October 22, 2025

hackergotchi for Deepin

Deepin

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: Alibaba Damo Academy and Canonical partner to deliver Ubuntu on XuanTie and drive RISC-V innovation

Alibaba Damo Academy and Canonical today announce a new collaboration to bring the Ubuntu operating system to the latest XuanTie C930 processor. This collaboration will give users access to a robust, reliable and production-ready platform for modern workloads running on the XuanTie processor family, helping to advance RISC-V adoption. 

Enhanced Ubuntu experience on XuanTie

Alibaba Damo Academy, the team behind the XuanTie processor family, drives advancements in intelligent and secure computing architectures built around the RISC-V ecosystem. Alibaba Damo Academy and Canonical are collaborating to enhance Ubuntu support on XuanTie, helping to drive greater RISC‑V maturity and enabling smoother integration into the expanding RISC-V landscape. This partnership focuses on strengthening community collaboration within the RISC‑V ecosystem, and improving software readiness on XuanTie platforms using Ubuntu and RVA23 as the profile and platform of choice.

Since both Alibaba Damo Academy and Canonical are members of the RISC-V Software Ecosystem (RISE), the joint efforts will help accelerate open source adoption and promote consistent interoperability between hardware and software. A key aspect of this work includes alignment with the RVA23 profile, designed to improve portability across hardware designs and simplify development, further advancing the RISC‑V ecosystem’s growth and accessibility.

For developers and XuanTie users, this partnership will deliver an integrated Ubuntu experience for XuanTie hardware all backed by Canonical’s trusted long-term support and rigorous security maintenance. 

“We are very excited to be partnering with Alibaba Damo Academy to bring Ubuntu to the latest XuanTie platform. Our teams have already done great work together on a community level for earlier XuanTie processors like the C906 and showing Ubuntu running on a XuanTie C930 FPGA at the Shanghai RISC-V Summit in July 2025. This partnership represents the next step in deepening our relationship and we look forward to working with Alibaba Damo Academy to get Ubuntu into the hands of even more XuanTie developers,” said Cindy Goldberg, Vice President of Silicon Alliance at Canonical.

“We are excited to deepen our collaboration with Canonical, marking another important step toward the real-life applications of RISC-V. Together, we have successfully brought Ubuntu to multiple ecosystem products based on the XuanTie processor. Moving forward, we look forward to advancing our joint work and continuing to unlock the value of RISC-V in various computing scenarios, while further contributing to the growth of the RISC-V community.” said Jing Yang, Vice Present of RISC-V at Alibaba Damo Academy.

Get in touch

If you have any questions about the platform or would like information about our silicon or RISC-V program, contact us.

About Canonical

Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone. 

Learn more at https://canonical.com/ 

22 October, 2025 10:02AM

Ubuntu Blog: Discover your fully open source robotics observability at ROSCon 2025

Another year, another ROSCon! This year we’re heading to Singapore, and Canonical is once again thrilled to sponsor this important community event. Just like last year in Odense, Denmark, we’re looking forward to the talks and workshops, which always inspire us and teach us new things about robotics. We’re excited to reconnect with our Southeast Asia community, especially after our earlier gathering at Canonical’s IoT day in Singapore.

We’re really looking forward to sharing some of the work we have done in the robotics space this year, alongside our partners Advantech & Botmind. From Advantech’s powerful platforms for robotics to Botmind’s unified fleet management solutions, our booth showcases collaborative efforts designed to help and guide ROS developers as they aim to simplify complexity and accelerate innovation.

Here’s a quick overview of what we’ll be showcasing at ROSCon booth 51/52, featuring our partners Advantech and Botmind. 

A new open source observability stack

Our mission is to bring software to the widest audience. We took the latest step in this mission by bringing together popular open source tools, including Grafana, Prometheus, and Loki, to make it easy to set up a fully functional observability infrastructure for ROS 2 devices using Ubuntu. The same infrastructure used by our telco, logistics, aerospace, and data center customers is now available for robotics makers and ISVs. 

The infrastructure is designed to bring together a unified platform for both open source and custom enterprise solutions (e.g. Botmind). Thus allowing companies to bring their own or preferred applications and tools in a tested, reliable, and open source infrastructure. 

What can you do today with this beta observability stack 

  • Easily onboard your Ubuntu devices
  • Automatically upload your ros2bags to a self-hosted server
  • Remotely monitor a fleet of ROS 2 robots
  • Access live ROS data
  • Access live Ubuntu system data & logs
  • Trigger alerts for events such as low battery or network loss

Learn More at ROSCon 2025

If you’re attending ROSCon 2025, we’ve got two exciting opportunities for you to dive deeper into observability for robotics systems.

Workshop: Demonstrating the Canonical Observability Stack for Devices

📍 Room: 330
🗓️ Date: Monday, October 27, 2025
Time: 10:30 AM – 11:30 AM

Join us for a hands-on workshop where we’ll demonstrate how the Canonical Observability Stack helps you monitor, debug, and optimize your robotic devices.
> All ROSCon attendees are welcome, even without the workshop ticket — no RSVP required!

Talk: Open-Source Robotics Observability at Scale!

📍 Track: Debugging

🗓️ Date: Tuesday, October 28, 2025
Time: 4:00 PM – 4:10 PM SST

In this talk, we’ll explore how open-source tools make large-scale observability and debugging in robotics simpler, faster, and more powerful.

Workshop: Hands-on ROS 2 with Rubik Pi 3 

📍 Room: 330
🗓️ Date: Monday, October 27, 2025
Time: 11:30 AM – 12:30 PM

Join our partner Qualcomm to learn how to run ROS 2 on the RUBIK Pi 3, a compact platform optimized for edge robotics, powered by Ubuntu.

An “all-in-one“ ROS fleet management system

At ROSCon, we’re not just talking about observability; we’re showing how everything can come together in a real-world deployment. That’s why we’re excited to team up with Botmind, a Singapore-based robotics platform innovator, and deploy their fleet management service on top of our open source Canonical Observability Stack (COS) infrastructure.

Botmind’s mission is to simplify how businesses manage robot fleets. They build an “all-in-one” control platform that integrates multiple robots, real-time tracking, AI-powered scheduling, analytics, and a unified API layer. Their vision is bold: to let robotics operators manage everything, from mission assignments to health monitoring, via a single, intuitive control plane.

In our demo at ROSCon, we’ll show how Botmind’s proprietary fleet manager integrates with our COS infra, enabling:

  • Deployment of their fleet management services within a robust, open-source stack
  • Seamless interaction between Botmind’s APIs and our observability tools
  • Live monitoring and orchestration of ROS-based robots through a unified dashboard
  • End-to-end integration from the ROS layer all the way to fleet-level commands

Through this demo, we aim to prove that you can combine open observability and enterprise robot control in a modular, scalable way. 

Visitors to booth 51/52 will be able to see first-hand how Botmind’s system works in tandem with our COS stack, giving developers, integrators, and system architects a compelling reference architecture for real robotic deployments.

A new foundation for autonomous robotics

We’re proud to collaborate with Advantech to showcase how advanced platforms and Ubuntu-based solutions accelerate the development of Autonomous Mobile Robots and robotic systems. Together, we’re addressing some of the toughest challenges faced by robotics developers, from real-time edge computing to secure and compliant deployments.

At ROSCon 2025, you can discover Advantech’s robotics platforms, powered by Ubuntu and its real-time kernel. Designed for ROS 2, it provides a unified and scalable hardware-software foundation that speeds up robot prototyping and deployment. Advantech’s AFE and ASR series edge computers integrate CPU, GPU, and NPU computing with industrial-grade reliability, supporting:

  • Time-synchronized sensor fusion across LiDAR, IMU, and camera inputs
  • Flexible modular I/O design for motor control, navigation, and perception
  • Wide voltage and ruggedized design for demanding environments. 
  • Pre-validated ROS 2 environments and Advantech’s own ROS nodes for Modbus and OPC-UA integration

With Ubuntu Pro, Advantech extends long-term support, security, and maintenance for its Ubuntu-based hardware, including ESM for ROS, ensuring a consistent, secure, and reliable foundation throughout the robot’s lifecycle.

In our joint demo at booth 51/52, Canonical and Advantech will showcase how developers can move from prototype to production faster using Advantech hardware combined with Ubuntu Core, Canonical’s secure, immutable, and reliable operating system designed for edge deployments.

Ubuntu and NVIDIA Jetson Thor

Canonical recently announced official Ubuntu support for the NVIDIA Jetson Thor family, extending our collaboration with NVIDIA to accelerate AI innovation at the edge. In addition, Canonical announces it will support and distribute NVIDIA CUDA directly within Ubuntu’s repositories, making it easier than ever for developers to access GPU acceleration natively on Ubuntu. This partnership ensures that developers can rely on the same enterprise-grade security, stability, and performance on Jetson Thor that powers Ubuntu across clouds and data centers.

Observability on Jetson: monitoring the almighty Thor

In our demo at ROSCon, visitors will see COS running directly on an NVIDIA Jetson Thor device. Using the Grafana Agent, the system continuously collects rich performance and telemetry data from the Jetson platform, including CPU, GPU, and memory metrics, visualized in real time through Grafana dashboards.

By bringing COS to Jetson Thor, Canonical showcases how open source observability can extend all the way from the robot’s edge hardware to cloud-scale operations, empowering developers and integrators to optimize performance and reliability across every layer.

For more information, please visit NVIDIA at ROSCon.

See you soon in Singapore! 

We can’t wait to see you at ROSCon! Join us to explore the latest advancements, connect with fellow innovators, and discover how Ubuntu and our partners are shaping the future of robotics. See you there!

22 October, 2025 08:47AM

hackergotchi for ZEVENET

ZEVENET

What the AWS Outage Revealed About Global Continuity in the Cloud

In the early hours of October 20, 2025, Amazon Web Services (AWS) experienced one of the most significant service disruptions of the year. The incident originated in the US-EAST-1 (Northern Virginia) region — one of the provider’s oldest and busiest zones, hosting critical components of its global services.

For several hours, thousands of applications and online platforms — including Snapchat, Fortnite, Duolingo, Alexa, Coinbase, and Robinhood — suffered connection errors, latency issues, or partial outages.

AWS later confirmed an increase in errors and response times across several services tied to that region.

What Really Happened in Virginia

Technical analyses and AWS status reports indicate that the issue was linked to a failure in the internal DNS resolution system, one of the most critical elements of its infrastructure. The Domain Name System (DNS) translates domain names (such as api.mycompany.com) into IP addresses so that applications can communicate with each other.

When this system fails, servers may continue running, but they can no longer “find” one another — requests are lost because domain names cannot be resolved. In this case, the outage affected AWS’s internal DNS service, which depends on DynamoDB to store DNS zone data.

As that service degraded, many applications could no longer resolve the names of their own instances or connect to their databases, even though the servers themselves remained operational.

The result was a regional failure with global impact, as countless organizations rely on infrastructure hosted in Virginia to operate their services — even when their users connect from other continents. It was not a global AWS outage, nor a multi-region event, but rather a localized failure in a critical region that exposed how much dependency can concentrate in the cloud.

Designing for Continuity: The Role of Global Traffic Management

The cloud offers scalability and simplified management — but it does not eliminate architectural responsibility. Replicating servers within the same region (for example, across “Availability Zones”) does not guarantee continuity if the entire region becomes unavailable.

Building a truly robust infrastructure means designing for the complete loss of a region — and still being able to keep services online. This is where global traffic management, also known as Global Server Load Balancing (GSLB), becomes essential. Such a system operates above individual data centers or regions.

It continuously monitors multiple distributed endpoints and automatically redirects traffic to the one that remains available and responsive. If a region stops responding — as happened in Virginia — the load balancer can update public DNS records so that users are routed to another active environment.

In practice, this mechanism provides two fundamental benefits:

  • Automatic failover between regions, ensuring that an outage in one location does not interrupt global service.
  • A foundation for disaster recovery, since continuity no longer depends on manual actions or static configurations.

However, for this approach to be truly effective, the regions or data centers involved must be completely independent from each other. If both environments share the same control plane, internal DNS, or network services, a failure in that common layer could affect both simultaneously.

That’s why GSLB can only ensure real continuity when deployed between operationally isolated environments. In other words: GSLB would not have prevented the AWS outage, but it would have allowed organizations with independent regional architectures to keep their services running while the affected region recovered.

How SKUDONET Applies This Approach

SKUDONET Enterprise Edition integrates a Global Server Load Balancing (GSLB) system designed to maintain service availability across geographically distributed data centers or regions.

Operating at the DNS level, it continuously monitors the health of applications in each location. If one site becomes unavailable, it automatically updates DNS resolution to redirect users to another operational data center.

The GSLB can operate in active-passive mode, ensuring automatic recovery in Disaster Recovery scenarios, or in active-active mode, sharing traffic between multiple data centers to optimize latency and overall performance.

Its design allows combining environments within the same provider or across different ones — as long as they remain operationally independent — thereby avoiding single points of failure.

In this way, SKUDONET provides an external control layer that strengthens high availability and service continuity strategies, even during severe regional disruptions.

📘 Technical reference:
How Global Server Load Balancing works in SKUDONET

The AWS outage in Virginia showed that even the most mature infrastructures can experience critical regional failures. The lesson is not to avoid the cloud, but to design with failure in mind — assuming that any region can go offline at any time. Separating environments and managing traffic at a global level does not eliminate errors, but it allows business operations to continue when they occur.

22 October, 2025 06:24AM by Nieves Álvarez

October 21, 2025

hackergotchi for Ubuntu developers

Ubuntu developers

Stéphane Graber: The FuturFusion Cloud stack

Besides my regular open source contributions and running my own consulting business (Zabbly), I’m also the CTO and co-founder of an Open Source company called FuturFusion where I’ve been running Engineering for well over a year now.

My main focus over there has been building the FuturFusion Cloud stack, a completely open-source private cloud solution built around Incus. As part of that, our engineering team has been hard at work over the past year or so, improving Incus itself but also building a number of other projects from the ground up to make it easy to build and operate large scale Incus deployments.

Our stack is made of 4 core components:

  • Incus itself as the private cloud platform that runs virtual machines, system containers and application containers, with full clustering and multi-tenancy as well as support for a variety of storage and networking options to fit most environments.
  • IncusOS (shipping as HypervisorOS to our customers) that acts as our base layer Operating System image running on all physical servers as well as in the virtual machines that run our other components. It’s an immutable OS image based on Debian 13 and using systemd’s tooling to provide a safe boot experience and full disk encryption through the use of UEFI Secure Boot and TPM 2.0 modules. It uses an A/B update scheme, guaranteeing no variance in software between servers and an easy rollback mechanism should something go wrong. It’s completely locked down with API-only access and optional central management through Operations Center.
  • Operations Center provides an overview of an entire deployment, keeping track of all individual servers (running HypervisorOS), centrally managing all updates, handling Incus cluster creation and then acting as a global inventory of every Incus resource across all clusters.
  • Migration Manager is our migration tool which currently focuses on migrating from VMware (vCenter or standalone ESXi) over to Incus. It can connect to a large number of source VMware environments as well as target Incus clusters. It can easily keep track of hundreds of thousands of VMs that need to be migrated, making it easy to create migration batches and schedule those over weeks or months, running regular data pre-migration and finally completing the migration during scheduled downtime windows.

I recently took a bit of time away from customer deployments to record a video of how everything fits together, including an end to end lab deployment, starting from a pre-existing VMware environment and going all the way to having two Incus clusters running and the VMware VMs fully converted to Incus VMs.

In addition, for those interested in the security aspect of things, I gave a talk a few months back about IncusOS’ security story at the Linux Security Summit in Denver, Colorado. The recording of which has since been made publicly available.

Now our focus on the engineering front is primarily in fixing some filling a few remaining gaps as well as putting together up to date comprehensive documentation on IncusOS, Migration Manager and Operations Center. This will then make it easy for anyone to get started with those as well as hopefully attract more contributors to those projects.

On the topic of contributors, none of this would have been possible without the 112 individuals who contributed to the Incus project in the past year, thank you!

21 October, 2025 07:57PM

hackergotchi for Clonezilla live

Clonezilla live

Stable Clonezilla live 3.3.3-33 Released

This release of Clonezilla live (3.3.0-33) includes major enhancements and bug fixes.

ENHANCEMENTS AND CHANGES SINCE 3.2.2-15

  • The underlying GNU/Linux operating system was upgraded. This release is based on the Debian Sid repository (as of 2025/Oct/17).
  • The Linux kernel was updated to 6.16.12-1.
  • Partclone was updated to 0.3.38, which includes a fix for a btrfs-related issue.
  • Added a new program, ocs-blkdev-sorter, which allows udev to create Clonezilla alias block devices in /dev/ocs-disks/. This is used by the udev rule 99-ocs-sorted-disks.rules.
  • Added the "-uoab" option to ocs-sr and ocs-live-feed-img to support selecting Clonezilla alias block device names in the TUI. This experimental feature addresses the random ordering of kernel block devices and can currently only be enabled via a command-line parameter.
  • Improved the performance of ocs-get-dev-info.
  • Improved ocs-blk-dev-info to ensure 'jq' works correctly in some cases and to increase efficiency.
  • Added ocs-cmd-screen-sample, which can be used with the "run again" script. It works with screen, tmux, and the console.
  • Added support for imaging MTD block and eMMC boot devices in expert mode. The options "-smtd", "-smmcb", "-rmtd", and "-rmmcb" can be used for saving or restoring.
  • Added a new program, ocs-live-gen-ubrd, to merge an OCS zip file with a U-Boot enabled bootable raw image, creating a new U-Boot enabled OCS live raw disk.
  • The en_US language file was refined.
  • The full repack command is now saved (for informational purposes) into ./{live/}Clonezilla-Live-Version.
  • Formatted the output of ocs-scan-disk for better readability.
  • Added the 'atd' and 'cron' packages to the live system; their services are disabled by default.
  • The live-boot package was updated to version 20250815 and patched to include the 'ethdevice-link-timeout' boot parameter, allowing users to set the timeout for the Ethernet device linking status.
  • Set 'ethdevice-link-timeout=7' in the live client. This changes the Ethernet device linking status timeout to 7 seconds (down from the default of 15 seconds). Ref: https://sourceforge.net/p/clonezilla/discussion/Open_discussion/thread/579168f80f/
  • ocs-blk-dev-info: This is a new program that outputs block device information in JSON format.
  • Switched to using fbterm by default for locale and keymap selection.
  • Moved the locale and keymap selection to the login shell, allowing fbterm to run in an interactive tty.
  • ocs-lang-kbd-conf: Added the "-f" and "-t" options.
  • Added a mechanism to automatically set the console font size based on the console's columns and rows, if a size is not already assigned.
  • Added a new program, ocs-live-time-sync, which is used by ocs-live-netcfg. Time synchronization will be performed when an internet connection is available.
  • Implemented a mechanism to set the timezone by syncing from the BIOS time when no internet connection is available.
  • Included the 'upower' package in the live system.
  • Added a mechanism to check if LVM thin provisioning exists. If it does, the program will quit. Ref: https://github.com/stevenshiau/clonezilla/issues/133
  • ocs-iso-2-onie: Updated to support modern Debian, specifically handling mkinitramfs multiple segments.
  • ocs-live-hook.conf: Forced the "loop" module to be added to initramfs.
  • Added '-gb3' and '-cb3' options for b3sum in the TUI menu. Renamed '-gb' to '-gb2' and '-cb' to '-cb2'. Ref: https://github.com/stevenshiau/clonezilla/issues/52
  • Recovery ISO/zip file names now include the CPU architecture.
  • Added 'dhcpcd-base' to the live packages list, as 'dhclient' is deprecated. Thanks to q2dg. Ref: https://github.com/stevenshiau/clonezilla/issues/145

BUG FIXES

21 October, 2025 12:31PM by Steven Shiau

hackergotchi for Deepin

Deepin

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: What’s new in security for Ubuntu 25.10?

Ubuntu 25.10 Questing Quokka has landed, marking the final interim release before Ubuntu 26.04 LTS,  and it’s a bold one. Interim releases have always been the proving grounds for features that define the next LTS, and this cycle is no exception. From memory-safe reimplementations of foundational tools to hardware-backed encryption, post-quantum cryptography preparedness, and confidential computing, 25.10 pushes Ubuntu security into its next era, and the trajectory is clear: Ubuntu is building a more secure foundation for the next decade of computing.

Memory safety takes center stage

Ubuntu 25.10 defaults to sudo-rs, a Rust implementation of sudo. This change directly addresses a history of memory corruption vulnerabilities in security-critical code. The sudo vulnerability CVE-2021-3156, which existed undetected from 2011 to 2021, demonstrates why this matters; memory safety guarantees at the compiler level prevent entire categories of these bugs.

Similarly, we now ship rust-coreutils as the default provider of utilities like ls, cat, and cp. The GNU implementations remain available, and users can switch between them if needed. We maintain a compatibility matrix documenting behavioral differences, though most users won’t encounter any issues. Performance varies by operation, base64 encoding is notably faster, while some operations show minimal change.

For users who need the traditional sudo, it’s available as sudo.ws. Existing sudo configurations work without modification. This parallel availability allows thorough testing while maintaining a fallback path.

TPM-backed full disk encryption gets real

The TPM-backed Full Disk Encryption implementation has matured considerably in this release, though it remains experimental. New capabilities include:

  • Passphrase support with proper management interfaces
  • Recovery key regeneration for improved key management
  • Better integration with firmware updates to prevent boot issues

There are important compatibility considerations. The feature is incompatible with Absolute (formerly Computrace) security software, systems must choose one or the other. Additionally, certain hardware configurations require specific kernel modules that may not be available in the TPM-secured kernel. Users should test thoroughly with their specific hardware before considering deployment.

This work targets production readiness in Ubuntu 26.04 LTS. Testing and feedback during the 25.10 cycle will directly influence the LTS implementation.

Network Time Security by default

Ubuntu 25.10 replaces systemd-timesyncd with Chrony as the default time daemon, configured with Network Time Security (NTS) enabled. This change addresses a long-standing security concern: unauthenticated NTP has been vulnerable to tampering that could affect certificate validation, audit logs, and distributed system coordination.

NTS adds TLS-based authentication to time synchronization, using port 4460/tcp for key exchange before standard NTP communication on 123/udp. 

Preparing for the quantum apocalypse

Ubuntu 25.10 includes preparations for quantum computing threats thanks to the latest versions it ships with for OpenSSH and OpenSSL. OpenSSH 10.0 now uses hybrid post-quantum algorithms by default for key agreement. No configuration is required, SSH connections automatically benefit from quantum resistance while maintaining compatibility with systems that don’t support these algorithms.

OpenSSL 3.5.3 adds support for ML-KEM, ML-DSA, and SLH-DSA algorithms. The default TLS configuration prefers hybrid post-quantum KEM groups, balancing future security with present-day compatibility.

Note that OpenSSH 10.0 removes DSA support entirely. Systems still using DSA keys will need migration before they can connect to or from Ubuntu 25.10 systems.

Intel TDX and confidential computing

For those running sensitive workloads in the cloud, Ubuntu 25.10 ships with native support for Intel TDX (Trust Domain Extensions) host capabilities. This technology creates hardware-isolated virtual machines for confidential computing,  perfect for data clean rooms and confidential AI workloads. The kernel ships with Intel TDX host support out of the box, setting the stage for confidential computing to become mainstream in the 26.04 LTS.

Security through modernization

Beyond the headline features, there’s a consistent theme of security through modernization:

  • Django updated to 5.2 LTS with improved security defaults
  • Systemd v257.9 with enhanced security features
  • Apache 2.4.64 with multiple security fixes
  • The entire toolchain has been rebuilt with GCC 15.2, providing better compile-time security checks

What to watch for

Some security features require careful deployment:

  • AppArmor profiles may unexpectedly affect operations in LXD containers
  • TPM-backed FDE has specific hardware requirements
  • The switch to OpenSSH 10.0 removes DSA support, which may affect legacy systems

Looking ahead

In all, the security enhancements and hardening measures delivered in Ubuntu 25.10 continue Ubuntu’s evolution toward delivering the most secure Linux experience. They lay the groundwork for Ubuntu 26.04 LTS,  the next long-term supported release, where these technologies will mature into default, fully supported capabilities. Furthermore, security updates, compliance, hardening and kernel livepatching for 26.04 LTS will be covered for up to 12 years through Ubuntu Pro, extending Ubuntu’s track record as a securely-designed foundation for developing and deploying modern Linux workloads.

We’re always refining Ubuntu’s security experience, and your input matters. To share feedback or join the conversation, visit Ubuntu’s Discourse page. If you’d like to discuss your deployment needs, please reach out via this contact form.

Stay secure, and happy upgrading.

21 October, 2025 08:05AM

The Fridge: Ubuntu Weekly Newsletter Issue 914

Welcome to the Ubuntu Weekly Newsletter, Issue 914 for the week of October 12 – 18, 2025. The full version of this issue is available here.

In this issue we cover:

  • Ubuntu Stats
  • Hot in Support
  • Other Meeting Reports
  • Upcoming Meetings and Events
  • End of 10 Install Event Abingdon Library – 1st November 2025
  • A Cimeira do Ubuntu chama!
  • The Ubuntu UK Community Social is Back!
  • Ubuntu Summit 25.10 Extended & Release Party in Thessaloniki!
  • LoCo Events
  • Ubuntu Project docs: the final furlong!
  • Release 26.04 LTS without the ISO Tracker
  • Ubuntu worker nodes for Oracle OKE are now in Limited Availability
  • Patch Pilot Hand-off 26.04
  • Ubuntu Test Rebuilds
  • Call for testing: ubuntu-frame, mir-test-tools (Mir 2.23.0 update)
  • Canonical News
  • In the Press
  • In the Blogosphere
  • Other Articles of Interest
  • Featured Audio and Video
  • Updates and Security for Ubuntu 22.04, 24.04, 25.04 and 25.10
  • And much more!

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • irihapeti
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

21 October, 2025 01:07AM

hackergotchi for Qubes

Qubes

XSAs released on 2025-10-21

The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is not affected.

XSAs that DO affect the security of Qubes OS

The following XSAs do affect the security of Qubes OS:

  • (none)

XSAs that DO NOT affect the security of Qubes OS

The following XSAs do not affect the security of Qubes OS, and no user action is necessary:

  • XSA-475
    • Due to a bug, Viridian extensions are currently not enabled in Qubes OS. Although Viridian extensions are enabled in our libvirt config, this setting is mostly ignored by libvirt. While it is used when libvirt converts the XML config to the xl config format, it is not used when actually creating a VM. Advanced users who wish to confirm this on their own systems may do so by executing the command sudo xl list -l <NAME_OF_HVM> in dom0 and noting the absence of a "viridian": true line.

About this announcement

Qubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.) However, QSBs can provide only positive confirmation that certain XSAs do affect the security of Qubes OS. QSBs cannot provide negative confirmation that other XSAs do not affect the security of Qubes OS. Therefore, we also maintain an XSA tracker, which is a comprehensive list of all XSAs publicly disclosed to date, including whether each one affects the security of Qubes OS. When new XSAs are published, we add them to the XSA tracker and publish a notice like this one in order to inform Qubes users that a new batch of XSAs has been released and whether each one affects the security of Qubes OS.

21 October, 2025 12:00AM

October 20, 2025

hackergotchi for Deepin

Deepin

(中文) 2025 OSCAR 开源产业大会完整版议程揭晓

Sorry, this entry is only available in 中文.

20 October, 2025 06:29AM by xiaofei

October 18, 2025

hackergotchi for Ubuntu developers

Ubuntu developers

Julian Andres Klode: Sound Removals

Problem statement

Currently if you have an automatically installed package A (= 1) where

  • A (= 1) Depends B (= 1)
  • A (= 2) Depends B (= 2)

and you upgrade B from 1 to 2; then you can:

  1. Remove A (= 1)
  2. Upgrade A to version 2

If A was installed by a chain initiated by Recommends (say X Rec Y, Y Depends A), the solver sometimes preferred removing A (and anything depending on it until it got).

I have a fix pending to introduce eager Recommends which fixes the practical case, but this is still not sound.

In fact we can show that the solver produces the wrong result for small minimal test cases, as well as the right result for some others without the fix (hooray?).

Ensuring sound removals is more complex, and first of all it begs the question: When is a removal sound? This, of course, is on us to define.

An easy case can be found in the Debian policy, 7.6.2 “Replacing whole packages, forcing their removal”:

If B (= 2) declares a Conflicts: A (= 1) and Replaces: A (= 1), then the removal is valid. However this is incomplete as well, consider it declares Conflicts: A (< 1) and Replaces: A (< 1); the solution to remove A rather than upgrade it would still be wrong.

This indicates that we should only allow removing A if the conflicts could not be solved by upgrading it.

The other case to explore is package removals. If B is removed, A should be removed as well; however it there is another package X that Provides: B (= 1) and it is marked for install, A should not be removed. That said, the solver is not allowed to install X to satisfy the depends B (= 1) - only to satisfy other dependencies [we do not want to get into endless loops where we switch between alternatives to keep reverse dependencies installed].

Proposed solution

To solve this, I propose the following definition:

Definition (sound removal): A removal of package P is sound if either:

  1. A version v is installed that package-conflicts with B.
  2. A package Q is removed and the installable versions of P package-depends on Q.

where the other definitions are:

Definition (installable version): A version v is installable if either it is installed, or it is newer than an installed version of the same package (you may wish to change this to accomodate downgrades, or require strict pinning, but here be dragons).

Definition (package-depends): A version v package-depends on a package B if either:

  1. there exists a dependency in v that can be solved by any version of B, or
  2. there exists a package C where v package-depends C and any (c in C) package-depends B (transitivity)

Definition (package-conflicts): A version v package-conflicts with an installed package B if either:

  1. it declares a conflicts against an installable version of B; or
  2. there exists a package C where v package-conflicts C, and b package-depends C for installable versions b.

Translating this into a (modified) SAT solver

One approach may be to implement the logic in the conflict analysis that drives backtracking, i.e. we assume a package A and when we reach not A, we analyse if the implication graph for not A constitutes a sound removal, and then replace the assumption A with the assumption A or "learned reason.

However, while this seems a plausible mechanism for a DPLL solver, for a modern CDCL solver, it’s not immediately evident how to analyse whether not A is sound if the reason for it is a learned clause, rather than a problem clause.

Instead we propose a static encoding of the rules into a slightly modified SAT solver:

Given c1, …, cn that transitive-conflicts A and D1, …, Dn that A package-depends on, introduce the rule:

A unless c1 or c2 or ... cn ... or not D1 or not D2 ... or not Dn

Rules of the form A... unless B... - where A... and B... are CNF - are intuitively the same as A... or B..., however the semantic here is different: We are not allowed to select B... to satisfy this clause.

This requires a SAT solver that tracks a reason for each literal being assigned, such as solver3, rather than a SAT solver like MiniSAT that only tracks reasons across propagation (solver3 may track A depends B or C as the reason for B without evaluating C, whereas MiniSAT would only track it as the reason given not C).

Is it actually sound?

The proposed definition of a sound removal may still proof unsound as I either missed something in the conclusion of the proposed definition that violates my goal I set out to achieve, or I missed some of the goals.

I challenge you to find cases that cause removals that look wrong :D

18 October, 2025 07:37PM

October 16, 2025

hackergotchi for Deepin

Deepin

hackergotchi for ZEVENET

ZEVENET

Enterprise Edition 10.0.13: Performance, Security, and a Modernized Interface

The latest SKUDONET Enterprise Edition update (10.0.13) brings meaningful improvements that strengthen performance, security, and usability—especially for administrators managing complex, high-demand environments. Rather than introducing a long list of minor adjustments, this version focuses on upgrades that directly impact daily operations.

Web Interface with Angular 20

The most visible change is the update of the web interface framework to Angular 20. This upgrade improves how the platform feels and performs from the very first interaction:

  • Faster rendering and smoother navigation, which is especially noticeable when managing multiple farms or large configurations.
  • Improved frontend security, thanks to the security patches and architectural updates included in the new Angular version.
  • A future-proof foundation for new interface capabilities and user experience improvements planned for upcoming releases.

For IT teams, this translates into a cleaner, more responsive environment that reduces friction during configuration, monitoring, and maintenance tasks.

Updated Linux Kernel for Stability and Long-Term Support

Another key improvement is updating the system kernel to version 6.1.153. This change brings important benefits in terms of stability and long-term support. The new version enhances compatibility with modern hardware and virtualized environments, ensuring more consistent performance across current infrastructures.

Security is also strengthened with the inclusion of recent patches that help protect production environments. While this update requires a system reboot, it reinforces the foundation for critical deployments and ensures more robust long-term operation.

Smoother Farm Operations and Real-Time Performance

Managing multiple farms in high-traffic environments demands efficiency. Version 10.0.13 introduces optimizations in two key areas:

  • Faster Farm Start and Stop Operations: The internal mechanisms that control farm services have been streamlined. The result is a noticeable reduction in the time it takes to start or stop farms—particularly valuable when working with clusters or multiple active instances.
  • Improved API Performance for Monitoring: The statistics API now processes requests with lower resource consumption and faster response times. This benefits dashboards, monitoring tools, and automated systems that rely on continual visibility of performance metrics.

Other Improvements to Take Into Account

Beyond the major updates, version 10.0.13 includes several enhancements that strengthen security, traceability, and system integration:

  • Cookie security improvements in HTTP/S farms with attributes such as HttpOnly, Secure, and SameSite.
  • Logging of all API login attempts for better auditability and threat detection.
  • More resilient rsyslog configuration when sending logs to external servers.

Two bug fixes have also been applied:

  • Correct handling of RBAC when copying farms as resource groups.
  • Accurate monitoring of the ssyncd service in HA environments.

Enterprise Edition version 10.0.13 delivers enhancements that improve security and provide a more responsive interface. With strengthened cookie handling, login audit logging, faster farm operations, and the updated GUI, administrators can manage complex environments more efficiently.

As always, plan a convenient maintenance window for the kernel update to ensure a smooth deployment. For guidance on upgrading or validating these improvements in your environment, our support team is available to assist.

If you work with SKUDONET Enterprise Edition or want to stay up to date with the latest technical updates, visit our Timeline.

If you’d like to experience these improvements firsthand, try the SKUDONET Enterprise Edition 30-day trial.

16 October, 2025 07:08AM by Nieves Álvarez

hackergotchi for Ubuntu developers

Ubuntu developers

Podcast Ubuntu Portugal: E364 Guaxinim Resoluto E Outras Festas

O Diogo ficou afectado da garganta? O Miguel perdeu o comboio? A culpa é da IA! De regresso da Festa do Software Livre, comentámos alguns momentos altos do magnífico certame, fizemos pouco de economistas, da CP e de pessoas e comunidades de Software Livre que enviarão cartas iradas ao Provedor do Podcast. Babámo-nos com o novo Raspberry Pi 500+; revimos as últimas novidades do Firefox 144; as últimas versões 20.04 e 24.04 do Ubuntu Touch; o grande festão Intercidades que vai acontecer a 25 de Outubro em Lisboa e Porto e ainda discutimos DRAMA à volta da Canonical e Flatpaks, para pegar fogo à tenda do circo.

Já sabem: oiçam, subscrevam e partilhem!

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo Senhor Podcast. O website é produzido por Tiago Carrondo e o código aberto está licenciado nos termos da Licença MIT. (https://creativecommons.org/licenses/by/4.0/). A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License. Os separadores de péssima qualidade foram tocados ao vivo e sem rede pelo Miguel, pelo que pedimos desculpa pelos incómodos causados. Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização. A arte de episódio foi criada por encomenda pela Shizamura - artista, ilustradora e autora de BD. Podem ficar a conhecer melhor a Shizamura na Ciberlândia e no seu sítio web.

16 October, 2025 12:00AM

hackergotchi for BunsenLabs Linux

BunsenLabs Linux

Imgur unavailable in the UK

The image hosting service Imgur is no longer accessible in the UK. It's easy to do a web search on this topic, for example: https://help.imgur.com/hc/en-us/article … ed-Kingdom https://www.bbc.com/news/articles/c4gzxv5gy3qo

This affects BunsenLabs because the image upload utilities we ship use Imgur by default - both our in-house scripts and the xfce4-screenshooter.

Eventually, once we know this is permanent, we will have to provide different scripts, but in the meantime we request BunsenLabs forum users who want their images to be viewable in the UK to upload them to some other service.

16 October, 2025 12:00AM

October 15, 2025

hackergotchi for SparkyLinux

SparkyLinux

Mousam

There is a new application available for Sparkers: Mousam What is Mousam? Features: – Displays real-time temperature, humidity, wind speed, UV index, pressure and more – Utilizes graphical representations, such as temperature , precipitation graphs and wind-speed with direction to provide an hourly forecast for the next 24 hours – Also shows tomorrow and 7-day forcasts – See conditions…

Source

15 October, 2025 06:23PM by pavroo

hackergotchi for VyOS

VyOS

VyOS Project September 2025 Update

Hello, Community! The holiday season in the Northern hemisphere is over and it's very visible in the commit log. There are lots of things that happened in VyOS in September — that includes a new, more performant kernel mode NetFlow sensor; the equally long-awaited support for using firewall groups in WAN load balancing rules; improvements that will hopefully make config corruption on power loss very unlikely; TLS support for syslog; and many more smaller features and fixes.

15 October, 2025 03:15PM by Daniil Baturin (daniil@sentrium.io)

hackergotchi for Maemo developers

Maemo developers

Dzzee 1.9.0 for N800/N810/N900/N9/Leste

I was playing around with Xlib this summer, and one thing led to another, and here we are with four fresh ports to retro mobile X11 platforms. There is even a Maemo Leste port, but due to some SGX driver woes on the N900, I opted for using XSHM and software rendering, which works well and has the nice, crisp pixel look (on Fremantle, it's using EGL+GLESv2). Even the N8x0 port has very fluid motion by utilizing Xv for blitting software-rendered pixels to the screen. The game is available over at itch.io.




0 Add to favourites0 Bury

15 October, 2025 11:31AM by Thomas Perl (m@thp.io)

hackergotchi for Deepin

Deepin

hackergotchi for ZEVENET

ZEVENET

From Zevenet to SKUDONET: The Evolution of an ADC Load Balancer

In 2023, Zevenet officially became SKUDONET, marking a new chapter in the development of a trusted load balancing and security platform. While the name changed, the core mission remained the same: providing high availability, performance, and advanced security for web applications. This evolution represents continuity in technology, while also introducing major updates, new features, and enterprise-grade enhancements.

The Journey from Zevenet to SKUDONET

On March 17, 2025, we communicated the transition from Zevenet to SKUDONET, emphasizing the continuity of the product and its technology. Since then, SKUDONET has seen rapid development, with twenty new software versions, thirty-one new features, thirty-six major improvements, and ten new security-focused capabilities released between 2023 and 2025.

Among the most notable updates, SKUDONET introduced IPDS Security Reports, providing real-time and historical insights into network security, and added support for FQDNs in HTTP backends, allowing more flexible farm management. The platform migrated to a Debian 12.5 LTS-based OS to ensure enhanced security and long-term support. WAF configuration became more efficient with the ability to import rules directly, streamlining deployment in complex environments.

Platform Improvements

Beyond features, SKUDONET also refined the core experience. The user interface was modernized to be responsive, intuitive, and personalized to branding, making navigation smoother and more efficient. Weighted Round Robin algorithms were enhanced to balance traffic more precisely, while TLS and SSL auditing capabilities were strengthened to provide higher security standards. HTTP profiling became an integrated tool for debugging and troubleshooting, giving teams deep visibility into application performance.

Security received dedicated attention, with granular WAF controls that allow enabling or disabling rules per service, and new mechanisms to restore previous WAF configurations effortlessly. The platform also incorporated IPDS statistics graphs for anomaly detection and added protections against IP spoofing through X-Forwarded-For filtering.

Enterprise and Community Editions

SKUDONET’s Enterprise Edition v10 represents the culmination of these improvements, built on Debian 12.5 LTS and optimized for the SVA10000 Virtual Appliance and the SBA10000 Baremetal Appliance. It offers reinforced security, higher scalability, superior traffic and concurrency management, and increased CPU and memory efficiency for demanding workloads.

Meanwhile, the Community Edition v7 continues to provide a free, open-source option, now with integrated ModSecurity v3 WAF, allowing protection against attacks like SQL Injection and DDoS without extra configuration. Its stability and performance for high-traffic environments make it a reliable choice for organizations seeking an entry point into the platform.

User Experience and Integration

The GUI overhaul has improved usability across all interfaces. Tools were reorganized for intuitive workflows, a dark mode was added, and the upgrade to Angular v18 improved graphics rendering and responsiveness across major browsers. These enhancements ensure that both Enterprise and Community users benefit from a smoother, more productive experience.

SKUDONET also strengthened its position in the industry through strategic partnerships, including integrations with PICOPC for optimized network performance, Virtual Cable for secure virtual desktop access, Fortiva for technology consulting, and StirlingNet for WAAP services in Oracle-based environments. Additionally, SKUDONET became an official OWASP sponsor, actively contributing to the ModSecurity Core Rule Set (CRS) project.

Launch of SkudoCloud

Now we’re taking it one step further: SkudoCloud, our SaaS solution for cloud-based load balancing and security.

SkudoCloud brings all the capabilities of SKUDONET Enterprise Edition to the cloud — no infrastructure, no deployment, no maintenance. In just minutes, organizations can start managing application delivery and protection through a fully managed platform designed for simplicity and reliability.

With SkudoCloud, you get:
• Instant deployment with no local infrastructure
• Multi-layer traffic load balancing (L4/L7) with advanced algorithms
• Integrated advanced security (WAF, DDoS, Bot mitigation)
• Centralized dashboard with role- and instance-based permission management
• Seamless automatic updates with zero downtime

SkudoCloud extends SKUDONET’s capabilities beyond on-premises appliances, giving enterprises the agility to manage application delivery and security in modern hybrid and cloud infrastructures while maintaining the same level of control and visibility.

Customer Success

Maddalena S.p.A., a leader in water and thermal energy measurement, leveraged SKUDONET to simplify infrastructure, reduce operational complexity, and enhance application protection. The solution allowed centralized management, advanced WAF protection, and proactive technical support, resulting in improved performance and reduced operational costs. According to the client, “SKUDONET exceeded our expectations with robust support and optimized performance.”

SKUDONET is the technical continuation of Zevenet, combining a proven foundation with modern enhancements in load balancing, security, and enterprise capabilities. Its evolution demonstrates the platform’s commitment to performance, reliability, and protection for web applications, providing both Community and Enterprise users with tools to optimize infrastructure and security effectively.

For a detailed timeline of SKUDONET’s evolution and technical improvements, visit our Knowledge Base and product timeline.

15 October, 2025 06:55AM by Nieves Álvarez

hackergotchi for Tails

Tails

Free the internet

This year we are calling to FREE THE INTERNET! By supporting Tor, your donation will help break the chains of censorship and surveillance. If you give now during the campaign, your donation will be matched by our supporters at Power Up Privacy. This means a $25 donation will have a $50 impact — and all donations over $25 will qualify you for fun Tor merchandise. 👀

Donate now

At the Tor Project, along with our incredible community of supporters, we're not just envisioning a free internet — we're building it:

  • In countries like Turkmenistan where access to information is tightly controlled, Turkmen.news trusts Tor to provide safe access to the free internet where it once did not exist.

  • Freedom of the Press Foundation uses Tor as the backbone of SecureDrop, a tool that allows journalists and sources to communicate freely without fear of retaliation or exposure.

  • In Russia and Egypt, where authorities often block encrypted tools to control communications, individuals use Tor Browser to access encrypted email services like Tuta Mail to freely communicate.

Tor is a building block for a free internet, and it takes our collective efforts to improve and amplify it. That’s why during the next three months, the Tor Project will be holding a fundraising campaign during which we ask for your support to advance digital freedom.

Donate now

To learn more about how Tor is freeing the internet from surveillance and censorship, and how we are putting charitable donations to work, please tune into our annual State of the Onion virtual event to learn more. Save these dates and make your donation today!

Upcoming events

  • State of the Onion – the Tor Project (Wednesday, November 12)

    • The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on November 12 will focus on the Tor Project and the organization’s work.

    • 📺 Stream live on our YouTube channel

  • State of the Onion – Community (Wednesday, December 10)

    • The State of the Onion is the Tor Project's annual virtual event where we share updates from the Tor Project and the Tor community. The event on December 10 will be a special day celebrating the UN’s adoption and proclamation of the Universal Declaration of Human Rights (UDHR) in 1948 as well.

    • 📺 Stream live on our YouTube channel

Ways to get involved

  • Make a donation: Donate through our website (or any other method listed on our FAQ) and your donation will be matched, 1:1, up to $250,000.

  • Ask the company you work for if they will match your donation: Many corporations will match their employees’ donations to charitable organizations. Ask at work if your company will match your gift.

  • Share on social media: Let the people in your networks know that all donations to the Tor Project are currently being matched. You can easily share a post from our social channels: Mastodon, Bluesky, X, and more.

  • Subscribe to Tor News: No ads. No tracking. Just low-traffic Tor updates via email.

Thank you for supporting a free internet.

15 October, 2025 12:00AM

October 14, 2025

hackergotchi for Purism PureOS

Purism PureOS

Drawing App Now Available

Drawing is a basic image editor that can resize, crop, or rotate an image. You can apply simple filters, insert or censor text, and manipulate a selected portion of the picture (cut/copy/paste/drag/…)

The post Drawing App Now Available appeared first on Purism.

14 October, 2025 10:55PM by Purism

PureOS Crimson Development Report: September 2025

Welcome back! In our August update, we mentioned that PureOS Crimson alpha images are released. With the alpha milestone closed, we now push on toward beta.

Now that Crimson alpha images are installable, we're focusing on the out-of-box experience - what happens when you turn on your device for the first time with PureOS Crimson. Most of the fixes this month improve the out-of-box experience.

The post PureOS Crimson Development Report: September 2025 appeared first on Purism.

14 October, 2025 06:38PM by Purism

Consent On Everything?

If you’re tired of being tricked into “Consent on Everything,” it’s time to step outside the adversary’s system.  Explore what Purism has to offer and deicide if this is a move you should take.  Equipping yourself with the Purism Ecosystem can protect you.  This is a place where your consent is real, your defaults are yours, and your digital life is finally under your control.

The post Consent On Everything? appeared first on Purism.

14 October, 2025 06:34PM by Purism

60 Minutes Uncovers Hacks on America’s Infrastructure

The recent 60 Minutes segment on Chinese hacks to America’s critical infrastructure was not new news. IT was a very powerful remainder that highlighted some of the root causes of our national cyber weaknesses.

The post 60 Minutes Uncovers Hacks on America’s Infrastructure appeared first on Purism.

14 October, 2025 03:03PM by Purism

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: NVIDIA DGX Spark: The developer’s personal AI supercomputer built on an Ubuntu base

The history of computing is a story of incredible change, but not every revolution happens at the same speed. It took decades to downsize the mainframe, invent the microprocessor, and bring computing into personal devices. Today, we are witnessing a new era: the move from massive, centralized AI clusters to powerful, on-device AI PCs. And it’s happening at an explosive pace. This article explores why the second revolution is so much faster, and how years of advancements in the Ubuntu ecosystem have helped facilitate this shift.

NVIDIA DGX Spark: huge AI models running locally

Credit: NVIDIA

As consumers demand more AI capabilities at their fingertips, a move from massive, centralized GPU clusters to on-device AI is currently happening, at a fast pace. NVIDIA has just announced the availability of DGX Spark for AI developers. The system is designed from the ground up to build and run AI.

NVIDIA DGX Spark brings enormous computing power to the hands of developers. It delivers 1 petaFLOP of AI performance in a power-efficient, compact design. With 128 GB of unified system memory, the Blackwell GPU and the Grace CPU with 20 ARM cores, it can handle AI models of up to 200B parameters. Using NVIDIA ConnectX networking, two DGX Spark systems can be connected to work on even larger models up to 405B parameters. This setup provides a robust platform for prototyping, fine-tuning, and inferencing large models locally DGX Spark provides a full stack solution for AI developers including the NVIDIA AI software stack to accelerate AI workloads and support an incredible third-party developer ecosystem.

Ubuntu as a base for DGX OS

The NVIDIA DGX Spark operating system, DGX OS, is based on Ubuntu. DGX OS makes use of Ubuntu’s established ecosystem and trusted repositories to accelerate development. The Ubuntu ecosystem brings years of open-source maturity in the software stack, especially the software stack around the CUDA runtime and CUDA development tools. Canonical helps ensure a secure computing environment by maintaining consistent updates, patching thousands of open-source packages and addressing CVEs in a timely manner. 

Ubuntu brings three fundamental pillars to enrich the developer experience in the DGX OS:

1. Ubuntu uses the same kernel for Ubuntu Server and Ubuntu Desktop

Because Ubuntu Server and Ubuntu Desktop share the same core kernel, they are not separate operating systems. This unified foundation allows developers to install server packages on the desktop and vice-versa. As a result, Ubuntu desktop benefits from years of mature development in the CUDA ecosystem on Ubuntu servers.  AI workloads running on massive cloud clusters can use the exact same software stack on DGX OS, creating a consistent and stable development environment.

2. Arm support in Ubuntu

Canonical has supported Arm processors since 2011, establishing Ubuntu as a scalable platform for AI on both servers and devices. This long-standing and consistent support for the 64-bit Armv8 architecture ensures NVIDIA DGX Spark, which features an ARM-based Grace CPU, is fully supported from its launch.

3. Mature package distribution and supply chain security

DGX OS leverages Ubuntu’s mature package management and resilient software supply chain to be a production-ready platform. It inherits trusted repositories, ensuring software is validated. Additionally, Canonical’s Expanded Security Maintenance (ESM), available through Ubuntu Pro, provides timely security patches for open source packages, which are critical for AI and data science workloads.

By building DGX OS on Ubuntu, NVIDIA could leverage the same software that runs on cloud servers for a compact desktop device. This was possible due to Ubuntu’s mature support for Arm processors and its securely-designed software supply chain, which created a stable, production-ready platform and significantly sped up development.

A unified developer experience

The NVIDIA AI platform software architecture makes it possible for DGX Spark users to easily move their models from their desktop to DGX Cloud or any accelerated cloud or data center infrastructure, making it easier to prototype, fine-tune, and iterate.

To give developers a familiar experience, NVIDIA DGX Spark mirrors the same software architecture that powers industrial-strength AI factories. It comes preconfigured with the latest NVIDIA AI software stack, along with developer program access to NVIDIA NIM™ and NVIDIA Blueprints. This means developers can hit the ground running using leading open source AI models and common tools such as PyTorch, Jupyter, and Ollama to prototype, fine-tune, and inference on NVIDIA DGX Spark and easily deploy in the data center or cloud. With DGX Spark, developers benefit from a familiar environment and a streamlined setup experience via a setup wizard that ensures fast onboarding.

Looking ahead

The introduction of NVIDIA DGX Spark marks an exciting milestone in desktop AI computing. As AI continues to transform industries and drive innovation, tools like DGX Spark will play a crucial role in democratizing access to powerful AI development resources. At Canonical, we’re excited to continue our collaboration with NVIDIA, supporting the AI community with robust, open-source solutions that power the next generation of AI breakthroughs.

Learn more about Canonical’s work with NVIDIA

Further reading

14 October, 2025 02:30PM

hackergotchi for Deepin

Deepin

hackergotchi for Tails

Tails

Tails 7.1

Changes and updates

  • Change the home page of Tor Browser in Tails to an offline page, very similar to the home page of Tor Browser outside of Tails, instead of an online page from our website.

  • Improve the message when an administration password is required to open an application but no administration password was set in the Welcome Screen.

  • Update Tor Browser to 14.5.8.

  • Update the Tor client to 0.4.8.19.

  • Update Thunderbird to 140.3.0.

  • Remove the package ifupdown.

Fixed problems

  • Hide the message "Your connection to Tor is not being managed by Tor Browser" in new tabs of Tor Browser. (#21215)

For more details, read our changelog.

Get Tails 7.1

To upgrade your Tails USB stick and keep your Persistent Storage

  • Automatic upgrades are available from Tails 7.0 or later to 7.1.

  • If you cannot do an automatic upgrade or if Tails fails to start after an automatic upgrade, please try to do a manual upgrade.

To install Tails 7.1 on a new USB stick

Follow our installation instructions:

The Persistent Storage on the USB stick will be lost if you install instead of upgrading.

To download only

If you don't need installation or upgrade instructions, you can download Tails 7.1 directly:

14 October, 2025 12:00AM

October 13, 2025

hackergotchi for Ubuntu developers

Ubuntu developers

The Fridge: Ubuntu Weekly Newsletter Issue 913

Welcome to the Ubuntu Weekly Newsletter, Issue 913 for the week of October 5 – 11, 2025. The full version of this issue is available here.

In this issue we cover:

  • Ubuntu 25.10 (“Questing Quokka”) released
  • The clock is ticking: Ubuntu Summit 25.10 is just around the corner
  • Ubuntu Stats
  • Hot in Support
  • Other Meeting Reports
  • Upcoming Meetings and Events
  • UbuCon Latin America 2025 Agenda Now Available
  • LoCo Events
  • How we delivered the new APT solver in 25.10
  • Staying in the loop on the Ubuntu Discourse [POLL]
  • Ubuntu 25.10: A Retrospective
  • Ubuntu Cloud News
  • In the Blogosphere
  • Featured Audio and Video
  • Updates and Security for Ubuntu 22.04, 24.04, 25.04, and 25.10
  • And much more!

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • irihapeti
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

13 October, 2025 10:17PM

hackergotchi for Purism PureOS

Purism PureOS

Code is Power!

From Code to Control: How Big Tech Claims Ownership of the User

September 2025 has been a brutal reminder of a truth we at Purism have been voicing for years: code is power. And when that code is closed, opaque, or controlled by Big Tech vendors who prioritize convenience or monetization over user rights, the end-user becomes the product, not the principal.

The post Code is Power! appeared first on Purism.

13 October, 2025 07:51PM by Purism

hackergotchi for Mobian

Mobian

A new Stable, and rotating keys

A little more than 2 months after Debian, we’re finally releasing Mobian Trixie as our new stable release! We’re also taking this opportunity to start rotating the PGP/GPG keys we’re using for signing both our images and package archive.

Trixie has landed!

Over 2 years in the making, and with a small delay following the Debian release, we’re proud to finally announce Mobian Trixie has just been released and is therefore our new stable!

This release offers images based on Phosh 46.0 and Plasma Mobile 6.3, running a 6.12 kernel for almost all supported devices (the Librem 5 is still using a 6.6 kernel), the list of which is growing as we now provide stable images for the following phones and tablets:

  • PINE64 PinePhone, PinePhone Pro and PineTab
  • Purism Librem 5
  • Google Pixel 3a and 3a XL
  • OnePlus 6 and 6T
  • Xiaomi Pocophone F1

Trixie images are also available for the following devices, although important hardware features (such as e.g. WiFi or audio) are not working:

  • Fairphone 4 and 5
  • PINE64 PineTab 2
  • SHIFT6mq

Please check our installation instructions and download the image for your device.

Upgrade procedure

Although we do our best to provide a smooth upgrade path for each Mobian release, as a downstream Debian derivative, and the mobile software stack being a quickly moving target, major Mobian upgrades are usually trickier than we’d hoped for. This time is no exception, and therefore we highly recommend that you backup all your personal data, flash your device with a fresh Trixie image, then restore your files.

If you feel brave enough to go the “manual upgrade” route, here are a few tricks you should know:

  1. keep your device plugged to a power source: such an upgrade can be a rather long process, you don’t want to run out of battery half-way there!
  2. backup all your personal data
  3. really, we mean it: backup all your personal data!
  4. install openssh-server and execute the entire upgrade process over SSH (and preferrably using screen or a similar tool, so the upgrade can carry on even if the network connection is lost)
  5. ensure your Bookworm installation is fully up-to-date; as the GPG key we use for signing the package repository has expired since the Bookworm release, you’ll probably need to run apt update && apt dist-upgrade at least twice: the first time it will update the Mobian keyring package, the second invocation will pull in the latest updates for Mobian-specific packages
  6. reboot, then edit both /etc/apt/sources.list and /etc/apt/sources.list.d/mobian.list, replacing all occurences of bookworm with trixie in both files; you should then stop the greetd service (this will stop all running graphical applications, and is why SSH is needed!) and run apt update && apt dist-upgrade once again
  7. write down the list of packages removed by apt dist-upgrade which start with mobian- as those will have to be reinstalled later on to restore full functionality of your device; please note that some packages have been renamed/replaced in Trixie, so it can be expected to see e.g. phog or pinephonepro-tweaks in the list of removed packages
  8. reinstall all mobian-* packages removed in the previous step; this will remove pulseaudio from the system, which is to be expected as Mobian now relies on (and mandates the use of) PipeWire
  9. run apt autoremove to clean up unneeded packages

FDE installs

Unfortunately, we haven’t been able to fix the issues preventing us from providing installer images for Trixie. However, you can still install Trixie with full disk encryption, even though the process is a tiny bit less user-friendly.

First, you’ll have to download (and unpack) or clone the mobian-recipes repository:

  git clone https://salsa.debian.org/Mobian-team/mobian-recipes.git -b mobian-trixie

Once this is complete, enter the mobian-recipes folder and:

  1. install the required dependencies listed in the README.md file
  2. execute the following command:
  ./build.sh -t <device> -c -R <password>

This will generate an encrypted image you can flash directly to your device and decrypt using the provided <password>. <device> can be one of the following:

  • amd64 for x86-64 computers
  • librem5 for the Purism Librem 5
  • rockchip for the PINE64 PinePhone Pro and PineTab 2
  • sc7280 for devices based on the Qualcomm SC7280 SoC (Fairphone 5)
  • sdm670 for devices based on the Qualcomm SDM670 SoC (Google Pixel 3a/3a XL)
  • sdm845 for devices based on the Qualcomm SDM845 SoC (OnePlus 6/6T, Pocophone F1, SHIFT6mq)
  • sm6350 for devices based on the Qualcomm SM6350 SoC (Fairphone 4)
  • sunxi for the PINE64 PinePhone and PineTab

Rotating GPG keys

We have been using a single GPG key since we first started to sign our images and package repositories. Replacing it has been on our roadmap for quite a while, but we needed to ensure our users would have a painless upgrade path.

We therefore decided to stick with the current key for Trixie (at least for now) and use new keys for the subsequent releases. As a matter of fact, we’ve created 4 new keys:

  • 1 for each of the forky, staging and trixie package repositories
  • 1 key (fingerprint 782C 6C58 B583 FE96 6CEE 44EB F8BD AB78 BEE2 46C2) will be dedicated to signing the images

Moreover, we’re now using a signing-only subkey rather than the main key, allowing the latter to be passphrase-protected. They’re being deployed according to the following agenda:

  • the forky package archive is already being signed with the corresponding key (fingerprint B174 17D5 C4B1 6F65 EE4F B75A 2DB8 7A16 935C 56F1)
  • the staging repository will switch to the new key (fingerprint 5F17 F59A 9615 87EA A5D1 1E44 A207 DED0 81BB FABF) once the updated mobian-archive-keyring package hits Debian testing, a few days from now
  • we haven’t decided when we’ll be using the trixie key (fingerprint 248C 06CE D075 774B FD69 9C09 E8B4 9A42 1214 09B5) for the corresponding archive; the only certainty is that we won’t deploy it before an updated version of mobian-archive-keyring is available in Debian stable
  • the images-signing key is in use since October 12th and has been used to sign the Trixie images

Should you encounter errors updating your Mobian packages, please ensure first that you have a recent enough version of the mobian-archive-keyring package (which is 20251011.0 at the time of this writing). If the problem persists, feel free to reach out on Matrix for additional help (please start by searching through the recent conversation history, as this issue may have been already discussed and solved).

Those keys can also be manually downloaded using the following link.

13 October, 2025 12:00PM

October 11, 2025

hackergotchi for Deepin

Deepin

deepin Community Monthly Report for October 2025

I. October Community Data Overview II. Community Products 1、deepin 25.1 Beta Testing Launched: Feature Enhancements and Experience Optimization In September, the deepin 25.1 beta version (build 25.0.8) was officially rolled out, bringing numerous practical upgrades to file management, system tools, and application experience: File Manager Feature Expansion: Supports automatically disabling standby during copy/burn tasks; network shared directories can now have remarks set; added a "File Shredder" toggle to permanently delete files via the right-click menu; files can be grouped and sorted by format suffix; new Office documents are created in docx/xlsx/pptx format by default for better compatibility. Input Method and Text ...Read more

11 October, 2025 08:43AM by xiaofei

October 10, 2025

hackergotchi for Ubuntu developers

Ubuntu developers

Kubuntu General News: Kubuntu 25.10 “Questing Quokka” Released:

October 9, 2025 – The Kubuntu team is thrilled to announce the release of Kubuntu 25.10, codenamed “Questing Quokka”!

As a community-driven flavor of Ubuntu, Kubuntu continues its mission to deliver the cutting-edge KDE software ecosystem on top of Ubuntu’s rock-solid foundation. This interim release, aligned with Ubuntu’s six-month cycle, packs in the freshest updates to Plasma, Frameworks, and applications, ensuring a smooth, performant desktop experience for millions of users worldwide.

Building on the Ubuntu 25.10 base released today by Canonical, Kubuntu 25.10 introduces Plasma 6.4 as the flagship update, alongside Qt 6.9, KDE Frameworks 6.17.0, and the latest KDE Gear 25.08 suite.

We’ve also upgraded to Linux kernel 6.17 for enhanced hardware support and efficiency. Whether you’re a developer, creator, or everyday user, this release emphasizes Wayland adoption, modern security, and seamless integration with the open source world.

Kubuntu remains completely free to download, use, and share—empowering our global community to innovate without barriers. Download it now from kubuntu.org/getkubuntu and join the conversation in our forums or IRC channels.

Three Exciting New Features for Kubuntu Users

Here are three standout enhancements that Kubuntu 25.10 brings to your desktop, designed to make your workflow faster, more secure, and visually stunning:

  • KDE Plasma 6.4: A Refined and Responsive Desktop Dive into the fifth feature release of Plasma 6, complete with Qt 6.8 and Frameworks 6.17.0. This update refines the desktop with smoother animations, improved widget customization, and better multi-monitor handling. It’s a big win for productivity, letting you tailor your environment like never before while enjoying the stability of Ubuntu’s core.
  • Plasma Wayland as Default Session Say goodbye to legacy X11 limitations—Wayland is now the go-to session for superior graphics rendering, reduced latency, and enhanced security. With hardware-accelerated compositing baked in, you’ll notice snappier video playback and app responsiveness. (X11 fans, no worries: it’s still available via a simple package install.) This shift future-proofs your setup for the next era of Linux desktops.
  • Rust-Powered sudo-rs for Safer System Management Leveraging Ubuntu’s new memory-safe implementations, Kubuntu defaults to sudo-rs—a Rust-based reimplementation of sudo. It slashes vulnerabilities common in traditional tools, making privilege escalation quicker and more secure without compromising usability. Paired with NTS-enabled NTP for tamper-proof time syncing, your system stays locked down while you focus on what matters.

What’s New Under the Hood

Beyond these highlights, Kubuntu 25.10 inherits Ubuntu’s robust platform upgrades:

  • Linux Kernel 6.17: Better Arm and RISC-V support, nested virtualization, and Intel TDX for confidential computing—ideal for developers and edge deployments.
  • Updated Developer Tools: OpenJDK 25, Python 3.14 RC3, Golang 1.25, GCC 15, and Rust 1.85 (with 1.88 available) to supercharge your coding sessions.
  • Enhanced Security and Accessibility: Experimental TPM-backed full disk encryption with recovery options, improved Bluetooth audio (AAC codecs via restricted extras), and broader accessibility features to meet global standards.
  • KDE Applications Galore: Everything from Dolphin file manager to Konsole terminal refreshed to 25.08 versions, plus legacy Qt5/KF5 support for your favorite older apps.

This release underscores Kubuntu’s commitment to being at the heart of the open source ecosystem—pushing boundaries with KDE while riding Ubuntu’s reliable waves. A huge thank you to our volunteer contributors, testers, and the upstream KDE team for making this possible.

Ready to quokka-hop into the future? Upgrade today or install fresh. Questions? Head to https://discourse.ubuntu.com/c/flavors/kubuntu/187 or ping us on Matrix at #kubuntu:matrix.org.

Stay tuned for the Ubuntu Summit on October 23-24, where we’ll showcase more on Kubuntu’s role in open source innovation

P.S New updated website coming soon…. keep an eye on kubuntu.org for when we switch

10 October, 2025 01:48PM

The Fridge: Ubuntu 25.10 (“Questing Quokka”) released

Ubuntu 25.10, codenamed “Questing Quokka”, is here. This release continues Ubuntu’s proud tradition of integrating the latest and greatest open-source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, partnering with the community and our partners, to introduce new features and fix bugs.

Ubuntu 25.10 introduces GNOME 49 with media and power controls on the lock screen, HDR brightness settings, and enhanced accessibility features in line with the European Accessibility Act. New apps include Loupe, a modern image viewer, and Ptyxis, a lightweight terminal emulator.

Built on the Linux 6.17 kernel, this release brings nested virtualization on Arm, early Intel TDX host support for confidential computing, and enhanced support for TPM-backed full disk encryption with passphrase support, recovery key management and better integration with firmware updates. Network Time Security (NTS) is enabled by default for more secure time synchronization.

Developer experience advances with updated toolchains for Python 3.13.7 and availability of 3.14 RC3, GCC 15, Rust 1.85, Go 1.25, OpenJDK 25, and previews of .NET 10 and Zig.

Ubuntu 25.10 also debuts Rust-based implementations of sudo and coreutils for improved memory safety, and adopts the new RVA23 profile as the baseline for RISC-V, paving the way to Ubuntu 26.04 LTS.

The newest Edubuntu, Kubuntu, Lubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu Kylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu are also being released today. More details can be found for these at their individual release notes under the Official Flavours section:

https://discourse.ubuntu.com/t/questing-quokka-release-notes/59220#heading–official-flavours

Maintenance updates will be provided for 9 months for all flavours releasing with 25.10.

To get Ubuntu 25.10

In order to download Ubuntu 25.10, visit:

https://ubuntu.com/download

Users of Ubuntu 25.04 will be offered an automatic upgrade to 25.10 if they have selected to be notified of all releases rather than just LTS upgrades. For further information about upgrading, see:

https://ubuntu.com/download/desktop/upgrade

As always, upgrades to the latest version of Ubuntu are entirely free of charge.

We recommend that all users read the release notes, which document caveats, workarounds for known issues, as well as more in-depth notes on the release itself. They are available at:

https://discourse.ubuntu.com/t/questing-quokka-release-notes/59220

Find out what’s new in this release with a graphical overview:

https://ubuntu.com/desktop
https://ubuntu.com/desktop/features

If you have a question, or if you think you may have found a bug but aren’t sure, you can try asking in any of the following places:

https://matrix.to/#/#support:ubuntu.com
https://discourse.ubuntu.com/support
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Help Shape Ubuntu

If you would like to help shape Ubuntu, take a look at the list of ways you can participate at:

https://ubuntu.com/community/contribute

About Ubuntu

Ubuntu is a full-featured Linux distribution for desktops, laptops, IoT, cloud, and servers, with a fast and easy installation and regular releases. A tightly-integrated selection of excellent applications is included, and an incredible variety of add-on software is just a few clicks away.

Professional services including support are available from Canonical and hundreds of other companies around the world. For more information about support, visit:

https://ubuntu.com/support

More Information

You can learn more about Ubuntu and about this release on our website listed below:

https://ubuntu.com

To sign up for future Ubuntu announcements, please subscribe to Ubuntu’s very low volume announcement list at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Originally posted to the ubuntu-announce mailing list on Thu Oct 9 09:46:52 UTC 2025 by Utkarsh Gupta, on behalf of the Ubuntu Release Team.

10 October, 2025 03:35AM

October 09, 2025

Erich Eickmeyer: Why I Won’t Be Attending or Speaking at Ubuntu Summit 25.10

Ubuntu Summit’s decision to go exclusively online, with the exception of those speaking at the Summit in London, UK, is anti-collaborative and turns its back on the very people who make Ubuntu what it is: its community of volunteers and developers. Ubuntu Summit was created from the dust of the Ubuntu Developer Summit in 2022 to recognize the community. It no longer serves that purpose.

As many know, I have been the lead of Ubuntu Studio for more than 7 years. I’m the longest-tenured Ubuntu Studio lead. I owe much of the foundation that was built to my predecessors: Luke Yelavich (founder), Scott Lavender, Kaj Ailomaa, and Set Halstrom. It is a true labor of love for me, and is the foundation for much of what I do.

I have worked myself through the ranks of Ubuntu, becoming a small-time packager for a small set of Ubuntu packages, then the Ubuntu Studio packageset, moving up to MOTU (Master of the Universe). I also served on the Ubuntu Community Council and am a current Discourse moderator.

Community and the love of people is a huge motivation for me. Granted, for those first four years, I hadn’t ever met the people I was collaborating with to make Ubuntu Studio what it is.

Then in August 2022, I was invited to attend the first ever Ubuntu Summit 2022 in Prague, Czechia. Having never travelled abroad before and never having even been off the continent of North America, itself a challenge as getting a U.S. passport is neither cheap nor easy, I was reluctant at first. Then I managed to get my passport, as well as the funds and passports to bring my wife and son to Ubuntu Summit.

That experience changed my life and the life of my entire family. My son, 10 at the time, was the youngest registered attendee. My wife was inspired to bring back Edubuntu, which had been defunct for nine long years by the time it was revived that following spring.

These are the things that happen when you have personal connections with people. If you’ve never read the book before, I encourage you to read Hardwired to Connect, which is a research paper published by a bunch of scientists. In essence, it says that people’s brains are wired, from birth, to engage in communities in for personal, in-person connections. It’s a scientific study that took years and is an excellent introduction to why we are the way we are.

Much of my education revolves around the very idea of building personal communities, which is one reason I was appalled when Ubuntu Summit, starting with 25.10, while it would be twice a year, it would be online-only except for the speakers. Having spoken at the past three, I was planning to take a year off from speaking, while still being there to represent as an Ubuntu Flavor Lead with my wife, also a now Flavor Lead.

If it weren’t for that initial Ubuntu Summit, in person, my wife and son would not have been as interested or as involved as they are today. The subsequent years only strengthened that involvement.

Now, it’s going to be an online-focused approach. I get it. It’s cheaper and easier. Also, those attending online were just watching a livestream anyhow. The Local Communities (LoCos) can get together on their own if they want to do a big event. It’s easier to reach more people if you do everything online.

Except it’s not.

For instance, the nearest active LoCo to me, in the Seattle-Tacoma area, is the Southern California LoCo. Meetups with them are logistically impossible. Same if I were to go to the Arizona LoCo; it’s just not possible. Most of the states in the United States are huge, so if there were one LoCo per state, it wouldn’t be correct. To be honest, I have no desire, time, or energy left to start and lead a LoCo in my area. Besides that, there used to be one for my state, but it’s long gone.

Furthermore, with the exception of me and my wife, us flavor leads are scattered to the globe. It used to be that we would meet online throughout the year every other month and then meet together once a year at Ubuntu Summit. That’s gone now.

Again, I get it. Canonical is a company that is and always has been majority remote work. Except for one thing: they get together twice a year in-person, and are even given T-Shirts to celebrate the immediately-prior release which was partially built by volunteers. Those of us who give our time, energy, and effort to the Ubuntu community aren’t given that in-person experience, let alone a T-Shirt. The very lifeblood of what makes Ubuntu so great isn’t given the ability to meet in-person. That’s been stripped from us, and it came as a complete surprise.

I’m not without ideas for solutions to problems, though. Rather than be completely destructive in this post, I can be constructive. My solution to this would be a compromise:

  • Have the Summit be in-person once a year following the yy.04 release
    • Have that one go back to being what it was. It can either have booths like 2024 did or go back to being talk/workshop-focused like years prior. It doesn’t matter, it just needs to be in-person.
  • Have the Summit be online once a year following the yy.10 release

I don’t think this is too much to ask. The reward of personal connections when doing something remote for most of the year is a small price to pay, no matter the cost. Personal connections are tantamount to a healthy community.

I think my compromise would prevent the Summit from dying just like the Ubuntu Developer Summit did once it went online-only. The way I see it is with the current status-quo, history is repeating itself.

I’m sure people at Canonical don’t see it this way because they meet with the people they work with the most twice a year. Those of us from the Ubuntu community that are developers aren’t given that luxury. We’re not even given that luxury once a year now. We’re not even given a T-Shirt!

Am I angry? A little. Do I feel betrayed by the very community I have given so much to over the years? Absolutely. Either way, I believe an online-only Summit is anti-collaborative in that it removes personal connections from the equation, which goes against the very fiber of my being.

Thank you for reading this, and I hope this reaches the people I’m trying to reach and have it speak for those who either won’t speak-up or don’t think they can make a difference.

09 October, 2025 10:01PM

Ubuntu Studio: Ubuntu Studio 25.10 Released

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 25.10 code-named “Questing Quokka”. This marks Ubuntu Studio’s 37th release. This release is a Regular release and as such, it is supported for 9 months, until July 2026.

Since it’s just out, you may experience some issues, so you might want to wait a bit before upgrading. Please see the release notes for a more complete list of changes and known issues. Listed here are some of the major highlights.

You can download Ubuntu Studio 25.10 from our download page.

Special Notes

The Ubuntu Studio 25.10 disk image (ISO) exceeds 4 GB and cannot be downloaded to some file systems such as FAT32 and may not be readable when burned to a standard DVD. For this reason, we recommend downloading to a compatible file system. When creating a boot medium, we recommend creating a bootable USB stick with the ISO image or burning to a Dual-Layer DVD.

Minimum installation media requirements: Dual-Layer DVD or 8GB USB drive.

Images can be obtained from this link: https://cdimage.ubuntu.com/ubuntustudio/releases/25.10/release/

Full updated information, including Upgrade Instructions, are available in the Release Notes.

Upgrades from 25.04 should be enabled within a month after release, so we appreciate your patience. Upgrades from 24.04 LTS will be enabled after 25.04 reaches End-Of-Life in January 2026.

New This Release

The Return of Internet DJ Console (IDJC)!

After a long hiatus, Internet DJ Console (IDJC) has returned. This package for creating and running Internet-based radio stations had been removed from Debian, but has returned, and therefore, returned to Ubuntu Studio!

JackTrip

Ubuntu Studio now includes JackTrip! JackTrip serves two purposes: low-latency networked JACK audio within your network, and low-latency Internet audio collaboration. Bands are even known to jam remotely using JackTrip’s services!

It supports any number of channels (as many as the computer/network can handle) of bidirectional, high quality, uncompressed audio signal streaming.

More Musical Plugins

We came to the realization that we needed to support musicians a little better, so we added a few instrument and musical plugins to assist with that:

  • din
  • drumkv1
  • freewheeling
  • gxtuner
  • Hydrogen Drumkit Effects
  • kmetronome
  • padthv1
  • polyphone
  • samplv1
  • synthv1

More Photography Tools

  • PhotoCollage – allows you to create photo collage phosters
  • PicPlanner – Calculates and displays the positions of the Sun, Moon, and Milky Way for any time and location on earth, to help you get those perfect astronomical photos or for taking pictures during the Golden or Blue hours.

PipeWire 1.4.7

This release contains PipeWire 1.4.7.

PipeWire’s JACK compatibility is configured to use out-of-the-box and is zero-latency internally. System latency is configurable via Ubuntu Studio Audio Configuration and can now be configured on a per-user basis instead of globally.

Ubuntu Studio Audio Configuration

Speaking of Audio Configuration, we have added a number of options for configuring the PipeWire JACK compatibility, as can be seen in the image below. Additionally, buffer size can now be configured from within any JACK application that supports it, such as Patchance, Carla, Ardour, and more!

Ardour 8.12

This is, as of this writing, the latest release of Ardour, packed with the latest bugfixes.

To help support Ardour’s funding, you may obtain later versions directly from ardour.org. To do so, please one-time purchase or subscribe to Ardour from their website. If you wish to get later versions of Ardour from us, you will have to wait until the next release of Ubuntu Studio, due in April 2026.

Frequently Asked Questions

Q: Does Ubuntu Studio contain snaps?
A: Yes. Mozilla’s distribution agreement with Canonical changed, and Ubuntu was forced to no longer distribute Firefox in a native .deb package. We have found that, after numerous improvements, Firefox now performs just as well as the native .deb package did.

Thunderbird also became a snap so that the maintainers can get security patches delivered faster.

Additionally, Freeshow is an Electron-based application. Electron-based applications cannot be packaged in the Ubuntu repositories in that they cannot be packaged in a traditional Debian source package. While such apps do have a build system to create a .deb binary package, it circumvents the source package build system in Launchpad, which is required when packaging for Ubuntu. However, Electron apps also have a facility for creating snaps, which can be uploaded and included. Therefore, for Freeshow to be included in Ubuntu Studio, it had to be packaged as a snap.

We have additional snaps that are Ubuntu-specific, such as the Firmware Updater and the Security Center. Contrary to popular myth, Ubuntu does not have any plans to switch all packages to snaps, nor do we.

Q: Will you make an ISO with {my favorite desktop environment}?
A: To do so would require creating an entirely new flavor of Ubuntu, which would require going through the Official Ubuntu Flavor application process. Since we’re completely volunteer-run, we don’t have the time or resources to do this. Instead, we recommend you download the official flavor for the desktop environment of your choice and use Ubuntu Studio Installer to get Ubuntu Studio – which does *not* convert that flavor to Ubuntu Studio but adds its benefits.

Q: What if I don’t want all these packages installed on my machine?
A: Simply use the Ubuntu Studio Installer to remove the features of Ubuntu Studio you don’t want or need! Additionally, we include a Minimal Install option that, when used with Ubuntu Studio Installer, will give you the Ubuntu Studio experience for whatever your desktop studio needs!

Get Involved!

A wonderful way to contribute is to get involved with the project directly! We’re always looking for new volunteers to help with packaging, documentation, tutorials, user support, and MORE! Check out all the ways you can contribute!

Our project leader, Erich Eickmeyer, is now working on Ubuntu Studio at least part-time, and is hoping that the users of Ubuntu Studio can give enough to generate a monthly part-time income. We’re not there, but if every Ubuntu Studio user donated monthly, we’d be there! Your donations are appreciated! If other distributions can do it, surely we can! See the sidebar for ways to give!

Contact the Team

The best way to contact the Ubuntu Studio team is via the Ubuntu Discourse.

Special Thanks

Huge special thanks for this release go to:

  • Eylul Dogruel: Artwork, Graphics Design
  • Ross Gammon: Upstream Debian Developer, Testing
  • Sebastien Ramacher: Upstream Debian Developer
  • Dennis Braun: Upstream Debian Developer
  • Rik Mills: Kubuntu Council Member, help with Plasma desktop
  • Scarlett Moore: Kubuntu Project Lead, help with Plasma desktop
  • Len Ovens: Testing, insight
  • Mauro Gaspari: Tutorials, Promotion, and Documentation, Testing, keeping Erich sane
  • Erich Eickmeyer: Project Leader, Packaging, Development, Direction, Treasurer
  • Steve Langasek: You are missed.

09 October, 2025 05:11PM

Lubuntu Blog: Lubuntu 25.10 (Questing Quokka) Released!

The Lubuntu Team is proud to announce Lubuntu 25.10, codenamed Questing Quokka. Lubuntu 25.10 is the 29th release of Lubuntu, the 15th release of Lubuntu with LXQt as the default desktop environment. Download and Support Lifespan With 25.10 being an interim release, it will follow the standard non-LTS support period of nine months; this means […]

09 October, 2025 02:05PM

hackergotchi for GreenboneOS

GreenboneOS

September 2025 Threat Report: New Exploits, Active Campaigns, and Critical CVEs

In total, just over 4,500 CVEs were published in September, exposing defenders to new risk. For operational resilience, organizations need to scan their IT infrastructure to identify where hidden risk could impact their operations. A free trial of Greenbone’s OPENVAS BASIC allows defenders to scan their enterprise IT infrastructure to stay on top of emerging […]

09 October, 2025 09:49AM by Joseph Lee

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: Canonical releases Ubuntu 25.10 Questing Quokka

The latest interim release of Ubuntu comes with compatibility enhancements at the silicon level, accessibility upgrades and a robust security posture that sets the stage for the next LTS.

October 9, 2025

Today Canonical announced the release of Ubuntu 25.10, codenamed “Questing Quokka,” available to download and install from ubuntu.com/download

Alongside GNOME 49 and new default applications such as the Ptyxis terminal emulator and the Loupe image viewer, Ubuntu 25.10 introduces notable platform upgrades, from improved Bluetooth audio handling to expanded support for confidential computing features. Ubuntu 25.10 is the first to benefit from memory-safe implementations of “coreutils” and “sudo-rs,” as well as improvements in TPM-backed full disk encryption and support for nested virtualization on Arm.

Ubuntu 25.10 is a statement of intent for the next Ubuntu LTS in 2026. Canonical continues to deliver a resilient, performant Linux operating system trusted by individuals and enterprises alike, from makers and developers to Fortune 500 companies, across hardware from IoT devices to modern datacenters. I’m particularly pleased with the progress on memory-safe utilities, and the enhancements to our TPM-backed full disk encryption.

Jon Seager, VP of Ubuntu Engineering at Canonical

This Ubuntu release is also the first to coincide with a new format of the Ubuntu Summit, where viewers around the world can learn about the latest developments in Ubuntu and open source.

GNOME 49 and accessibility enhancements

Ubuntu 25.10 features GNOME 49. This update introduces media and power controls on the lock screen, improved accessibility and HDR brightness settings. Users will also find two new applications: Loupe, a modern image viewer, and Ptyxis, a new terminal emulator. These additions are part of a broader effort to modernize Ubuntu’s application set. Selecting the “install restricted extras” option in the installer will now enable support for more Bluetooth codecs (AAC) and enable hardware accelerated screen recording in GNOME, further improving performance.

In line with the European Accessibility Act (EAA), Canonical continues its long-standing effort to make Linux easy for everyone to use. Ubuntu’s App Center and Settings panels come with better support for high contrast mode, keyboard navigation, and screen reading. The login screen also introduces a more prominent accessibility menu, making assistive technologies easier to access from the start.

Next-generation toolchains bolster the developer experience

Ubuntu 25.10 ships with OpenJDK 25, the latest version of Java, and the latest upstream versions for Python (3.14 RC3), Golang (1.25), and GCC (15). Rust 1.85 will be the default, and 1.88 is also available. A preview of the new Zig language compiler is available in this release for amd64 and arm64

In addition, this release includes a preview of .NET 10, which is the upcoming .NET LTS due for release in November. 
Canonical continues to improve the .NET developer experience on Ubuntu with an enhanced  .NET Snapcraft plugin to improve support for monorepo setups, delivering better developer experience with MSBuild through custom flag attributes. In addition, the popular tools from Powershell on Windows are now available in Ubuntu on arm64, ppc64el and s390x platforms through the Powershell snap.

Rust-based implementations of sudo and coreutils for improved memory safety

Canonical is committed to increase the resilience of critical system software in Ubuntu by adopting modern implementations of key components like sudo and coreutils. As part of this initiative, Ubuntu 25.10 uses sudo-rs, a new Rust implementation of the sudo tool. While the Rust-based sudo is the default in this new release, the traditional sudo tool is still available for users who need it. 

The introduction of a memory-safe sudo delivers many benefits compared to the traditional implementation. For users, a reduced attack surface in the sudo tool will improve Ubuntu’s overall security posture. Canonical welcomes users to test the tool and provide feedback ahead of its inclusion in the upcoming Ubuntu 26.04 LTS. 

“At Trifecta Tech Foundation, we aim to make essential building blocks like sudo more secure and robust for everyone,” said Erik Jonkers, Chair at Trifecta Tech Foundation. “Seeing sudo-rs landing in Ubuntu is a huge achievement we’re very excited about. We applaud Canonical for pushing for memory safety and thank them for the collaboration over the past months to get sudo-rs ready for the 25.10 release. We’re confident that by working together and taking in feedback, we can make this a seamless shift that will improve security for Ubuntu’s users.”
Similarly, Ubuntu 25.10 is the first major Linux distribution release to adopt uutils‘ implementation of coreutils, which is a ground up reimplementation of the traditional GNU coreutils package in Rust with like-for-like compatibility and memory safety as key goals.

Platform security improvements with TPM-backed FDE

Ubuntu 25.10 offers experimental support for TPM-backed Full Disk Encryption (FDE), providing a way to ensure all content on the disk is encrypted and inaccessible at rest. A TPM, or Trusted Platform Module is a chip found in most modern computers.

TPM-backed FDE is a security method that uses the Trusted Platform Module to store cryptographic keys to encrypt the hard drive, making data unreadable without the correct key at boot time. New features include passphrase support and management, regeneration of the recovery key and better integration with firmware updates, alongside stabilization of the core components of the system to pave the way for the next Ubuntu LTS release. Security-focused users can test this FDE implementation in 25.10, but it’s not yet recommended for production environments. 

Following the initial inclusion of Network Time Security (NTS) in Ubuntu 25.04, Questing Quokka ships with NTS enabled by default. NTS enhances Network Time Protocol (NTP) security by providing a cryptographic layer of authentication for the time synchronization process. This increases resilience against man-in-the-middle attacks and similar types of security risks. NTS uses Transport Layer Security (TLS) to ensure that time data comes from a trusted source.

Linux kernel 6.17 delivers nested virtualization and enhanced confidential workloads

In line with Canonical’s commitment to enable the latest features and hardware support, Ubuntu 25.10 ships with the latest Linux kernel, version 6.17. 

Ubuntu 25.10 brings early access to the nested virtualization feature on Arm, following its inclusion in the upstream Linux kernel. Nested virtualization allows cloud providers and developers to run hypervisors inside virtual machines, enabling advanced CI/CD pipelines, flexible testing environments, and stronger workload isolation. Ubuntu 25.10 introduces support of this technology on platforms like NVIDIA Grace and AmpereOne, paving the way for broader use and maturity of nested virtualization on Arm.

As cloud infrastructure becomes more dynamic, the ability to run securely nested workloads is essential to scaling services efficiently while maintaining strong isolation and operational flexibility. With Ubuntu 25.10 enabling nested virtualization on Arm-based platforms both in the cloud and on-premises, developers and operators can advance development and deployment of this powerful capability. Together with Canonical, we’re accelerating the adoption of secure, scalable Arm-based cloud solutions.

Bhumik Patel, Director, Server Ecosystem Development, Infrastructure Business, Arm

This latest interim release of Ubuntu also lays the foundation for native support of Intel TDX with Ubuntu 26.04 LTS as the host operating system. Intel TDX is a technology that creates hardware-isolated virtual machines for confidential computing, making it ideal to support data clean rooms and confidential AI workloads. Ubuntu 25.10 kernels will ship with Intel TDX host support, enabling enterprises to run and receive support for confidential computing on their data centers or private clouds.

New RVA23 profile for accelerated RISC-V adoption

With Ubuntu 25.10, Canonical is adopting the recently ratified RVA23 as the baseline profile for its RISC-V builds. RVA23 helps accelerate the growth of the RISC-V ecosystem ensuring compatibility across RISC-V implementations. This early move aligns Ubuntu with RVA23-class solutions reaching the market, and enables early rigorous testing, bug fixing and issue triage. This effort enables RVA23 readiness in Ubuntu 26.04 LTS and provides the RISC-V ecosystem with a predictable roadmap and target.

RISC-V International is excited to see Canonical adopting the RVA23 profile for Ubuntu. RVA23 was ratified to help accelerate widespread implementation of RISC-V among toolchains and operating systems, set the base for high performing modern application processors with support for vectors and hypervisors, and ensure binary compatibility at the application level. Our collaboration with Canonical strengthens the RISC-V software ecosystem and advances the adoption of RISC-V in enterprise applications from IoT to HPC.

Andrea Gallo, CEO of RISC-V International

Readers can tune into the Ubuntu Summit on October 23-24 for a behind-the-scenes look at RVA23 advancements.

Next steps

About Canonical

Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone. 
Learn more at canonical.com

09 October, 2025 09:48AM

Sean Davis: Xubuntu 25.10 "Questing Quokka"

Xubuntu 25.10 "Questing Quokka"

A Critical Moment and a Glimpse of the Future

Xubuntu 25.10, codenamed "Questing Quokka," is the fortieth release of the Xfce-powered Ubuntu flavor. Built on the 6.17 Linux kernel, Xfce 4.20, MATE 1.26, and GNOME 49, this release continues to deliver the fast, tightly-integrated, and user-friendly experience that Xubuntu users expect, even on modest hardware.

Today, I&aposll explore where Xubuntu stands as it approaches its twentieth anniversary and share what&aposs new (and what&aposs still rough around the edges) in this release.

Xubuntu 25.10 "Questing Quokka"Xubuntu 25.10 "Questing Quokka": A screenshot of the desktop.

A Critical Juncture

The "Questing Quokka" arrives at a pivotal time in Xubuntu&aposs history. In just six months, we&aposll celebrate Xubuntu&aposs twentieth anniversary (technically eight months: 6.06 marks the only time Ubuntu was released in June).

In recent years, our small development team has faced the same challenges as many open-source projects: contributors stepping back, real-world responsibilities growing, and less time to dedicate to day-to-day development.

Beyond that, our involvement with the upstream Xfce project has slowed. Many of us, myself included, once played major roles in shaping Xfce’s direction, contributing countless hours to its design, code, and outreach. Those efforts helped establish the strong foundation Xfce enjoys today.

While we remain proud supporters and collaborators, Xubuntu’s continued growth depends on fresh energy and new contributors. If you’ve ever wanted to make a tangible impact on an open-source desktop environment, this is your moment. Visit the Get Involved page to learn how to help with artwork, development, documentation, QA, marketing, and more.

Now, let’s look at what’s new (and what still needs work) in 25.10.

Xubuntu 25.10: A Snapshot of the Future

As mentioned, Xubuntu 25.10 ships with Xfce 4.20, GNOME 49, and MATE 1.26. Like other Ubuntu flavors, it also introduces the new Rust-based sudo-rs.

If you’re upgrading from Xubuntu 25.04, you’ll find the experience familiar. Most applications have received incremental updates, theming remains consistent, and there are few new user-facing features. The most noticeable changes this cycle? The bugs. 🐞

Known Issues (and What to Expect)

libadwaita Apps and the Case of the Missing Close Button

Late in the cycle, we discovered that several GNOME and libadwaita-based apps have empty window close buttons when using the elementary-xfce icon theme. This affects Disk Usage Analyzer (baobab), Document Scanner (simple-scan), Fonts (gnome-font-viewer), Mines (gnome-mines), and Sudoku (gnome-sudoku).

Xubuntu 25.10 "Questing Quokka"Modern GNOME applications are missing the close window icon. Can&apost see it? Neither can I.

Missing Icon for Document Scanner&aposs Scan Options

The Scan Options menu icon in Document Scanner is currently invisible. This issue has been reported upstream to the elementary-xfce GitHub tracker.

Xubuntu 25.10 "Questing Quokka"To the right of the Scan button is a menu button for the Scan Options. Invisible unless you hover it.

Flatpak Packages Cannot Be Installed

Due to a Fuse/AppArmor conflict in Ubuntu 25.10, installing Flatpak packages currently fails. Work is underway to resolve this, and Flatpak support should return soon.

Graphical SSH Agent Unavailable

Xubuntu 25.10’s graphical SSH agent isn’t functioning as expected. Without it, SSH key passphrases must be entered each time. Investigation continues, and a fix may land before the next release.

Double Network Icons (Sometimes)

Some users may see duplicate network icons, especially in virtual machines. One appears via the Xfce Indicator Plugin and the other via the Systray Plugin. Removing the Indicator Plugin resolves this... something we’re considering doing by default for 26.04.

Xubuntu 25.10 "Questing Quokka"Some users may be confused to see two network icons that look nearly identical and function the same.

Screensaver Wallpaper Discrepancy

When first locking your screen, you might notice that the lock screen wallpaper defaults to Xfce’s background instead of Xubuntu’s. Changing (and reapplying) your wallpaper fixes the mismatch.

Xubuntu 25.10 "Questing Quokka"If you lock your screen before changing your wallpaper, you&aposll be greeted by Xfce&aposs wallpaper.

Looking Ahead

At first glance, Xubuntu 25.10 might seem rough around the edges: more bugs than usual, fewer active contributors, and an LTS release on the horizon. But known issues are solvable issues. With six months until 26.04, we have time to address these challenges, polish the experience, and deliver a release worthy of Xubuntu’s twentieth anniversary.

If you want to help shape that milestone release—whether through code, documentation, design, or outreach—please reach out. Together, we can ensure Xubuntu continues to thrive for another twenty years.

Join the Xubuntu Community

Everyone can participate in the Xubuntu community on many levels, from simply giving advice to fellow Xubuntu users to becoming a maintainer of core packages. Any contribution, even the smallest, is valued.

Get Involved

09 October, 2025 06:58AM

Xubuntu: Xubuntu 25.10 released!

The Xubuntu team is happy to announce the immediate release of Xubuntu 25.10.

Xubuntu 25.10, codenamed Questing Quokka, is a regular release and will be supported for 9 months, until July 2026.

Xubuntu 25.10, featuring the latest updates from Xfce 4.20 and GNOME 49.

Xubuntu 25.10 features the latest Xfce 4.20 and GNOME 49 updates. Xfce 4.20 updates feature stability improvements and enhanced Wayland support, for those adventurous enough to use it. GNOME 49 apps have received further polish and are well-suited for Xubuntu. MATE 1.26 apps are still included to round out Xubuntu’s office suite.

The final release images for Xubuntu Desktop and Xubuntu Minimal are available as torrents and direct downloads from xubuntu.org/download/.

As the main server might be busy the first few days after the release, we recommend using the torrents if possible.

We want to thank everybody who contributed to this release of Xubuntu!

Highlights and Known Issues

Highlights

  • Xfce 4.20 components have received several stability improvements. Minor integration issues persist in Xubuntu 25.10 and will be addressed for 26.04, scheduled for release in April.
  • GNOME 49 apps are further refined with new features and usability improvements.

Known Issues

  • Some missing icons mean that libadwaita apps (modern GNOME style) have graphical glitches. Notably, the window close icons are blank (LP: #2125025), and Document Scanner is missing an icon for the scanner options (LP: #2127071).
  • The graphical SSH agent is unavailable due to a change in the GNOME Keyring Daemon (LP: #2125549).
  • Flatpak packages will refuse to install due to a conflict between AppArmor and libfuse (LP: #2122161). A fix is in progress.

Please refer to the Xubuntu Release Notes for more obscure known issues, information on affecting bugs, bug fixes, and a list of new package versions.

The main Ubuntu Release Notes cover many other packages we carry and more generic issues.

Support

For support with the release, navigate to Help & Support for a complete list of methods to get help.

09 October, 2025 01:06AM

October 08, 2025

Colin Watson: Free software activity in September 2025

About 90% of my Debian contributions this month were sponsored by Freexian.

You can also support my work directly via Liberapay or GitHub Sponsors.

Some months I feel like I’m pedalling furiously just to keep everything in a roughly working state. This was one of those months.

Python team

I upgraded these packages to new upstream versions:

  • aiosmtplib
  • billiard
  • dbus-fast
  • django-modeltranslation
  • django-sass-processor
  • feedparser
  • flask-security
  • jaraco.itertools
  • mariadb-connector-python
  • mistune
  • more-itertools
  • pydantic-settings
  • pyina
  • pytest-mock
  • python-asyncssh
  • python-bytecode
  • python-ciso8601
  • python-django-pgbulk
  • python-ewokscore
  • python-ewoksdask
  • python-ewoksutils
  • python-expandvars
  • python-git
  • python-gssapi
  • python-holidays
  • python-jira
  • python-jpype
  • python-mastodon
  • python-orjson (fixing a build failure)
  • python-pyftpdlib
  • python-pytest-asyncio (fixing a build failure)
  • python-pytest-run-parallel
  • python-recurring-ical-events
  • python-redis
  • python-watchfiles (fixing a build failure)
  • python-x-wr-timezone
  • python-zipp
  • pyzmq
  • readability
  • scalene (fixing test failures with pydantic 2.12.0~a1)
  • sen (contributed supporting fix upstream)
  • sqlfluff
  • trove-classifiers
  • ttconv
  • vdirsyncer
  • zope.component
  • zope.configuration
  • zope.deferredimport
  • zope.deprecation
  • zope.exceptions
  • zope.i18nmessageid
  • zope.interface
  • zope.proxy
  • zope.schema
  • zope.security (contributed supporting fix upstream)
  • zope.testing
  • zope.testrunner

I had to spend a fair bit of time this month chasing down build/test regressions in various packages due to some other upgrades, particularly to pydantic, python-pytest-asyncio, and rust-pyo3:

After some upstream discussion I requested removal of pydantic-compat, since it was more trouble than it was worth to keep it working with the latest pydantic version.

I filed dh-python: pybuild-plugin-pyproject doesn’t know about headers and added it to Python/PybuildPluginPyproject, and converted some packages to pybuild-plugin-pyproject:

I updated dh-python to suppress generated dependencies that would be satisfied by python3 >= 3.11.

pkg_resources is deprecated. In most cases replacing it is a relatively simple matter of porting to importlib.resources, but packages that used its old namespace package support need more complicated work to port them to implicit namespace packages. We had quite a few bugs about this on zope.* packages, but fortunately upstream did the hard part of this recently. I went round and cleaned up most of the remaining loose ends, with some help from Alexandre Detiste. Some of these aren’t completely done yet as they’re awaiting new upstream releases:

This work also caused a couple of build regressions, which I fixed:

I fixed jupyter-client so that its autopkgtests would work in Debusine.

I fixed waitress to build with the nocheck profile.

I fixed several other build/test failures:

I fixed some other bugs:

Code reviews

Other bits and pieces

I fixed several CMake 4 build failures:

I got CI for debbugs passing (!22, !23).

I fixed a build failure with GCC 15 in trn4.

I filed a release-notes bug about the tzdata reorganization in the trixie cycle.

I filed and fixed a git-dpm regression with bash 5.3.

I upgraded libfilter-perl to a new upstream version.

I optimized some code in ubuntu-dev-tools that made O(1) HTTP requests when it could instead make O(n).

08 October, 2025 06:16PM

David Mohammed: Ubuntu Budgie 25.10 release notes

Ubuntu Budgie 25.10 (Questing Quokka) is a Standard Release with 9 months of support by your distro maintainers and Canonical, from Oct 2025 to July 2026. These release notes showcase the key takeaways for 25.04 upgraders to 25.10. Please note – there is no direct upgrade path from 24.04.3 to 25.10; you must uplift to 24.10 first or perform a fresh install. In these release notes the areas…

Source

08 October, 2025 05:26PM

Ubuntu Blog: Ubuntu worker nodes for OKE now in Limited Availability

Oracle Kubernetes Engine now supports Ubuntu images for worker nodes natively, with no need for custom images

8 October 2025 – Today Canonical, the publisher of Ubuntu, announced that Ubuntu worker nodes for Oracle Kubernetes Engine (OKE) are now available in Limited Availability. This means that OKE now supports Ubuntu images for worker nodes natively, with no need for custom images. You can find more detail on how to start using these in our documentation.

While applications on Kubernetes run within containers, the underlying operating system and kernel of the worker node still plays a critical role in performance, security, and management. Ubuntu provides a stable, widely-supported and securely-designed host environment that can optimize resource utilization for your Kubernetes workloads. Ubuntu’s familiar tooling also simplifies debugging, maintenance, and integration with existing infrastructure across all the major public clouds, offering a consistent and reliable foundation for your containerized applications. 

With the availability of Ubuntu worker nodes on OKE, developers can now enjoy a consistent Ubuntu experience across worker nodes on the managed Kubernetes offerings of Amazon AWS, Google Cloud Platform, IBM Cloud, Microsoft Azure and Oracle OCI – all without having to build or deploy any custom images.

You can find details on the Ubuntu releases and Kubernetes versions available on OKE in the Ubuntu Availability documentation

The latest step in our decade-long partnership

Ubuntu worker images for Oracle OKE users were first released in August 2024. Today’s announcement is the latest step in our efforts to make Ubuntu more accessible across a greater diversity of platforms and environments, particularly for AI/ML use cases or to have a consistent experience across on-premise and other public cloud environments. 

Oracle and Canonical have been close partners since 2015, bringing  Ubuntu images onto Oracle Cloud Infrastructure (OCI). Today, all currently-supported Long-Term Support releases of Ubuntu are available on OCI as images for VM instances (see, for example, Ubuntu 24.04).

Get started with Ubuntu OKE nodes

We are working with Oracle to make Ubuntu OKE node pools a fully-integrated experience. We have prepared specific guides on setting these up using the Oracle Cloud Console, CLI and Terraform

If you’re interested in using Ubuntu OKE nodes,  please contact your Oracle account or support teams to express interest and explore access to this program. 

If you’d like to share any feedback with us or the Oracle team, we’d love to hear your thoughts and experiences, which you can share with us on Discourse.

Ubuntu on OKE worker nodes documentation

08 October, 2025 04:31PM

October 07, 2025

hackergotchi for ZEVENET

ZEVENET

SKUDONET Profiling Timers: Detect Infrastructure Bottlenecks

Slowness in web applications and critical services isn’t just frustrating for users: it directly affects revenue, productivity, and trust in your infrastructure. Every second of delay in page load or service response can cause frustration, lost customers, and operational challenges for your IT team.

The problem is that, in many cases, teams don’t know exactly where the bottlenecks are occurring. Is there a delay in the network? In the backend? In client communication, or in the security layer? Without detailed visibility, diagnosing and fixing these issues can turn into a slow and costly trial-and-error process.

This is where SKUDONET Profiling Timers comes in.

What Profiling Timers Are and How They Work

SKUDONET acts as the critical point of your infrastructure: it balances loads, filters traffic, and protects your applications. Thanks to profiling timers, every request and response passing through your SKUDONET is analyzed with millisecond precision, generating detailed information about the timing of each phase of HTTP(S) communication.

The most relevant timers include:

  • tcc (Time Connection Client): the time it takes for the client to establish a TCP connection with SKUDONET. For HTTPS, this includes the SSL handshake. High values may indicate network issues or client connectivity problems.
  • trch (Time Read Client Headers): the time it takes the client to send request headers. Delays here can indicate slow clients or packet segmentation issues.
  • tcb (Time Connection Backend): the time SKUDONET takes to connect to the backend and receive the connection. High values can reveal congestion or slow internal networks.
  • wp1–wp4 (WAF Phases 1 to 4): the time SKUDONET spends analyzing each part of the request and response according to WAF rules. Delays in these phases may indicate heavy rules or high traffic processing.
  • twbh / tdbc (Time Write Backend Headers / Data Backend Client): the times for sending headers and bodies to and from the backend. These are key indicators of backend speed and data transfer size.
  • ti (Time Idle): time spent on internal SKUDONET tasks, such as header checks, load balancing decisions, logging, and session management.
  • tt (Time Total): the total time SKUDONET spends processing the entire request, from when the client opens the connection to when the final response is received.

Each timer allows you to see exactly where delays occur and makes it easier to identify problems that were previously invisible. For example:

  • If trbh is very high, you know the backend is taking too long to send the response.
  • If tcc is high, the problem could be in client connections.

Benefits of Profiling Timers for Your Infrastructure

Quick diagnosis of slowness issues

You can immediately identify whether delays originate from clients, network, backend, or the security layer (WAF).

Comprehensive traffic visibility

Every request and response is logged with precise timing, size, and error data, enabling detailed analysis and historical tracking.

Proactive problem detection

By continuously monitoring timers, you can identify trends in slowness and take action before users are affected.

Data-driven optimization

Granular information lets you fine-tune load balancing configurations, identify slow endpoints, or adjust WAF rules to improve efficiency without compromising security.

Getting Started with SKUDONET Profiling Timers

Enabling profiling timers in SKUDONET is straightforward and gives you precise data for every request and response passing through your infrastructure. Once enabled, logs record all timers in milliseconds, providing detailed insight into where bottlenecks occur. These logs can be integrated with analysis tools like Grafana or ELK to visualize trends, detect anomalies, and monitor infrastructure performance in real time—without interrupting traffic or modifying your applications.

To enable them, follow these steps:

  1. Access the HTTP(S) profile you want to analyze under LSLB > Farms.
  2. Enable the ADVANCED view in the top right corner.
  3. Turn on the Log toggle in the Global tab (it’s disabled by default).
  4. Make sure the Profiling toggle is also activated.
  5. Save your changes.

From that moment on, SKUDONET will automatically measure all timers for each request and response, generating detailed logs that allow you to:

  • Identify delays in clients, backend, or network.
  • Analyze performance trends over time.
  • Detect anomalies and proactively prevent issues before they impact users.

ℹ If you want to learn how to activate profiling timers and understand each field in detail, visit our technical article: [How to activate and understand SKUDONET HTTP(S) profiling timers]

Conclusion

Slowness in your infrastructure is no longer a mystery when you have profiling timers. SKUDONET provides the visibility needed to diagnose, understand, and optimize every phase of communication between clients and backend systems. With this information, your team can resolve issues quickly, enhance the user experience, and ensure that your critical applications continue running at peak performance.

Try SKUDONET Enterprise Edition free for 30 days
and experience a more secure, scalable, and easy-to-manage infrastructure.

07 October, 2025 12:02PM by Nieves Álvarez

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: OpenStack cloud – happy 15th anniversary!

Happy birthday, OpenStack!

It’s astonishing how fast time flies – fifteen years already. Yet, here we are: OpenStack cloud still stands as a de facto standard for open source cloud infrastructure implementation. It powers thousands of organisations around the world, across telco, finserv, public sector, IT, research, manufacturing and more.

With more than 45 millions of cores in production, OpenStack is undoubtedly one of the most successful open source projects ever. Thus, let’s take a moment to celebrate its anniversary together, review how we got here, and think about what the next 5 years are going to bring.

OpenStack cloud – the early days

When the OpenStack cloud project was launched in 2010, led by NASA and Rackspace, it sought to solve a fundamental set of challenges: how to implement a standard, scalable, and interoperable cloud platform for compute, networking, and storage across modern datacenters. Proprietary stacks and vendor lock-in limited innovation; OpenStack’s goal was to deliver an open source, community-driven, and modular foundation for cloud computing at scale.

Canonical recognized the promise of that vision early on. We committed to packaging OpenStack for Ubuntu, ensuring that operators could use the power of OpenStack cloud on top of the world’s leading Linux distro. Over time, we extended support for OpenStack under Ubuntu’s long-term support (LTS) releases, offering users the desired level of stability, and security updates, now available for up to 12 years under Legacy Support. We also built an automation framework to simplify OpenStack’s deployment and operations, all while actively steering upstream development towards emerging use cases and market needs.

In 2014, Canonical formally launched its OpenStack cloud distribution – Canonical OpenStack. That timing coincided with the early “technology trigger” phase of the hype cycle. Many were testing private cloud ideas, and Canonical OpenStack gained traction precisely because it lowered the operational barrier.

15 years of growth and maturity

Over the last decade and a half, OpenStack has evolved from a “cloud experiment” into a rock-solid, production-proven platform. It has been pushed to its limits in high-stakes sectors: from telco NFV deployments to sophisticated AI/ML workloads and mission-critical enterprise cloud environments. What was once a cutting edge technology is now mature, stable, and trusted by CEOs worldwide.

In parallel, Canonical has maintained its commitments: over 5 million lines of code (and many thousands of commits, and code reviews) have flowed into the OpenStack project from Canonical since its initial release. Over the years, we became the second biggest contributor – and we’re still going strong.

On the distribution front, Canonical OpenStack has become a leading choice: more than 500 clouds run our distribution in production globally under Ubuntu Pro. Meanwhile, Ubuntu Server has emerged as the preferred OS for OpenStack cloud deployments. In the 2024 edition of the OpenStack User Survey, 54% of respondents reported they run their OpenStack cloud on top of Ubuntu Server.

OpenStack cloud: what’s next?

The story of OpenStack is far from being over. With the project now under the governance of the Linux Foundation, OpenStack is set to play an even greater role in shaping the future of cloud-native infrastructure. Moreover, emerging use cases such as digital sovereignty, AI, and confidential computing will be central to its next phase, and will steer directions for future development for sure.

And Canonical remains committed to driving this story, and to the overall OpenStack’s success. Our primary focus remains on modernising its operational experience with cloud-native principles, simplifying its adoption, refining the code base, and ensuring that OpenStack remains accessible to all.

These efforts converge in project Sunbeam – a reimagined OpenStack cloud that is composable yet opinionated by default, enterprise-grade yet simple to deploy, and capable of running anywhere, at any scale.

Summary

Canonical is honoured to mark OpenStack’s 15th anniversary. We have been there from early days, through every architectural shift, every release, every challenge, and we are more optimistic now about its future than we have ever been before.

To OpenStack – happy birthday! We hope that when you turn 18, we’ll be raising glasses of champagne together.

To learn more about Canonical OpenStack and Sunbeam, visit the following resources:

07 October, 2025 07:00AM

October 06, 2025

hackergotchi for Ubuntu

Ubuntu

Ubuntu Weekly Newsletter Issue 912

Welcome to the Ubuntu Weekly Newsletter, Issue 912 for the week of September 28 – October 4, 2025. The full version of this issue is available here.

In this issue we cover:

  • Ubuntu Project docs: Going (semi)official!
  • Questing Quokka (25.10) Final Freeze
  • Call for testing: first set of 25.10 RCs ready!
  • Welcome New Members and Developers
  • Ubuntu Stats
  • Hot in Support
  • Rocks Public Journal; 2025-10-03
  • Other Meeting Reports
  • Upcoming Meetings and Events
  • Canonical at UbuCon Asia 2025
  • Onboarding Event
  • Ubuntu Korea @ FOSS for All Conference 2025
  • LoCo Events
  • Core24 Steam | Call for Testing
  • Ubuntu Server Gazette – Issue 8 – Containers: Steady paths for agile stacks
  • Mir Office Hours – 2025-09-25 15:15UTC
  • Canonical News
  • In the Blogosphere
  • Featured Audio and Video
  • Updates and Security for Ubuntu 22.04, 24.04, and 25.04
  • And much more!

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • Wild Man
  • Cristovao Cordeiro (cjdc)
  • irihapeti
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

06 October, 2025 11:10PM by bashing-om

hackergotchi for Ubuntu developers

Ubuntu developers

Ubuntu Blog: The clock is ticking: Ubuntu Summit 25.10 is just around the corner

London has called, and the Ubuntu community has answered!

This year, the Ubuntu Summit has the ambitious goal of extending its reach to everyone, no matter where they are in the world.  The event has not started yet, and we have been blown away by the excitement already! The desire to contribute to the community with Ubuntu Extended events, remote participation, remote lightning talks and other incredible ideas has been humbling, and inspiring.

Now, with the Summit just a heartbeat away, we want to make sure you have everything you need to be a part of this unforgettable experience.

Don’t miss out: register today! ✏️

The Ubuntu Summit is now a fully remote event. No matter where you are, and how big your circle of friends is, we have a spot for you. Remote registrations are free for everyone. Join us onOctober 23 and 24, 2025, for two days packed with inspiring talks, and stay for the community! There will be exciting interviews, polls, giveaways, FOSS music, and much more. What are you waiting for? Register for the Ubuntu Summit 25.10!

A sneak peek at our amazing speakers 👀

We are incredibly excited to welcome a diverse and talented group of speakers to the Ubuntu Summit stage. Here’s just a glimpse of the people you’ll get to hear from:

  • Raffaello Bonghi (Nvidia)
  • Eriol Fox (Superbloom) 
  • Victoria Brekenfeld and Carl Richell (System76)
  • Scott Jenson (Mastodon)
  • Zhixhuan Wang (ByteDance)
  • And many more! 

Plan your Ubuntu Summit: The timetable is live 🗓️

We have a stellar lineup ready for you! From deep dives into system profiling, to the heights of autonomous flying 5g antennas, and playing videogames in space, there’s something for everyone. Head over to the official timetable and start planning your personal Summit schedule!

Grow your circle of friends: host an Extended Event 📢

Starting with this edition, the Ubuntu Summit is all about bringing the community together. If you are asking yourself how a remote event brings people together, you are in the right place, keep reading. You can host your own “Ubuntu Summit Extended” event! Gather your  local Ubuntu  Community, open source meetup, or group of friends to watch the livestream, share ideas, and celebrate the release of Ubuntu. Tell us about your Extended Event.

Ubuntu Summit 25.10 is a showcase for the innovative and the ambitious. Let’s demonstrate that the best technology is made in the open. We can’t wait to see you there on October 23 and 24!

06 October, 2025 03:16PM

hackergotchi for Purism PureOS

Purism PureOS

Purism Defends the Fourth Amendment in the Digital Age

A newly revealed WIRED investigation shows that the United States Government is creating a vast social media surveillance network, one that will operate around the clock and rely heavily on private contractors. Officials insist the system targets foreign nationals—but its scope and design make it inevitable that millions of Americans’ online activity will also be swept up. This is unconstitutional.

The post Purism Defends the Fourth Amendment in the Digital Age appeared first on Purism.

06 October, 2025 12:31PM by Purism

October 02, 2025

From the Browser to the Bloodstream

When a company collapses, its debts and assets are tallied, auctioned, and parceled out. But what happens when the “asset” in question is your very biology? That’s the question millions of 23andMe customers now face in the wake of the company’s bankruptcy.

The post From the Browser to the Bloodstream appeared first on Purism.

02 October, 2025 03:20PM by Purism

hackergotchi for SparkyLinux

SparkyLinux

Sparky news 2025/09

The 9th monthly Sparky project and donate report of the 2025: – Linux kernel updated up to 6.17.0, 6.12.49-LTS, 6.6.108-LTS – Sparky 8.0.1 released (new stable) https://sparkylinux.org/sparky-8-0-1/ – Sparky 2025.09 released (new rolling) https://sparkylinux.org/sparky-2025-09/ – Sparky 2025.09 Special Editions released https://sparkylinux.org/sparky-2025-09-special-editions/

Source

02 October, 2025 06:01AM by pavroo

October 01, 2025

hackergotchi for Purism PureOS

Purism PureOS

Dialing Back to Move Forward: Why the Landline Revival Signals a Future for Privacy

On September 30, 2025, The Washington Post reported a quiet trend in Washington, D.C.: the return of landline phones among officials and journalists seeking refuge from the omnipresent surveillance of smartphones. In a recent story, NBC News spotlighted parents in Maine and Seattle who are reviving landlines for their children—creating “landline pods” so kids can connect without the addictive pull of screens or the predatory reach of social media platforms.

The post Dialing Back to Move Forward: Why the Landline Revival Signals a Future for Privacy appeared first on Purism.

01 October, 2025 03:55PM by Purism

Who Owns Your Digital Self?

The lawsuits now circling Apple are not just about stolen phones. They are about stolen selves—stolen data, stolen memories, stolen identities.

The post Who Owns Your Digital Self? appeared first on Purism.

01 October, 2025 02:52PM by Purism

hackergotchi for GreenboneOS

GreenboneOS

ArcaneDoor Espionage Campaign Exploiting High-Risk Cisco ASA and FTD Firewall Flaws

On September 25, 2025, three new CVEs affecting Cisco networking products exploded onto the global cyber security landscape. Two of these were actively exploited as zero-days prior to their disclosure. Greenbone now includes detection tests for all three new high-risk CVEs in the OPENVAS ENTERPRISE FEED. CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5) affect the […]

01 October, 2025 12:22PM by Joseph Lee

hackergotchi for Proxmox VE

Proxmox VE

Proxmox Mail Gateway 9.0 released!

We are pleased to announce the first stable release of Proxmox Mail Gateway 9.0 - immediately available for download!

Twenty years after its first release, the new version of our email security solution is based on Debian 13.1 "Trixie", but defaulting to the newer Linux kernel 6.14.11-2. The latest versions of ZFS 2.3.4, PostgreSQL 17, SpamAssassin 4.0.2 (with updated rulesets), and ClamAV 1.4.3 are included.

Some highlights of Proxmox Mail Gateway 9.0
  • New Quarantine UI on...

Read more

01 October, 2025 12:13PM by t.lamprecht (invalid@example.com)