Linux News Today features the latest news from the global Linux community. This site is updated daily. Click here to return to our homepage. Get the lowest cost and the best tech support on any Linux web hosting plan. Click here for details.
                                          home   |   news archives   |   advertise on our site   |   contact

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Plans begin at $24.95 a month. Get more details, click here.

Do it right this time. Click here and we will take good care of you!

Get all the details by clicking here!

Plans begin at $24.95 a month. Get more details, click here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Click here to order our special clearance dedicated servers.

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Promote your company. Reach over 450,000 Linux software developers, Linux users, Web hosting companies, etc. Boost your sales and promote your brand. Read more, click here.

Ubuntu version 14.04 LTS is expected to ship Friday

Share on Twitter.

Get the most dependable SMTP service for your business. You wished you got it sooner!

April 16, 2014

Canonical announced today that the latest long-term support release of its Ubuntu Linux distribution will be available Friday.

The South African company made the availability announcement of Ubuntu 14.04 LTS, codenamed Trusty Tahr yesterday, coincidentally alongside chief rival Red Hat holding its Red Hat Summit in San Francisco. And no, that's not a coincidence.

The server features where Canonical is keen to gain influence against Red Hat is that Ubuntu 14.04 offers new functionality such as support for the Icehouse OpenStack release, Containerization Technology Docker and ARM-64 chip support.

"We're seeing OpenStack more than anything," said Ubuntu server and cloud product manager Mark Baker. Canonical has also upgraded its Metal-as-a-Service deployment technology to add support for more dense servers, such as AMD-SeaMicro's SM-1500 and equipment from Cisco's UCS division.

There's also a series of incremental upgrades such as moving to support version 3 of the Puppet configuration management software, upgrading the Xen hypervisor to 4.4, moving to support for version 0.79 of the Ceph object storage gear, and finally supporting version 1.0 of LXC.

Non-x86 chip afficionados are also in for a surprise as well, with Ubuntu 14.04 supporting IBM's POWER 8 servers along with 64-bit ARM chips from Applied Micro.

Database system admins may be relieved to hear that Ubuntu is offering some choice here, and is wrapping in some support for MySQL 5.5 along with Maria DB 5.5, Percona XtraDB Cluster 5.5, and MySQL 5.6 into its distribution.

"Ubuntu is now the enterprise platform supported on the widest range of modern architectures-– IBM POWER, ARM64, x86, and x64," Canonical said in its press release.

In other Linux and open source news

Red Hat said earlier this morning that it is lowering the price for accessing its publicly hosted OpenShift software as it struggles to come to terms with the unstable economics of the cloud. The new Bronze pricing scheme for OpenShift was announced by Red Hat in a blog post yesterday. It simply means that developers can now access an off-site version of the OpenShift PaaS (platform-as-a-service) without having to pay a monthly fee, and instead only pay for the storage that they actually use.

"Overall, Bronze brings the real power of platform as a service by making it even easier to only pay for the extra resources you want without a monthly platform fee," said Red Hat marketing VP John Poelstra.

Before the change, developers could either opt for a free version of OpenShift Online with limited amounts of infrastructure and storage, or a $20 per month Silver option.

The Bronze package provides a halfway-point between the two, giving greater infrastructure than free, but lacking the Red Hat support options of Silver, nevertheless.

"A segment of the users was either self sufficient or comfortable with the community based resources. We wanted to find a way to provide some flexibility to developers who want to purchase and consume extra resources while utilizing community based support," said Red Hat's Director of OpenShift Online, Sathish Balakrishnan.

"Overall, a large percentage of the applications (1.6 million applications deployed to date) we have running on OpenShift Online are found to have extra storage for both the application and/or database tiers.

Add-on storage gives these applications unlimited room to effectively scale and store data." OpenShift is a hosted platform-as-a-service, competing with other remotely provisioned software like Cloud Foundry, CloudBees, Amazon Elastic Beanstalk, Engine Yard, and others.

The technology behind all of this is powered by Red Hat Enterprise Linux, and incorporates a few elements of SELinux and cgroups to provide security and isolation for "gears", the containers in which all OpenShift apps run, and the fundamental unit of currency for sizing an OpenShift installation.

Under the new pricing scheme, developers can access 16 gears of any size within the Bronze tier, and will need to pay $1 per gigabyte per month for all storage they access above the 1 GB assigned to each gear.

In addition to this, users of Red Hat's Silver version, which costs from $20 a month, can now access more than 16 gears per OpenShift install.

Like Red Hat, OpenShift is built with a significant emphasis on open source and, because of this, competes with Pivotal's Cloud Foundry project for the attention of Linux programmers and application developers.

Pivotal formed the Cloud Foundry Foundation in February, a cross-industry program designed to bring in more companies to work on the technology. Some of the contributors include IBM, HP, SAP, Sun Hosting and Rackspace.

One thing that may cause developers to favor OpenShift is the open-source heritage of its creator. "From a developer trying to extend the platform, the OpenShift codebase provided much better documentation than Cloud Foundry, but was a bit more difficult to understand at first, because it's split into fewer components.

As engineers, we like smaller components of code when we can get them," wrote PaaS software consultants Uhuru Software. "OpenShift gives the user a bit more control and more predictability."

In other Linux and open source news

Cloud solutions provider Joyent said earlier this morning that it has partnered with Canonical's Ubuntu team to offer tailored images into its cloud.

This means that Linux and open source developers who want to run Ubuntu on Joyent's advanced Smart OS-based infrastructure can now do it with greater confidence in getting regular updates from Canonical, with additional performance guarantees.

By joining Canonical's Certified Public Cloud Program, Joyent will be guaranteed to get the latest Ubuntu features, security and compliance accreditations from Canonical, exhaustive testing by Canonical of the Ubuntu image on Joyent's cloud platform, access to the Ubuntu Cloud Suite including Juju orchestration, and Joyent-hosted archive mirrors that are monitored constantly by Canonical in an effort to push out urgent updates.

The partnership "gives people a vector for a first class Ubuntu experience in the Joyent cloud," explains the company's head of engineering Bryan Cantrill.

"Canonical and Joyent are similar in a few ways since we're both taking on established giants. Joyent is taking on AWS and Canonical is taking on Red Hat," added Cantrill.

Overall, Joyent is mostly known for its technically innovative services, such as its ZFS-based object store and compute-storage cocktail "Manta", its "Content Delivery Cloud" which pairs Joyent DCs with Riverbed virtual appliances for a cut-price Akamai competitor, its eCommerce Package, and more.

These specific products are part of an initiative by the company to identify areas where Amazon is weak and build a product base there, rather than compete with it head-on in the cut-throat markets for main compute and storage projects.

"I don't want to be the Ryanair of cloud computing," he says. "Amazon is fundamentally a retailer and we are fundamentally a systems company. We believe in innovating deeper in the stack. You're never going to see a Manta come out of Amazon."

As part of this systems focus, the company will also work with Joyent to deploy a Node.js charm on its cloud. Charms are used by Joyent's "Juju" orchestration technology, which helps to configure, deploy, and manage Ubuntu-based infrastructure.

"We believe in Canonical and Ubuntu as an important development platform for certain classes of applications," Cantrill says. "I think that if you look at JuJu, you can view that as an intent from them to get upstack from the respect of the developer experience."

Overall, the Joyent partnership follows Canonical's embrace of the "Cloud Foundry" platform-as-a-service in November, as the company tries to get a lead on Red Hat in the world of Linux and open distributed systems.

In other Linux news

The Apache Foundation said earlier this morning that it has promoted a fast data-processing tool out of the Apache Incubator in a further sign of the maturity of the Hadoop family of products. To be sure, Apache Spark is a fast processing layer for computing data stored within the open-source Hadoop file system or other shared file systems such as NFS.

It supports Scala, Java, and Python. In some tests, it has demonstrated a speed of up to one-hundred times over Hadoop when dealing with in-memory sets, and ten times for hard-disk-held data.

Over the past weekend, Spark was unanimously voted to graduate from the Incubator, and some of those voting included Hadoop luminaries such as the technology's creator, Doug Cutting himself.

Now that Spark has been promoted, a project management committee will be established for the software, and Databricks co-founder and former AMP Lab PHD student Matei Zaharia will be appointed to the role of Vice President, Apache Spark.

Like Hadoop, Spark has become the foundation for other data-processing engines as well, such as Shark for SQL-on-Hadoop queries, MLib for machine learning, Spark Streaming for dealing with streaming data, and GraphX for graph processing.

Some of the technology's users include Baidu, Databricks, IBM's Almaden research group, Trend Micro, Yahoo and Alibaba.

The 'graduation' of Apache Spark caps off a steep rise for the data-processing system, which was created at the University of California at Berkeley's AMP Lab five years ago and was officially published as open source in 2010.

Since then, the system has gained a vigorous developer community, and more than 120 open source developers from 25 companies contribute source code.

Interestingly, there seems to be enough activity around the software for businesses to smell money. Last week, Hadoop Cloudera announced commercial support for the tool. We'll keep you posted on these and other stories.

In other Linux and open source news

Initially at least, when releasing -rc2 kernels in the past year or so, Linus Torvalds was sometimes very unhappy with the amount of code changes that happened. But the February 9 kernel update that just came out, Torvalds seems okay with Linux 3.14-rc2, at least for now anyway.

Linus acknowledged in his 3.14-rc2 release announcement "that it's been pretty quiet", but he's scared of large pull requests coming in next week or later on in this kernel development cycle.

For the changes that were merged this week, it's been the usual bug fixes to drivers, architecture updates, etc. There really isn't anything too exciting this week. If you're not yet running the Linux 3.14 kernel in its latest development form and unaware of the many new features, read our overview of the Linux 3.14 features.

There's a lot of good things in this new release. We'll have more Linux 3.14 kernel benchmarks in the days ahead now that most of the initial fixes have landed.

There's also daily Linux kernel benchmarks coming along with other high-profile projects. We'll keep you posted on these and other developments as they happen.

In other Linux and OS news

There's a critical security flaw that's been present in the Linux kernel for more than 22 years, but you would think that after all those years have passed by the issue would have been patched by now, but it's not, and it's still widely found in thousands of computers everywhere.

The X Window System, which today underpins Linux desktops the world over, is what's at fault. Sysadmins have a few days to patch libXfont to remove a newly discovered, 22-year-old privilege-escalation bug in the code before any tiresome users whip out an exploit.

The security hole allows someone logged into a vulnerable machine to crash the X server, or possibly execute injected code as a superuser.

Hard on the heels of a Chaos Communication Congress presentation that found hundreds of bugs, the newly found security issue is a textbook stack buffer overflow that dates back to 1991, and is present in all versions of X11.

The bug is very straightforward, and will impact shared computers, but it is ideal to dissect to reveal how this sort of security blunder happens in the first place.

As the advisory states-- “A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector enabled resulted in an immediate system crash when reading a user-provided specially crafted font.”

The guilty party is this block of code in bdfReadCharacters() in libXfont/tree/src/bitmap/bdfread.c. If you can't already see the bug then we'll explain. On-screen fonts can be stored in Glyph Bitmap Distribution Format (BDF) files, which start with the following line to declare the format version the font is adhering to STARTCHAR 2.1.

That's all well and good if the loaded font has a short version number, expressed as a string, which in this case is "2.1". That information is copied into the string variable charName by the sscanf() call in bdfread.c. The problem is, sscanf() is not told to limit the number of bytes read for the version number and will keep copying data from the file until it hits a white-space character.

The charName variable is declared as having a length of 100 bytes, so feeding it a crafted BDF font with a "STARTCHAR" version number longer than that will punch through the boundary of the variable's allotted space in memory and into other data on the stack.

Click here to order the best dedicated server and at a great price.

This means that an attacker could overwrite the memory that controls the processor's instruction pointer on leaving the bdfReadCharacters() function, effectively hijacking the software.

And since the X server is usually run with superuser privileges, the normal user can start running code to take control of the system if the attack is successful. Much more in-depth explanations on how stack buffer overflows can be exploited, despite some of the protections in place on modern systems.

The fix for the security issue is very simple-- you just tell sscanf() to read at most 99 bytes, leaving one for the terminating NULL:

if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {

As the announcement states-- "As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.

In the December Chaos Communication Congress presentation, Ilja van Sprundel said he'd able to find no less than 120 bugs in a couple of months, “and I'm not even close to done”.

Van Sprundel had already triggered a major security update in May 2013, with tens of fixes needed because client libraries trusted servers to send valid data.

The latest security issue, discovered using the cppcheck static analyzer, is designated CVE-2013-6462. Security updates should be available from package managers and repositories.

In other Linux news

In yet another of the numerous instances of the Edward Snowden security revelations going on at the NSA, the developers of the FreeBSD Unix operating system have decided to take some steps backwards in their cryptographic work, to stop using hardware random number generators (RNGs).

To be sure, the two hardware RNGs singled out by the FreeBSD team are identified as Intel's RDRAND (in Ivy Bridge processors), and VIA's Padlock system.

The decision was made at the FreeBSD Developer Summit, held in Malta in September 2013, but the decision to pull the hardware RNGs didn't attract any attention at the time. But now it does, and in a very big way.

“For FreeBSD 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random.

However, it will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more”, the post warned its users.

But one solution on offer from Polish developer Pawel Jakub Dawidek is to use the time it takes to attach devices at boot time, and feed these numbers into /dev/random-- “it turns out that one can get about 4 good bits of entropy from each device”.

And among the many things Edward Snowden's documents have suggested is that the NIST's crypto standardization efforts were nobbled by the NSA. This confirmed long-standing knowledge that the Dual Elliptic Curve Deterministic Random Bit Generator is weak, leading to RSA abandoning it in September.

However, not everybody believes that RDRAND falls into the same category. Linux OS founder Linus Torvalds, for example, dismissed concerns about the instruction, telling the author of an online petition to yank the command from Linux “we actually know what we're doing. You don't”.

In that debate, Torvalds pointed out that RDRAND isn't the only source of entropy for values streamed into /dev/random in a Linux implementation.

In late 2012, a paper was published by Cryptography assessing Intel's approach, and giving it a pass mark. We did contact Intel for their comments, but we are still awaiting a response from them. We will keep you updated.

Source: Canonical.

Get the most reliable SMTP service for your business. You wished you got it sooner!

All logos, trade marks or service marks on this website are the property of their respective companies or owners.

Article featured on Tech Blog and on Business 5.0

Get a best price and the most dependable server colocation reliability from the experts at Sun Hosting. Learn more. This article was featured on Tech Blog and Business 5.0.

Linux News is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.

  Site powered by Linux Hosting      Sponsored by DMZ eMail and by Sun Hosting.      Linux news while they are still fresh.    ©   Linux is a registered trademark of Linus Torvalds.