Table of Contents

Contents

  1. Introduction
  2. Upgrading from Ubuntu 8.04 LTS
  3. New Features since Ubuntu 8.04 LTS
    1. GNOME 2.24
    2. X.Org 7.4
    3. Linux kernel 2.6.27
    4. Encrypted private directory
    5. Guest session
    6. Network Manager 0.7
    7. DKMS
    8. Samba 3.2
    9. PAM authentication framework
    10. Totem BBC plugin
    11. Server Virtualization
      1. python-vm-builder
      2. Ubuntu as a Xen guest
      3. JeOS is now an option in the server installer
    12. Notable inclusion in the main repository
    13. Boot degraded raid setting
    14. Service command now supported
    15. OpenLDAP using ''cn=config''
    16. Service-aware Uncomplicated Firewall (ufw)
    17. Compiler security-hardening features by default
    18. Network services compiled as position-independent executables
  4. Known Issues

Introduction

The Ubuntu team is happy to bring you the latest and greatest software the open source community has to offer. This is their latest result: Ubuntu 8.10.

Upgrading from Ubuntu 8.04 LTS

If you are upgrading from Ubuntu 8.04 LTS, we have easy-to-follow upgrade instructions.

New Features since Ubuntu 8.04 LTS

GNOME 2.24

Ubuntu brings you the newest GNOME 2.24 desktop environment with tons of bug-fixes and new features, some of which include:

X.Org 7.4

X.Org 7.4, the latest stable version of X.Org, is available in Intrepid. This release brings much better support for hot-pluggable input devices such as tablets, keyboards, and mice. At the same time this will allow the great majority of users to run without a /etc/X11/xorg.conf file. A new failsafe X is introduced, to give better tools for troubleshooting X startup failures.

Two of the older nvidia binary drivers are not available for X.Org 7.4 yet, so users of these drivers will be automatically switched to the corresponding open source drivers.

Linux kernel 2.6.27

Ubuntu 8.10 includes Linux kernel 2.6.27, a significant release with better hardware support and numerous bug-fixes.

Encrypted private directory

The ecryptfs-utils package was recently promoted to Ubuntu main, with support for a secret encrypted folder in your Home Folder (by Michael Halcrow, Dustin Kirkland, and Daniel Baumann).

You can help test this new feature by going to Applications → Accessories → Terminal and typing:

Guest session

The User Switcher panel applet (package fast-user-switch-applet) now provides an extra entry for starting a Guest session (by Martin Pitt). This creates a temporary password-less user account with restricted privileges: the account cannot access any users' home directories, nor permanently store data. This is sufficiently safe to lend your laptop to someone else for a quick email check.

Network Manager 0.7

Ubuntu 8.10 includes Network Manager 0.7 (by Dan Williams and others), with long-awaited features such as:

More information can be found on the Network Manager wiki.

DKMS

DKMS (by Dell) is included in Ubuntu 8.10, allowing kernel drivers to be automatically rebuilt when new kernels are released. This makes it possible for kernel package updates to be made available immediately without waiting for rebuilds of driver packages, and without third-party driver packages becoming out of date when installing these kernel updates.

Samba 3.2

A lot of new features have been added in Samba 3.2, including:

PAM authentication framework

Ubuntu 8.10 features a new pam-auth-update tool, which allows simple management of PAM authentication configuration for both desktops and servers (by Steve Langasek). Packages providing PAM modules will be configured automatically, and users can adjust their authentication preferences by running sudo pam-auth-update.

More information can be found in the Ubuntu wiki.

Totem BBC plugin

Ubuntu 8.10 features a new plugin for the Totem movie player that fetches free digital content from the BBC. To enable it, start Totem (Applications -> Sound & Video -> Movie Player), enable the plugin (Edit -> Plugins -> BBC content viewer) and select "BBC" from the drop-down labelled "Playlist".

Thanks to the BBC and Collabora for their work developing this feature.

Server Virtualization

python-vm-builder

This is a complete rewrite of ubuntu-vm-builder featuring a better template system, a plugin architecture allowing support for other distributions, front-ends and additional functionalities such as post install task (--exec, --copy) or first boot (--first-boot, --first-login). It provides a compatibility mode with the previous command-line syntax and adds better reporting.

Python-vm-builder allows you to create a new virtual machine in a few minutes without going through the interactive installation process. It can be very useful for developers, software vendors or system administrators. A tutorial is available at https://help.ubuntu.com/community/JeOSVMBuilder

Ubuntu as a Xen guest

Using Ubuntu as a Xen guest is now a supported option included in the standard server kernel and is a choice when building virtual machines with python-vm-builder.

JeOS is now an option in the server installer

In an effort to simplify our build process and avoid confusion when trying to install JeOS on real hardware, JeOS is no longer provided as a separate ISO. Instead, it is an option that is activated on the server installer by pressing F4 on the first screen and selecting the "Install a minimal virtual machine" option.

Notable inclusion in the main repository

The following packages have been included in the main repository and are now supported options that can be of particular interest for server administrators:

Boot degraded raid setting

Traditionally, booting an Ubuntu installation with the root filesystem on a degraded RAID drops the system into a busybox prompt in the initramfs. This is the safest choice as it will prevent any further possible harm to data and let administrator pick what to do, but was causing issues with server hosted in remote locations. A system administrator can now statically configure their machines to continue on booting even if a disk is bad in the array by issuing the following command:

Additionally, this can be specified on the kernel boot line with the bootdegraded=[true|false] parameter.

Service command now supported

Fedora or Red-Hat administrators will now feel a bit more comfortable using Ubuntu as the service command they had been using to manage daemons is now standard on Ubuntu. In addition to the traditional sudo /etc/init.d/<service> [start|stop|restart] way of managing a process, it is now also possible to use sudo service <service> [start|stop|restart].

In addition, numerous standard services now support the status option so that, e.g., sudo service postfix status will now report if the service is running or not.

OpenLDAP using ''cn=config''

The default installation of the OpenLDAP server now uses the cn=config extension, which allows automatic synchronization between LDAP replicas of configuration changes made.

Service-aware Uncomplicated Firewall (ufw)

Common services now inform ufw of the ports that are recommended for their proper enabling, so the administrator can open them in a single simple command ufw allow <service>.

Compiler security-hardening features by default

The gcc compiler now defaults to enabling several security hardening features and warnings. This stops many undiscovered security vulnerabilities, rendering them unexploitable.

Network services compiled as position-independent executables

To take advantage of the kernel's ability to randomize the in-memory location of executables, many network services were compiled as position-independent executables (PIE), including: apache2, bind9, openldap, postfix, cups, openssh, postgresql-8.3, samba, dovecot, dhcp3. This makes certain kinds of security vulnerabilities even harder to exploit.

Known Issues

For a full list of errata for Ubuntu 8.10, please see the Ubuntu 8.10 release notes.

IntrepidIbex/TechnicalOverview (last edited 2008-10-30 04:02:17 by minbar)