Ubuntu For Free » Canonical

The OpenSSL Vulnerability

admin — Tue, 20 May 2008 14:00:21 +0000

I recently established my network to use SSH connections. My three Ubuntu systems I discovered were using weak keys that had been generated using the flawed packages. If you haven’t been paying attention, Canonical issued USN-612-1 on 5/13/2008. If you’re using keys that have been generated since September 2006, it’s likely that you need to regenerate all keys. If you have any doubts, I encourage you to regenerate all keys. It will affect any key used that was generated on a compromised system. The biggest trouble for me was getting OpenSSL and OpenSSH-server packages to update. I used the ssh-copy-id command to make it the process easy for me.

Kubuntu LTS Put On Hold for Hardy Heron

admin — Sun, 30 Dec 2007 20:07:29 +0000

There’s been a great rift with the Canonical Community as of late surrounding Kubuntu. The update from KDE 3.5 to KDE 4.0 is such a great shift that Canonical feels they’re unable to commit to Long Term Support for Kubuntu 8.04. Frankly, I don’ blame them. This is a pretty good move for them as far as any business relationships and future investors.

I don’t think it’s a problem. However, you kind of have to wonder how it affects the users who install using Ubuntu 8.04 and then add the kubuntu-desktop package, or will it be disabled?

Others have noted that there’s been a lack of reports from users with their experience regarding Hardy Heron. I noticed the torrent activity was kind of slacking. This is an excellent time for us to step up the testing on this. I suggest testing the .ISO image from a LiveCD and from some sort of virtualization application, such as VMWare or VirtualBox. If you’ve got the resources, it’s definitely appreciated for a full install and all the reports that you get from that experience.

I’ve encountered a few bugs that I’ve reported at Launchpad. Here I found other users reporting the same kind of problems I experienced. I wasn’t able to find the bug reports doing a simple search, instead it found them for me when I attempted to report the bugs, so go ahead and just attempt to report the bug you encounter. If it doesn’t find it for you, someone will catch it in triage. So, to re-iterate. If you haven’t tried it yet, go ahead and take the time. This is one of the easiest ways to contribute to the community.

Security Alert – LoCo Teams Hosting Servers Compromised

admin — Wed, 08 Aug 2007 14:28:46 +0000

If you’re a part of a any Ubuntu Loco Teams, you may have noticed that they’ve been down for a period. That’s because of a security breach. I encourage you to review these instructions for securing your system after the Ubuntu LoCo team hosts have been attacked.