Ubuntu

Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience

Linux, Tech, Ubuntu, ubuntu 24.04, xz utils / Blake Jones / April 26, 2024

Ubuntu 24.04 —

Plus Raspberry Pi 5 support, better laptop power, and lots of other changes.

Kevin Purdy – Apr 25, 2024 6: 59 pm UTC

Ubuntu desktop running on a laptop on a 3D-rendered desktop, with white polygonal coffee mug and picture frame nearby. — Enlarge / Ubuntu has come a long way over nearly 20 years, to the point where you can now render 3D Ubuntu coffee mugs and family pictures in a video announcing the 2024 spring release.

Canonical

History might consider the most important aspect of Ubuntu 24.04 to be something that it doesn’t have: vulnerabilities to the XZ backdoor that nearly took over the global Linux scene.

Betas, and the final release of Ubuntu 24.04, a long-term support (LTS) release of the venerable Linux distribution, were delayed, as backing firm Canonical worked in early April 2024 to rebuild every binary included in the release. xz Utils, an almost ubiquitous data-compression package on Unix-like systems, had been compromised through a long-term and elaborate supply-chain attack, discovered only because a Microsoft engineer noted some oddities with SSH performance on a Debian system. Ubuntu, along with just about every other regularly updating software platform, had a lot of work to do this month.

Canonical’s Ubuntu 24.04 release video, noting 20 years of Ubuntu releases. I always liked the brown.

What is actually new in Ubuntu 24.04, or “Noble Numbat?” Quite a bit, especially if you’re the type who sticks to LTS releases. The big new changes are a very slick new installer, using the same Subiquity back-end as the Server releases, and redesigned with a whole new front-end in Flutter. ZFS encryption is back as a default install option, along with hardware-backed (i.e., TPM) full-disk encryption, plus more guidance for people looking to dual-boot with Windows setups and BitLocker. Netplan 1.0 is the default network configuration tool now. And the default installation is “Minimal,” as introduced in 23.10.

The numbat is an <a href= — Enlarge / The numbat is an endangered species, and I think we should save it.

Getty Images

Raspberry Pi gets some attention, too, with an edition of 24.04 (64-bit only) available for the popular single-board computer, including the now-supported Raspberry Pi 5 model. That edition includes power supply utility Pemmican and enables 3D acceleration in the Firefox Snap. Ubuntu also tweaked the GNOME (version 46) desktop included in this release, such that it should see better performance on Raspberry Pi graphics drivers.

What else? Lots of little things:

Support for autoinstall, i.e., YAML-based installation workflows
A separate, less background-memory-eating firmware updating tool
Additional support for Group Policy Objects (GPOs) in Active Directory environments
Security improvements to Personal Package Archives (PPA) software setups
Restrictions to unprivileged user namespace through apparmor, which may impact some third-party apps downloaded from the web
A new Ubuntu App Center, replacing the Snap Store that defaults to Snaps but still offers traditional .deb installs (and numerous angles of critique for Snap partisans)
Firefox is a native Wayland application, and Thunderbird is a Snap package only
More fingerprint reader support
Improved Power Profiles Manager, especially for portable AMD devices
Support for Apple’s preferred HEIF/HEIC files, with thumbnail previews
Snapshot replaces Cheese, and GNOME games has been removed
Virtual memory mapping changes that make many modern games run better through Proton, per OMG Ubuntu
Linux kernel 6.8, which, among other things, improves Intel Meteor Lake CPU performance and supports Nintendo Switch Online controllers.

The suggested system requirements for Ubuntu 24.04 are a 2 GHz dual-core processor, 4GB memory, and 25GB free storage space. There is a dedicated WSL edition of 24.04 out for Windows systems.

Listing image by Getty Images

Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience Read More »

Ubuntu will manually review Snap Store after crypto wallet scams

Biz & IT, Canonical, containerization, containers, mark shuttleworth, snap store, snaps, Tech, Ubuntu / Ari B / March 28, 2024

Linux app distribution —

Former Canonical employee calls out the “Safe” label applied to Snap apps.

Kevin Purdy – Mar 28, 2024 6: 23 pm UTC

Man holding a piggy bank at his desk, with the piggy wired up with strange circuits and hardware — Enlarge / One thing you can say about this crypto wallet: You can’t confuse it for any other.

Getty Images

The Snap Store, where containerized Snap apps are distributed for Ubuntu’s Linux distribution, has been attacked for months by fake crypto wallet uploads that seek to steal users’ currencies. As a result, engineers at Ubuntu’s parent firm are now manually reviewing apps uploaded to the store before they are available.

The move follows weeks of reporting by Alan Pope, a former Canonical/Ubuntu staffer on the Snapcraft team, who is still very active in the ecosystem. In February, Pope blogged about how one bitcoin investor lost nine bitcoins (about $490,000 at the time) by using an “Exodus Wallet” app from the Snap store. Exodus is a known cryptocurrency wallet, but this wallet was not from that entity. As detailed by one user wondering what happened on the Snapcraft forums, the wallet immediately transferred his entire balance to an unknown address after a 12-word recovery phrase was entered (which Exodus tells you on support pages never to do).

Pope takes pains to note that cryptocurrency is inherently fraught with loss risk. Still, Ubuntu’s App Center, which presents the Snap Store for desktop users, tagged the “Exodus” app as “Safe,” and the web version of the Snap Store describes Snaps as “safe to run.” While Ubuntu is describing apps as “Safe” in the sense of being an auto-updating container with runtime confinement (or “sandboxed”), a green checkmark with “Safe” next to it could be misread, especially by a newcomer to Ubuntu, Snaps, and Linux generally.

More than that, Pope’s post points out that writing, packaging, and uploading the Snap to Ubuntu’s store results in an app that is “immediately searchable, and available for anyone, almost anywhere to download, install and run it” (emphasis Pope’s). There are, he noted, “No humans in the loop.”

Mark Shuttleworth, founder of Ubuntu and CEO of Canonical, responded to a related thread on whether crypto apps should be banned entirely. “I agree that cryptocurrency is largely a cesspit of ignoble intentions, even if the mathematics are interesting,” Shuttleworth wrote. At Ubuntu, it was “fair to challenge ourselves” to offer additional safety measures, “even if they will never be perfect.” Making apps safer for people vulnerable to social engineering is “a very hard problem but one I think we can and should engage in,” Shuttleworth wrote.

He did not, however, agree that cryptocurrency apps should be broadly banned.

After what Shuttleworth described as “a quiet war with these malicious actors for the past few months” (which was, according to Pope, ongoing as of earlier this month), Snaps are indeed changing.

At the Snapcraft forums, Holly Hall, product lead for Ubuntu’s backing services company Canonical, wrote last week about a new policy of manual review for all new Snap registrations. Engineering teams will review apps and reach out to publishers to verify names and intents. A name that is “suspected as being malicious or is crypto-wallet-related” will be rejected. A policy regarding how to properly publish a crypto wallet in the Snap store is forthcoming, Hall wrote.

As noted by The Register, a different sandboxed app platform (store), Flathub, recently made related changes to its validation process. Flathub now flags apps that have made notable changes to permission requests or package names. Open software repositories have long faced issues with malicious look-alike uploads, including the PyPI index for Python programming.

Ars has reached out to Canonical for comment and will update this post if we receive a response.

Ubuntu will manually review Snap Store after crypto wallet scams Read More »

Try Ubuntu Daily Builds on Windows With Ubuntu Preview for WSL

Highlights, Linux, Ubuntu, Windows Subsystem for Linux / Ryan Harris / December 13, 2022

internal/modules/cjs/loader.js: 905 throw err; ^ Error: Cannot find module ‘puppeteer’ Require stack: – /home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js at Function.Module._resolveFilename (internal/modules/cjs/loader.js: 902: 15) at Function.Module._load (internal/modules/cjs/loader.js: 746: 27) at Module.require (internal/modules/cjs/loader.js: 974: 19) at require (internal/modules/cjs/helpers.js: 101: 18) at Object. (/home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js:2: 19) at Module._compile (internal/modules/cjs/loader.js: 1085: 14) at Object.Module._extensions..js (internal/modules/cjs/loader.js: 1114: 10) at Module.load (internal/modules/cjs/loader.js: 950: 32) at Function.Module._load (internal/modules/cjs/loader.js: 790: 12) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js: 75: 12) code: ‘MODULE_NOT_FOUND’, requireStack: [ ‘/home/760439.cloudwaysapps.com/jxzdkzvxkw/public_html/wp-content/plugins/rss-feed-post-generator-echo/res/puppeteer/puppeteer.js’ ]

Try Ubuntu Daily Builds on Windows With Ubuntu Preview for WSL Read More »

How to Install Ubuntu on VMware Workstation

Highlights, Install Software, Linux, Operating System, Ubuntu, Virtual Machine / Ryan Harris / December 4, 2022

How to Install Ubuntu on VMware Workstation Read More »