TechnicalOverview

Introduction

The Ubuntu team is happy to bring you the latest and greatest software the open source community has to offer. This is their latest result: Ubuntu 8.10.

Upgrading from Ubuntu 8.04 LTS

If you are upgrading from Ubuntu 8.04 LTS, we have easy-to-follow upgrade instructions.

New Features since Ubuntu 8.04 LTS

GNOME 2.24

Ubuntu brings you the newest GNOME 2.24 desktop environment with tons of bug-fixes and new features, some of which include:

  • Nautilus file manager has tab support (by Christian Neumair) and Eject icons for removable drives in Places sidebar (by Stefano Teso, Cosimo Cecchi, Christian Neumair, and others).

  • File Roller archive manager now supports ALZ, RZIP, CAB, TAR.7Z file types also (by Paolo Bacchilega and Changwoo Ryu).

X.Org 7.4

X.Org 7.4, the latest stable version of X.Org, is available in Intrepid. This release brings much better support for hot-pluggable input devices such as tablets, keyboards, and mice. At the same time this will allow the great majority of users to run without a /etc/X11/xorg.conf file. A new failsafe X is introduced, to give better tools for troubleshooting X startup failures.

Two of the older nvidia binary drivers are not available for X.Org 7.4 yet, so users of these drivers will be automatically switched to the corresponding open source drivers.

Linux kernel 2.6.27

Ubuntu 8.10 includes Linux kernel 2.6.27, a significant release with better hardware support and numerous bug-fixes.

Encrypted private directory

The ecryptfs-utils package was recently promoted to Ubuntu main, with support for a secret encrypted folder in your Home Folder (by Michael Halcrow, Dustin Kirkland, and Daniel Baumann).

You can help test this new feature by going to Applications → Accessories → Terminal and typing:

  • sudo aptitude install ecryptfs-utils

  • ecryptfs-setup-private

Guest session

The User Switcher panel applet (package fast-user-switch-applet) now provides an extra entry for starting a Guest session (by Martin Pitt). This creates a temporary password-less user account with restricted privileges: the account cannot access any users' home directories, nor permanently store data. This is sufficiently safe to lend your laptop to someone else for a quick email check.

Network Manager 0.7

Ubuntu 8.10 includes Network Manager 0.7 (by Dan Williams and others), with long-awaited features such as:

  • system-wide settings (no need to log in to get a connection)
  • management of 3G connections (GSM/CDMA)
  • management of multiple active devices at once
  • management of PPP and PPPOE connections
  • management of devices with static IP configurations
  • route management for devices

More information can be found on the Network Manager wiki.

DKMS

DKMS (by Dell) is included in Ubuntu 8.10, allowing kernel drivers to be automatically rebuilt when new kernels are released. This makes it possible for kernel package updates to be made available immediately without waiting for rebuilds of driver packages, and without third-party driver packages becoming out of date when installing these kernel updates.

Samba 3.2

A lot of new features have been added in Samba 3.2, including:

  • clustered file server support
  • encrypted network transport
  • IPv6
  • better integration with current Microsoft Windows™ clients and servers.

PAM authentication framework

Ubuntu 8.10 features a new pam-auth-update tool, which allows simple management of PAM authentication configuration for both desktops and servers (by Steve Langasek). Packages providing PAM modules will be configured automatically, and users can adjust their authentication preferences by running sudo pam-auth-update.

More information can be found in the Ubuntu wiki.

Totem BBC plugin

Ubuntu 8.10 features a new plugin for the Totem movie player that fetches free digital content from the BBC. To enable it, start Totem (Applications -> Sound & Video -> Movie Player), enable the plugin (Edit -> Plugins -> BBC content viewer) and select "BBC" from the drop-down labelled "Playlist".

Thanks to the BBC and Collabora for their work developing this feature.

Server Virtualization

python-vm-builder

This is a complete rewrite of ubuntu-vm-builder featuring a better template system, a plugin architecture allowing support for other distributions, front-ends and additional functionalities such as post install task (--exec, --copy) or first boot (--first-boot, --first-login). It provides a compatibility mode with the previous command-line syntax and adds better reporting.

Python-vm-builder allows you to create a new virtual machine in a few minutes without going through the interactive installation process. It can be very useful for developers, software vendors or system administrators. A tutorial is available at https://help.ubuntu.com/community/JeOSVMBuilder

Ubuntu as a Xen guest

Using Ubuntu as a Xen guest is now a supported option included in the standard server kernel and is a choice when building virtual machines with python-vm-builder.

JeOS is now an option in the server installer

In an effort to simplify our build process and avoid confusion when trying to install JeOS on real hardware, JeOS is no longer provided as a separate ISO. Instead, it is an option that is activated on the server installer by pressing F4 on the first screen and selecting the "Install a minimal virtual machine" option.

Notable inclusion in the main repository

The following packages have been included in the main repository and are now supported options that can be of particular interest for server administrators:

  • Sun's Java OpenJDK 1.6 - an open source implementation of the Java development kit
  • Apache's Tomcat 6 - A Java servlet container
  • ClamAV - a virus detection engine that can be coupled to mail servers
  • SpamAssassin - A spam detection engine that can be coupled to mail servers

Boot degraded raid setting

Traditionally, booting an Ubuntu installation with the root filesystem on a degraded RAID drops the system into a busybox prompt in the initramfs. This is the safest choice as it will prevent any further possible harm to data and let administrator pick what to do, but was causing issues with server hosted in remote locations. A system administrator can now statically configure their machines to continue on booting even if a disk is bad in the array by issuing the following command:

  • echo "BOOT_DEGRADED=true" | sudo tee -a /etc/initramfs-tools/conf.d/mdadm

Additionally, this can be specified on the kernel boot line with the bootdegraded=[true|false] parameter.

Service command now supported

Fedora or Red-Hat administrators will now feel a bit more comfortable using Ubuntu as the service command they had been using to manage daemons is now standard on Ubuntu. In addition to the traditional sudo /etc/init.d/<service> [start|stop|restart] way of managing a process, it is now also possible to use sudo service <service> [start|stop|restart].

In addition, numerous standard services now support the status option so that, e.g., sudo service postfix status will now report if the service is running or not.

OpenLDAP using ''cn=config''

The default installation of the OpenLDAP server now uses the cn=config extension, which allows automatic synchronization between LDAP replicas of configuration changes made.

Service-aware Uncomplicated Firewall (ufw)

Common services now inform ufw of the ports that are recommended for their proper enabling, so the administrator can open them in a single simple command ufw allow <service>.

Compiler security-hardening features by default

The gcc compiler now defaults to enabling several security hardening features and warnings. This stops many undiscovered security vulnerabilities, rendering them unexploitable.

Network services compiled as position-independent executables

To take advantage of the kernel's ability to randomize the in-memory location of executables, many network services were compiled as position-independent executables (PIE), including: apache2, bind9, openldap, postfix, cups, openssh, postgresql-8.3, samba, dovecot, dhcp3. This makes certain kinds of security vulnerabilities even harder to exploit.

Known Issues

For a full list of errata for Ubuntu 8.10, please see the Ubuntu 8.10 release notes.

IntrepidIbex/TechnicalOverview (last edited 2008-10-30 04:02:17 by minbar)