Language Selection

English French German Italian Portuguese Spanish

New Linux Arrivals

Filed under
Ubuntu

You can almost set your watch by it nowadays: Twice a year, we have a new version of Ubuntu Linux to explore.

April will bring the release of Feisty Fawn, also known as Ubuntu 7.04. (The "04" indicates April; the "7" stands for 2007.) I've been running prerelease versions of Feisty for about a month. In a moment, some notes on what I've discovered. But first, a bit of context and history.

Ubuntu releases usually arrive each April and October. Version 6.10 (Edgy Eft) came out on time, but last spring's release, Dapper Drake, debuted two months late, and thus was christened version 6.06 LTS. The LTS stands for "long-term support," meaning that Canonical, the company that provides support for Ubuntu, will do so for five years; in addition, Canonical will make security updates available for the same amount of time, rather than for the typical 18 months for a non-LTS Ubuntu release.

Dapper remains the most stable, hassle-free Linux I have ever used--and I've been running Linux full-time on one machine or another since 1998. Edgy, however, reworked a few key parts of the system to take advantage of newer technologies, and the result wasn't as solid. My laptop's suspend, hibernate, and resume features, for instance, never failed when I ran Dapper. But since I installed Edgy, the machine sometimes fails to go to sleep when I want it to.

So I've been looking forward to Feisty, not only for bug fixes but also because one of the Ubuntu team's stated goals for Feisty was a specific intention to add cutting-edge desktop effects to the Ubuntu experience.

What sort of whiz-bang desktop effects am I talking about?

Full Story.

More in Tux Machines

Australian Securities Exchange completes Red Hat migration

The Australian Securities Exchange (ASX) has completed the migration of "mission-critical" legacy applications to the Red Hat JBoss Enterprise Application Platform (JBoss EAP). ASX first deployed JBoss EAP in 2011 to modernise its legacy technologies and to facilitate the introduction of new web applications after it realised its legacy application server platform was becoming increasingly inconsistent, unstable, and expensive. After the initial ASX Online Company migration was complete in 2012, ASX used JBoss EAP to build the ASX.com API, as well as its Sharemarket Game, which gives players the opportunity to learn how the share market works. Read more

Programming/Development: GAPID 1.0 and Atom 1.23

  • Diagnose and understand your app's GPU behavior with GAPID
  • GAPID 1.0 Released As Google's Cross-Platform Vulkan Debugger
    Back in March we wrote about GAPID as a new Google-developed Vulkan debugger in its early stages. Fast forward to today, GAPID 1.0 has been released for debugging Vulkan apps/games on Linux/Windows/Android as well as OpenGL ES on Android. GAPID is short for the Graphics API Debugger and allows for analyzing rendering and performance issues with ease using its GUI interface. GAPID also allows for easily experimenting with code changes to see their rendering impact and allows for offline debugging. GAPID has its own format and capturetrace utility for capturing traces of Vulkan (or GLES on Android too) programs for replaying later on with GAPID.
  • Hackable Text Editor Atom 1.23 Adds Better Compatibility for External Git Tools
    GitHub released Atom 1.23, the monthly update of the open-source and cross-platform hackable text editor application loved by numerous developers all over the world. Including a month's worth of enhancements, Atom 1.23 comes with the ability for packages to register URI handler functions, which can be invoked whenever the user visits a URI that starts with "atom://package-name/," and a new option to hide certain commands in the command palette when registering them via "atom.commands.add." Atom 1.23 also improves the compatibility with external Git tools, as well as the performance of the editor by modifying the behavior of several APIs to no longer make callbacks more than once in a text buffer transaction. Along with Atom 1.23, GitHub also released Teletype 0.4.0, a tool that allows developers to collaborate simultaneously on multiple files.

Red Hat GNU/Linux and More

Security: VLC Bug Bounty, Avast Tools, Intel ME

  • European Commission Kicks Off Open-Source Bug Bounty
    The European Commission has announced its first-ever bug bounty program, and is calling on hackers to find vulnerabilities in VLC, a popular open-source multimedia player loaded on every workstation at the Commission. The program has kicked off with a three-week, invitation-only session, after which it will be open to the public. Rewards include a minimum of $2,000 for critical severity bugs, especially remote code execution. High severity bugs such as code execution without user intervention, will start at $750. Medium severity bugs will start at a minimum of $300; these include code execution with user intervention, high-impact crashes and infinite loops. Low-severity bugs, like information leaks, crashes and the like, will pay out starting at $100.
  • Avast launches open-source decompiler for machine code
    Keeping up with the latest malware and virus threats is a daunting task, even for industry professionals. Any device connected to the Internet is a target for being infected and abused. In order to stop attacks from happening, there needs to be an understanding of how they work so that a prevention method can be developed. To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS.
  • Avast makes 'RetDec' machine-code decompiler open source on GitHub
    Today, popular anti-virus and security company, Avast, announces that it too is contributing to the open source community. You see, it is releasing the code for its machine-code decompiler on GitHub. Called "RetDec," the decompiler had been under development since 2011, originally by AVG -- a company Avast bought in 2016.
  • The Intel ME vulnerabilities are a big deal for some people, harmless for most
    (Note: all discussion here is based on publicly disclosed information, and I am not speaking on behalf of my employers) I wrote about the potential impact of the most recent Intel ME vulnerabilities a couple of weeks ago. The details of the vulnerability were released last week, and it's not absolutely the worst case scenario but it's still pretty bad. The short version is that one of the (signed) pieces of early bringup code for the ME reads an unsigned file from flash and parses it. Providing a malformed file could result in a buffer overflow, and a moderately complicated exploit chain could be built that allowed the ME's exploit mitigation features to be bypassed, resulting in arbitrary code execution on the ME. Getting this file into flash in the first place is the difficult bit. The ME region shouldn't be writable at OS runtime, so the most practical way for an attacker to achieve this is to physically disassemble the machine and directly reprogram it. The AMT management interface may provide a vector for a remote attacker to achieve this - for this to be possible, AMT must be enabled and provisioned and the attacker must have valid credentials[1]. Most systems don't have provisioned AMT, so most users don't have to worry about this.