good to work with, and knows basically everyone. That’s influence, and she’s using it to better the Brum tech scene as a whole, and that deserves reward. Runner up: Immy Kaur for setting up ImpactHub :-) Small Tech Company of the Year Technical Team Solutions TTS are heavily invested in the tech life of Birmingham itself. They sponsor events, they’ve partnered with Silicon Canal as exclusive recruitment agents, and most importantly they’re behind Fusion, a regular and vibrant quarterly tech conference drawn from the city and supporting both local tech and local street food vendors. This isn’t like some other conferences which basically are in Birmingham by coincidence; Fusion is intimately involved with the Brum tech scene, as are TTS themselves, and that should be massively encouraged. Runner up: Jump 24, web design and development studio getting good stuff done and run by a very smart and very short Welshman1 :-) Large Tech Company of the Year (revenue over £10 million) Talis Talis are strong supporters of the Birmingham tech scene, a successful large scaleup here in the city, and willing to work openly with others in pursuit of those goals. They regularly sponsor tech events with money or by providing space to host meetups, hold hack days and write about them afterwards, donate time and money to helping others in the city including events for entrepreneurs as well as developers, and run their own events (such as Codelicious) to add more to the growing vibrancy of Brum. It’s great to see a company of this size be cognisant of the city and their life within it, and this certainly deserves to be recognised. Most Influential Male in Technology Roy Meredith A jolly good way to make connections in the city is through Roy, who is connected to all sorts of people via being responsible for the tech sectors in Marketing Birmingham. I’m not sure the government marketing agency are always perfect, but I am sure that Roy is a person to know. He’s an engaging public speaker, he’s got a background in industry (with a list of AAA games he’s worked on that’d blow your mi[...]

Svetlana Belkin: Goals for Z Cycle And Reflection on Goals from Y Cycle

Sun, 16 Oct 2016 16:57:58 +0000

It’s hard to believe that Ubuntu 16.10 is already released (I think I may of lost track of time this cycle) and it seems that it’s time for the next cycle’s goals.  But first, I wish to reflect on the goals from the last cycle.  I found out that I’m (somehow) no mood for coding and/or hacking, but I was able to do something for Linux Padawn, which was Buddy Press, but it needs tweaking to get it to work right.

As for this cycle’s goals, they will be centered around the Grailville Pond project, Ubuntu (Touch), and Linux Padawan:

Grailville Pond Project

Work on the Raspberry Pi as I stated here and also work on a temperature inversion catching script for R.

Ubuntu (Touch)

Work on a demo because I’m planning to go Ohio Linux Fest next year and I want to bring something cool.

Linux Padawan

Work on community building in order to increase the growth and also try to get Buddy Press to work.

Hopefully this time I can complete them.

Kubuntu: Kubuntu 16.10 Released!

Sat, 15 Oct 2016 22:49:41 +0000



We, the Kubuntu Team are very happy to announce that Kubuntu 16.10 is finally here!


After 6 months of hard but fun work we have a bright new release for you all!


We packaged some great updates from the KDE Community such as:

– Plasma 5.7.5
– Applications 16.04.3
– Frameworks 5.26.0

We also have updated to version 4.8 of the Linux kernel with improvements across the board such as Microsoft Surface 3 support.

For a list of other application updates, upgrading notes and known bugs be sure to read our release notes!

Download 16.10 or read about how to upgrade from 16.04.

Aaron Honeycutt: A very bright future ahead.

Sat, 15 Oct 2016 13:34:02 +0000


It’s only half way though October but it has already been a very busy month for us at Kubuntu. We have welcomed Rik Mills (acheronuk on IRC) as a new Kubuntu/Ubuntu member, Clive Johnston (clivejo on IRC) as a Kubuntu Developer and pushed a new Kubuntu release out the doors!

Be sure to let us know how much you love it in the #kubuntu-devel IRC Channel, Telegram group or the Mailing List. Your reply might be featured in the next Kubuntu Podcast!

Ubuntu Studio: Ubuntu Studio 16.10 Released

Fri, 14 Oct 2016 23:26:27 +0000

We are happy to announce the release of our latest version, Ubuntu Studio 16.10 Yakkety Yak! As a regular version, it will be supported for 9 months. Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a complete list […]

Will Cooke: What to do with Unity 8 now

Fri, 14 Oct 2016 13:09:24 +0000

As you’re probably aware Ubuntu 16.10 was released yesterday and brings with it the Unity 8 desktop session as a preview of what’s being worked on right now and a reflection of the current state of play.

You might have already logged in and kicked the proverbial tyres.  If not I would urge you to do so.  Please take the time to install a couple of apps as laid out here:

The main driver for getting Unity 8 in to 16.10 was the chance to get it in the hands of users so we can get feedback and bug reports.  If you find something doesn’t work, please, log a bug.  We don’t monitor every forum or comments section on the web so the absolute best way to provide your feedback to people who can act on it is a bug report with clear steps on how to reproduce the issue (in the case of crashes) or an explanation of why you think a particular behaviour is wrong.  This is how you get things changed or fixed.

You can contribute to Ubuntu by simply playing with it.

Read about logging bugs in Ubuntu here:

And when you are ready to log a bug, log it against Unity 8 here:




Jonathan Riddell: KDE 1 neon LTS Released: 20 Years of Supporting Freedom

Fri, 14 Oct 2016 11:12:47 +0000

To celebrate KDE’s 20th birthday today, the great KDE developer Helio Castro has launched KDE 1, the ultimate in long term support software with a 20 year support period. KDE neon has now, using the latest containerised continuous integration technologies released KDE1 neon Docker images for your friendly local devop to deploy. Give it a shot with: apt install docker xserver-xephyr adduser docker Xephyr :1 -screen 1024×768 & docker pull jriddell/kde1neon docker run -v /tmp/.X11-unix:/tmp/.X11-unix jriddell/kde1neon (The Docker image isn’t optimised at all and probably needs to download 10GB, have fun!) by [...]

The Fridge: Juju 2.0 is here!

Fri, 14 Oct 2016 04:49:50 +0000

Juju 2.0 is here! This release has been a year in the making. We’d like to thank everyone for their feedback, testing, and adoption of juju 2.0 throughout its development process! Juju brings refinements in ease of use, while adding support for new clouds and features.

New to juju 2?

You can check our documentation at

Need to install it?

If you are running Ubuntu, you can get it from the juju stable ppa:

sudo add-apt-repository ppa:juju/stable
sudo apt update
sudo apt install juju-2.0

Or install it from the snap store

snap install juju --beta --devmode

Windows, Centos, and MacOS users can get a corresponding installer at:

Want to upgrade to GA?

Those of you running an RC version of juju 2 can upgrade to this release by running:

juju upgrade-juju

Feedback Appreciated!

We encourage everyone to subscribe the mailing list at juju at and join us on #juju on freenode. We would love to hear your feedback and usage of juju.

Originally posted to the juju mailing list on Fri Oct 14 04:34:41 UTC 2016 by Nicholas Skaggs

Valorie Zimmerman: Kubuntu 16.10 is released today

Thu, 13 Oct 2016 23:38:58 +0000

Kubuntu is a friendly, elegant operating system. The system uses the Linux kernel and Ubuntu core. Kubuntu presents KDE software and a selection of other essential applications.

We focus on elegance and reliability. Please join us and contribute to an exciting international Free and Open Source Software project.

Install Kubuntu and enjoy friendly computing. Download the latest version:

Download kubuntu 64-bit (AMD64) desktop DVD    Torrent

Download kubuntu (Intel x86) desktop DVD            Torrent

PCs with the Windows 8 logo or UEFI firmware, choose the 64-bit download. Visit the help pages for more information.

Ubuntu Release notes
For a full list of issues and features common to Ubuntu, please refer to the Ubuntu release notes.
Known problems
For known problems, please see our official Release Announcement.

Media Files:

Lubuntu Blog: Lubuntu 16.10 (Yakkety Yak) Released!

Thu, 13 Oct 2016 23:19:39 +0000

Thanks to all the hard work from our contributors, Lubuntu 16.10 has been released! With the codename Yakkety Yak, Lubuntu 16.10 is the 11th release of Lubuntu, with support until July 2017. We even have Lenny the Lubuntu mascot dressed up for the occasion! What is Lubuntu? Lubuntu is an official Ubuntu flavor based on […]

Sean Davis: Xubuntu 16.10 “Yakkety Yak” Released

Thu, 13 Oct 2016 22:30:10 +0000

Another six months have come and gone, and it’s been a relatively slow cycle for Xubuntu development.  With increased activity in Xfce as it heads towards 4.14 and full GTK+3 support, few changes have...

Xubuntu: Xubuntu 16.10 Released

Thu, 13 Oct 2016 16:43:25 +0000

The Xubuntu team is pleased to announce the immediate release of Xubuntu 16.10. Xubuntu 16.10 is a normal release and will be supported for 9 months.

This release has seen little visible change since April’s 16.04, however much has been done towards supplying Xubuntu with Xfce packages built with GTK3, including the porting of many plugins and Xfce Terminal to GTK3. Those GTK3 ports can, if one wishes to test them, be installed from one of the team’s development PPAs

The final release images are available as Torrents and direct downloads from

As the main server will be very busy in the first few days after release, we recommend using the Torrents wherever possible.


For support with the release, navigate to Help & Support for a complete list of methods to get help.

Known Issues

  • Thunar is still the subject of a few bugs, though they all appear to revolve around similar issues. A further patch has been applied since 16.04.
  • On some hardware the password is sometimes required twice when returning from suspend.

For more information on affecting bugs please refer to the Release Notes.

Thanks to all who have contributed to Xubuntu, not least those who test for us when called upon, and generally anyone can do that for us all. We will name you all in time – you deserve one last mention. Thank you on behalf of all installing Xubuntu – you all rock!

Ubuntu Podcast from the UK LoCo: S09E33 – Emma’s Clown Car - Ubuntu Podcast

Thu, 13 Oct 2016 14:00:57 +0000

It’s Episode Thirty-Three of Season-Nine of the Ubuntu Podcast! Alan Pope, Mark Johnson, Martin Wimpress and Emma Marshall are connected and speaking to your brain. We are four once more! In this week’s show: We discuss the news: Yahoo built specialised software to spy on users for the NSA Verizon reportedly looking for a $1 billion discount on Yahoo Facebook is launching Marketplace to take on eBay and Craigslist Amazon has banned reviews posted in exchange for free products BitTorrent, Inc has abandoned efforts on its BitTorrent Now streaming service A software developer has had their software removed from the App Store and their iTunes account closed A man from Cardiff has appeared in court charged with terrorism offences Google Chrome 55 will feature an updated Javascript engine that uses 50% less memory The Large Hadron Collider is running out of disk space We discuss the community news: Migrating from an i386 install to amd64 without reinstalling A document by Mir display server developers discussing what Mir version 1 will look like archlinux “adapted for WSL” first developer preview Skype for Linux Alpha Can Now Make Linux to Linux Video Calls A Poll that asks; Will You Upgrade to Ubuntu 16.10 Next Week? A Parody within a Parody The winners of the Ubuntu 16.10 Free Culture Showcase Snap interview with Krita Dell XPS 13 laptops with Intel Kaby Lake processors now available Plasma 5.8 LTS now in KDE neon Unity 8 Desktop Session Arrives in Ubuntu 16.10 We mention some events: First LibreOffice 5.3 BugHunting Session – October 21st 2016 Retro Gaming & Vintage Computer Day – October 24th 2016 – Flutterbies Tearoom & Coffee shop in Great Yarmouth, Norfolk Ubuntu Online Summit – November 15th – 16th 2016 UbuCon Europe – 18-20 November – Unperfekthaus, Essen, Germany We also discussed the Pi Zero, organising the Colorado LoCo Ubuntu 16.10 Yakkety-Yak Release Party with System76 but not ZFS. This weeks cover image is taken from Wikimedia. That’s all for this week! If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit. Join us on IRC in #ubuntu-podcast on Freenode [...]

Media Files:

Svetlana Belkin: Ohio Linux Fest 2016

Thu, 13 Oct 2016 01:10:51 +0000

For the last few years, I always wanted to go Ohio Linux Fest (OLF), partly because it’s only two (2) hours away from where I live and one way to meet my fellow Ubuntu Ohio Team members. But what kept me from not coming is my old job before my new one (that I started the week of October 3rd, 2016. So, this year, I finally was able to go! First Day Unfortunately, I wasn’t able to make it because I had to work ten hours at my work plus the two(2) hour drive from Blue Ash, Ohio to Columbus where I arrived at eight (8) to my hotel room. I was very tired and ended up taking a small walk, a bath, and went to sleep for the night. Second Day I woke up and took a small walk around the Arena District of Columbus an hour before the second (and final) day of OLF. I didn’t go to the keynote, but I meet up with José Antonio Rey and helped set up the Ubuntu booth. I was lucky enough to man the booth and I enjoyed it! I also brought my Nexus 7 2013 tablet with Ubuntu and allowed people to try it with the two Nexus 4’s that we had. CC Elizabeth K. Joseph Most of the day was manning the booth but I also went to Elizabeth K. Joseph’s, Nathan Handler’s, Stephen McLaughlin’s talks, and the final keynote by Joe and Lily Born. The first two talks I went was mostly for support for my fellow Ubuntu Community Members, as I’m just a basic end user with some Linux command line skills. Plus, I don’t really know what do with Linux as a hobby, but that is slowly changing. But Stephen McLaughlin’s talk on how (Raspberry) Pi’s are the future sparked my interest very well. As some of you know that I collect data on two ponds at Grailville in order to find out how to organically maintain it. One of the problems is layer temperature inversion in the small pond which means that if fish are placed in, they could die. While I was collecting data, I noticed that the values for pH, ammonia, and phosphate were high. High values equals layer temperature inversion. I got the idea for using a Pi during Stephen’s talk and I told him it. He liked it and give me a free Pi Zero! Because of this gift, I gave myself a project and a next step for the pond project. I will using the Pi along with a solar panel as the power supply, a waterproof temperature sensor, and maybe a rain sensor to see when it rains and/or tell the Pi to record a few weeks after it rains. I plan to float it in the middle of the pond and data collect during the spring into the fall of next year. Before the spring, I will build and test this before trying to collect data. I will have another post as an update. I also meet three(3) Ohio Team members including the everyone-thinks-that-he-is-a-robot Unit193. Ohio Team members! Please tell who you are, because I forgot, thanks!!!! The Ubuntu Booth crew CC Elizabeth K. Joseph At the end of day, I went to the after party where I played Cards Against Humanity for the first time and had cake with gummy Tux’s: Cake! — Svetlana Belkin (@senseopenness) October 9, 2016 Third Day On the last day, I went to the Columbus Zoo* with Elizabeth and David. It was a nice and fun zoo. I also had biso[...]

Marcin Juszkiewicz: System calls again

Wed, 12 Oct 2016 10:47:24 +0000

Few months ago I created a page with HTML table. For own use basically. Then presented it to the people and found out that it got useful for them. So started improving and improving so it became side project.

Yes, system calls again. I wrote about it in past but yesterday I rewrote code so it now uses Linux source so I can generate tables for far more architectures without need of other computers (either real or emulated).

Next step was work on presentation layer. Old version was just table with added sorting. Things were ugly when scrolled as header was gone. Now it sticks to the top of page so it is easier to note which column relates to which architecture.

Odd/even lines are coloured now which makes is easier to find numbers for syscall.

And speaking of searching — there is filter box now. You can type syscall name (or part of it) there and have table filtered. Same can be done with system call number as well. You used Valgrind and it said that has no idea how to handle syscall 145? Just enter number and you see that it is getresuid(), nfsservctl(), readv(), sched_getscheduler(), setreuid() or setrlimit() — depends which architecture you are testing.

You wonder what that that system call does? There are links to man pages provided.

Go here to check it out and comment here, open a new issue if you found a bug or would like to colaborate. Patches are welcome.

Rafael Carreras: Barcelona SFD 2016 summary

Wed, 12 Oct 2016 07:07:19 +0000

Last September, Caliu organised our 12 Software Freedom Day in Barcelona. This time, we went to Ateneu La Bòbila. We offered speches, starting with radio software. Free software on Libraries. A workshop on 3D printing design. Plasma KDE development. Free software and hardware workshop.[...]

Rafael Carreras: Xenial release party in Tortosa

Wed, 12 Oct 2016 06:29:33 +0000

Catalan LoCo Team celebrated on May 21th (a long time ago, I know) a release party of the next Ubuntu version, in that case, 16.04 Xenial Xerus. Sorry about the extremely delay reporting. This time, we went to Tortosa, thanks to our friends of the Ebre School. As always, we started explaining what Ubuntu is and how it adapts to new times and devices.      Raspberry Pi, Robotics and Open Source Hardware on Ubuntu were both present at the party.    Here are some computers from Vant, a local vendor who sell them with Ubuntu installed.     And Slimbook, another local vendor with Ubuntu PCs, gave us a presentation.   Oh, the gastronomy!  And later, some more Raspberry Pi, with our newest 16 years old member.   I’m releasing that post because we need some encouragement for organising next release party in october/november, right? If you need some advice on how to manage a release party, you can contact me.[...]

Daniel Pocock: Outreachy and GSoC 2017 opportunities in Computer Security, Cryptography, PGP and Python

Tue, 11 Oct 2016 18:54:06 +0000

I've proposed the PGP/PKI Clean Room as a topic in Outreachy this year. The topic will also be promoted as part of GSoC 2017.

If you are interested in helping as either an intern or mentor, please follow the instructions there to make contact.

Even if you can't participate, if you have the opportunity to promote the topic in a university or any other environment where potential interns will see it, please do so as this makes a big difference to the success of these programs.

Marcin Juszkiewicz: Linaro Connect: interesting hardware

Tue, 11 Oct 2016 09:06:54 +0000

Before going for Linaro Connect I had a plan to look at all those 96boards devices and write some complains/opinions about them. But it would be like shooting fish in a barrel so I decided against. But there were some interesting pieces of hardware there. One of them was Macchiatobin board from SolidRun. I think that this is same as their Armada 8040 community board but after design changes. Standard Mini-ITX format, quad core Cortex-A72 cpu (with upto 2GHz clock), one normal DIMM slot (max 16GB, ships with 4GB), three Serial-ATA ports, PCI-Express x4 slot, one USB 3.0 port, microSD slot. Photo (done by Riku Voipio) shows which goodies are available: Network interfaces from top to bottom are (if I remember correctly): 10GbE (SFP + RJ-45) 10GbE (SFP + RJ-45) 2.5GbE (SFP) 1GbE (RJ-45) When it comes to software I was told that board is SBSA compliant so any normal distribution should work. Kernel, bootloaders (U-Boot and UEFI) are mainlined. Price? 350USD. Looks like nice candidate for AArch64 development platform or NAS. Other device was Gumstix Nodana 96BCE board which is 96boards complaint carrierboard for Intel Joule modules. On top it looks like typical 96boards device (except USB C port): But once reversed Intel Joule module is visible: This is first non-ARM based 96boards device. Maybe even one of most compliant ones. At least from software perspective because when it comes to hardware then module makes it a bit too thick to fit in 96boards CE specification limits. Note that 96boards Consumer Electronics specification does not require using ARM or AArch64 cpu. Related posts: AArch64 desktop hardware? Cello: new AArch64 enterprise board from 96boards project 96boards goes enterprise? [...]