mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-29 21:41:00 +08:00
commit
66a6043710
@ -1,7 +1,7 @@
|
|||||||
[#]: subject: "7 Reasons Why Ubuntu 22.04 LTS is the Most Secure Release Yet"
|
[#]: subject: "7 Reasons Why Ubuntu 22.04 LTS is the Most Secure Release Yet"
|
||||||
[#]: via: "https://news.itsfoss.com/reasons-ubuntu-22-04-secure/"
|
[#]: via: "https://news.itsfoss.com/reasons-ubuntu-22-04-secure/"
|
||||||
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
|
[#]: author: "Jacob Crume https://news.itsfoss.com/author/jacob/"
|
||||||
[#]: collector: "lujun9972"
|
[#]: collector: "lkxed"
|
||||||
[#]: translator: " "
|
[#]: translator: " "
|
||||||
[#]: reviewer: " "
|
[#]: reviewer: " "
|
||||||
[#]: publisher: " "
|
[#]: publisher: " "
|
||||||
@ -9,8 +9,11 @@
|
|||||||
|
|
||||||
7 Reasons Why Ubuntu 22.04 LTS is the Most Secure Release Yet
|
7 Reasons Why Ubuntu 22.04 LTS is the Most Secure Release Yet
|
||||||
======
|
======
|
||||||
|
Ubuntu 22.04 LTS is one of the best Ubuntu releases so far. What makes it so secure?
|
||||||
|
|
||||||
[Ubuntu 22.04 LTS][1], released back in April, is the most secure Ubuntu release yet.
|
![ubuntu 22.04][1]
|
||||||
|
|
||||||
|
[Ubuntu 22.04 LTS][2], released back in April, is the most secure Ubuntu release yet.
|
||||||
|
|
||||||
Between its extended security updates, new hardware support, and a wide range of other improvements, it far outperforms all previous releases in terms of security.
|
Between its extended security updates, new hardware support, and a wide range of other improvements, it far outperforms all previous releases in terms of security.
|
||||||
|
|
||||||
@ -22,19 +25,17 @@ Here, let me summarise that to help you learn more.
|
|||||||
|
|
||||||
With this release, it seems that the Ubuntu team has put a lot of work into ensuring its long-term security and reliability. Although they did this in an unthinkable number of ways over the years, I shall highlight a few things that include:
|
With this release, it seems that the Ubuntu team has put a lot of work into ensuring its long-term security and reliability. Although they did this in an unthinkable number of ways over the years, I shall highlight a few things that include:
|
||||||
|
|
||||||
* Improved hardware security measure support
|
* Improved hardware security measure support
|
||||||
* Updated security packages
|
* Updated security packages
|
||||||
* Private home directories
|
* Private home directories
|
||||||
* OpenSSL 3
|
* OpenSSL 3
|
||||||
* GCC 11
|
* GCC 11
|
||||||
* nftables as the default firewall backend
|
* nftables as the default firewall backend
|
||||||
* Linux Kernel improvements
|
* Linux Kernel improvements
|
||||||
|
|
||||||
|
#### 1. Improved Hardware Security Measure Support
|
||||||
|
|
||||||
|
![][3]
|
||||||
#### 1\. Improved Hardware Security Measure Support
|
|
||||||
|
|
||||||
![][2]
|
|
||||||
|
|
||||||
As Intel, AMD, and ARM CPUs/SoCs start coming up with more security measures, it is becoming ever more important that adequate software is there to allow these features to be put to use.
|
As Intel, AMD, and ARM CPUs/SoCs start coming up with more security measures, it is becoming ever more important that adequate software is there to allow these features to be put to use.
|
||||||
|
|
||||||
@ -46,34 +47,32 @@ The next includes AMD’s Secure Encrypted Virtualization (SEV). This technology
|
|||||||
|
|
||||||
Although this is not as relevant to desktop users as the other technologies, consider that a lot of data center infrastructure relies on virtual machines for containerizing applications. Overall, such hardware-specific security measures should enhance protection for both desktop and server users.
|
Although this is not as relevant to desktop users as the other technologies, consider that a lot of data center infrastructure relies on virtual machines for containerizing applications. Overall, such hardware-specific security measures should enhance protection for both desktop and server users.
|
||||||
|
|
||||||
#### 2\. Linux Kernel Security Improvements
|
#### 2. Linux Kernel Security Improvements
|
||||||
|
|
||||||
With every Ubuntu release, Linux Kernel gets an upgrade with many useful features and support.
|
With every Ubuntu release, Linux Kernel gets an upgrade with many useful features and support.
|
||||||
|
|
||||||
But, this time, Canonical introduced optimized kernel versions for different platforms. For OEM-certified desktop devices, [Linux Kernel 5.17][3] has been included.
|
But, this time, Canonical introduced optimized kernel versions for different platforms. For OEM-certified desktop devices, [Linux Kernel 5.17][4] has been included.
|
||||||
|
|
||||||
And, for all desktop and server users, [Linux Kernel 5.15 LTS][4] will be the one active.
|
And, for all desktop and server users, [Linux Kernel 5.15 LTS][5] will be the one active.
|
||||||
|
|
||||||
Not just limited to this concept, some essential kernel security enhancements mentioned in the [blog post][5] include:
|
|
||||||
|
|
||||||
* _Support for [core scheduling][6], which allows processes to control which threads will be scheduled across SMT siblings and so can allow them to protect sensitive information from leaking to other untrusted processes on the system._
|
|
||||||
* _Kernel stack randomisation provides a hardening measure to frustrate attackers wishing to perform memory corruption attacks within the kernel._
|
|
||||||
* _The BPF subsystem has also seen a number of security enhancements including restricting its use to only privileged processes by default, as well as including the initial efforts to support signed BPF programs as well_
|
|
||||||
* *The inclusion of the new Landlock Linux Security Module provides another mechanism for application sandboxing to go along with the more traditional methods via either AppArmor or SELinux. *
|
|
||||||
|
|
||||||
|
Not just limited to this concept, some essential kernel security enhancements mentioned in the [blog post][6] include:
|
||||||
|
|
||||||
|
* Support for [core scheduling][7], which allows processes to control which threads will be scheduled across SMT siblings and so can allow them to protect sensitive information from leaking to other untrusted processes on the system.
|
||||||
|
* Kernel stack randomisation provides a hardening measure to frustrate attackers wishing to perform memory corruption attacks within the kernel.
|
||||||
|
* The BPF subsystem has also seen a number of security enhancements including restricting its use to only privileged processes by default, as well as including the initial efforts to support signed BPF programs as well
|
||||||
|
* The inclusion of the new Landlock Linux Security Module provides another mechanism for application sandboxing to go along with the more traditional methods via either AppArmor or SELinux.
|
||||||
|
|
||||||
Collectively, all these improvements make Ubuntu 22.04 LTS a safer option for developers, users, and system administrators.
|
Collectively, all these improvements make Ubuntu 22.04 LTS a safer option for developers, users, and system administrators.
|
||||||
|
|
||||||
#### 3\. Updated Security Packages
|
#### 3. Updated Security Packages
|
||||||
|
|
||||||
![][2]
|
![][8]
|
||||||
|
|
||||||
Stepping back from technical security concepts, we get to a concept every Ubuntu user should be already familiar with: packages. With every new Ubuntu release, most packages in the repositories get updated, bringing improved security and new features.
|
Stepping back from technical security concepts, we get to a concept every Ubuntu user should be already familiar with: packages. With every new Ubuntu release, most packages in the repositories get updated, bringing improved security and new features.
|
||||||
|
|
||||||
Although not exactly something new to Ubuntu 22.04, this does include a lot of security-specific updates. A couple of examples of this include openSSL 3 and GCC 11.
|
Although not exactly something new to Ubuntu 22.04, this does include a lot of security-specific updates. A couple of examples of this include openSSL 3 and GCC 11.
|
||||||
|
|
||||||
#### 4\. OpenSSL 3
|
#### 4. OpenSSL 3
|
||||||
|
|
||||||
OpenSSL is the backbone of all secure communications.
|
OpenSSL is the backbone of all secure communications.
|
||||||
|
|
||||||
@ -81,7 +80,7 @@ OpenSSL 3 is particularly interesting as a major upgrade considering many legacy
|
|||||||
|
|
||||||
As a result, unless users specifically want to use the less secure algorithms, you will be getting the best security by default.
|
As a result, unless users specifically want to use the less secure algorithms, you will be getting the best security by default.
|
||||||
|
|
||||||
#### 5\. GCC 11
|
#### 5. GCC 11
|
||||||
|
|
||||||
GCC, on the other hand, is the compiler that many developers use to turn their code into programs that can be run on your computer.
|
GCC, on the other hand, is the compiler that many developers use to turn their code into programs that can be run on your computer.
|
||||||
|
|
||||||
@ -89,9 +88,9 @@ It brings numerous improvements, but there is one in particular that significant
|
|||||||
|
|
||||||
It may not affect users directly, many developers use Ubuntu to develop their applications. Therefore, a lot of the programs you download, even on non-Ubuntu systems, should be more secure than ever.
|
It may not affect users directly, many developers use Ubuntu to develop their applications. Therefore, a lot of the programs you download, even on non-Ubuntu systems, should be more secure than ever.
|
||||||
|
|
||||||
#### 6\. Private Home Directories
|
#### 6. Private Home Directories
|
||||||
|
|
||||||
![][7]
|
![][9]
|
||||||
|
|
||||||
As a traditionally desktop-focused distribution, Ubuntu has often opted for convenience over security. However, as they push harder and harder for adoption in the cloud, this has had to change.
|
As a traditionally desktop-focused distribution, Ubuntu has often opted for convenience over security. However, as they push harder and harder for adoption in the cloud, this has had to change.
|
||||||
|
|
||||||
@ -99,9 +98,9 @@ Previously, anyone with access to the computer could open and view any user’s
|
|||||||
|
|
||||||
It may be slightly less convenient for multi-user systems, this can be changed relatively easily. And, for the less technically inclined, they get better security without having to do anything!
|
It may be slightly less convenient for multi-user systems, this can be changed relatively easily. And, for the less technically inclined, they get better security without having to do anything!
|
||||||
|
|
||||||
#### 7\. nftables as the Default Firewall Backend
|
#### 7. nftables as the Default Firewall Backend
|
||||||
|
|
||||||
![][2]
|
![][10]
|
||||||
|
|
||||||
For more than 25 years, firewalls have been a key part of keeping your computer isolated from the wider internet. During this time, Linux distros have generally used two different firewall solutions: iptables and xtables.
|
For more than 25 years, firewalls have been a key part of keeping your computer isolated from the wider internet. During this time, Linux distros have generally used two different firewall solutions: iptables and xtables.
|
||||||
|
|
||||||
@ -113,25 +112,29 @@ Undoubtedly, a lot of good upgrades made it to Ubuntu 22.04 LTS. Not just limite
|
|||||||
|
|
||||||
Of course, there’s more to come, but the improvements mentioned above are good achievements!
|
Of course, there’s more to come, but the improvements mentioned above are good achievements!
|
||||||
|
|
||||||
For more technical details, you can check out [Ubuntu’s official blog post][5].
|
For more technical details, you can check out [Ubuntu’s official blog post][11].
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
via: https://news.itsfoss.com/reasons-ubuntu-22-04-secure/
|
via: https://news.itsfoss.com/reasons-ubuntu-22-04-secure/
|
||||||
|
|
||||||
作者:[Jacob Crume][a]
|
作者:[Jacob Crume][a]
|
||||||
选题:[lujun9972][b]
|
选题:[lkxed][b]
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
[a]: https://news.itsfoss.com/author/jacob/
|
[a]: https://news.itsfoss.com/author/jacob/
|
||||||
[b]: https://github.com/lujun9972
|
[b]: https://github.com/lkxed
|
||||||
[1]: https://news.itsfoss.com/ubuntu-22-04-release/
|
[1]: https://news.itsfoss.com/wp-content/uploads/2022/07/ubuntu-22-04-is-most-secure-release.jpg
|
||||||
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjU3NiIgd2lkdGg9IjEwMjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmVyc2lvbj0iMS4xIi8+
|
[2]: https://news.itsfoss.com/ubuntu-22-04-release/
|
||||||
[3]: https://news.itsfoss.com/linux-kernel-5-17-release/
|
[3]: https://news.itsfoss.com/wp-content/uploads/2022/07/hardware-security-illustration-1024x576.jpg
|
||||||
[4]: https://news.itsfoss.com/linux-kernel-5-15-release/
|
[4]: https://news.itsfoss.com/linux-kernel-5-17-release/
|
||||||
[5]: https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-22-04-lts
|
[5]: https://news.itsfoss.com/linux-kernel-5-15-release/
|
||||||
[6]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/core-scheduling.html
|
[6]: https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-22-04-lts
|
||||||
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9IjI2MSIgd2lkdGg9Ijc3MSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2ZXJzaW9uPSIxLjEiLz4=
|
[7]: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/core-scheduling.html
|
||||||
|
[8]: https://news.itsfoss.com/wp-content/uploads/2021/07/open-source-security-illustration-1024x576.png
|
||||||
|
[9]: https://news.itsfoss.com/wp-content/uploads/2021/04/private-home-directory-ubuntu-21.png
|
||||||
|
[10]: https://news.itsfoss.com/wp-content/uploads/2022/07/firewall-illustration-1024x576.jpg
|
||||||
|
[11]: https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-22-04-lts
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
[#]: subject: "Nokia Targets An Amateur Linux Phone Project ‘NOTKIA’ for a Name Change"
|
[#]: subject: "Nokia Targets An Amateur Linux Phone Project ‘NOTKIA’ for a Name Change"
|
||||||
[#]: via: "https://news.itsfoss.com/nokia-notkia/"
|
[#]: via: "https://news.itsfoss.com/nokia-notkia/"
|
||||||
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
|
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
|
||||||
[#]: collector: "lujun9972"
|
[#]: collector: "lkxed"
|
||||||
[#]: translator: " "
|
[#]: translator: " "
|
||||||
[#]: reviewer: " "
|
[#]: reviewer: " "
|
||||||
[#]: publisher: " "
|
[#]: publisher: " "
|
||||||
@ -9,6 +9,9 @@
|
|||||||
|
|
||||||
Nokia Targets An Amateur Linux Phone Project ‘NOTKIA’ for a Name Change
|
Nokia Targets An Amateur Linux Phone Project ‘NOTKIA’ for a Name Change
|
||||||
======
|
======
|
||||||
|
An open-source project wants to bring you a Nokia-like Linux phone, but Nokia does not seem to like the project’s name.
|
||||||
|
|
||||||
|
![nokia][1]
|
||||||
|
|
||||||
An open-source project that aims to make a classic Nokia like (small form factor) Linux phone has come under fire, by Nokia.
|
An open-source project that aims to make a classic Nokia like (small form factor) Linux phone has come under fire, by Nokia.
|
||||||
|
|
||||||
@ -22,13 +25,13 @@ Thanks to the notice by Nokia, we get to know about an interesting collaborative
|
|||||||
|
|
||||||
They aim to design a PCB that fits exactly in the classic Nokia’s phone shell.
|
They aim to design a PCB that fits exactly in the classic Nokia’s phone shell.
|
||||||
|
|
||||||
![][1]
|
![][2]
|
||||||
|
|
||||||
As of now, they have a decent amount of things working with the hardware that includes Bluetooth, and Wi-Fi.
|
As of now, they have a decent amount of things working with the hardware that includes Bluetooth, and Wi-Fi.
|
||||||
|
|
||||||
It is not an Android-based operating system, rather it relies on Mainline Linux Kernel.
|
It is not an Android-based operating system, rather it relies on Mainline Linux Kernel.
|
||||||
|
|
||||||
You can learn more about the project and the specifications for the planned phone in their [official blog post][2].
|
You can learn more about the project and the specifications for the planned phone in their [official blog post][3].
|
||||||
|
|
||||||
The project is waiting for fundraising, and will make early prototypes to available to be purchased separately.
|
The project is waiting for fundraising, and will make early prototypes to available to be purchased separately.
|
||||||
|
|
||||||
@ -38,11 +41,11 @@ Well, the project clearly states that they have been inspired by Nokia’s class
|
|||||||
|
|
||||||
The project’s creator shared the email by Nokia on Twitter, mentioning that Nokia should be more sensitive before sending such notices to projects that are led with community interests.
|
The project’s creator shared the email by Nokia on Twitter, mentioning that Nokia should be more sensitive before sending such notices to projects that are led with community interests.
|
||||||
|
|
||||||
See more
|
> After reading the email from [@Nokia][4] one more time, I started to feel angry. This nothing more than a staged accident. Since this is already a collaborative project and contributed by people around the world, I'm going to release the complete email to its "intended recipients".
|
||||||
|
|
||||||
> After reading the email from [@Nokia][3] one more time, I started to feel angry. This nothing more than a staged accident. Since this is already a collaborative project and contributed by people around the world, I'm going to release the complete email to its "intended recipients". <https://t.co/ZJPTZcOLmC> [pic.twitter.com/jcUkVpWx5o][4]
|
|
||||||
>
|
>
|
||||||
> — @[ReimuNotMoe@mastodon.social][5] (@ReimuNotMoe) [June 30, 2022][6]
|
> ![Twitter: @ReimuNotMoe][5]
|
||||||
|
|
||||||
|
[June 30, 2022][6]
|
||||||
|
|
||||||
**Also, they confirmed that the project will be changing its name.**
|
**Also, they confirmed that the project will be changing its name.**
|
||||||
|
|
||||||
@ -50,7 +53,7 @@ Of course, as an open-source project, it should not concern Nokia unless they st
|
|||||||
|
|
||||||
But, at its current state, this is more of a passion project, and a collaborative effort by a community of open-source enthusiasts. So, it sounds a bit far-fetched to send a notice to them for infringing Nokia’s rights.
|
But, at its current state, this is more of a passion project, and a collaborative effort by a community of open-source enthusiasts. So, it sounds a bit far-fetched to send a notice to them for infringing Nokia’s rights.
|
||||||
|
|
||||||
_Right?_
|
*Right?*
|
||||||
|
|
||||||
Of course, this is not surprising for companies, but for Nokia, it seems a bit too overly cautious and anti-competitive.
|
Of course, this is not surprising for companies, but for Nokia, it seems a bit too overly cautious and anti-competitive.
|
||||||
|
|
||||||
@ -58,7 +61,7 @@ Especially, when it is safe to say that the company is not doing as good as you
|
|||||||
|
|
||||||
Interestingly, there’s also an [IT company][7] with the name “Notkia”, as spotted by a fellow Twitter user. Did they also receive a notice by Nokia? Who knows?
|
Interestingly, there’s also an [IT company][7] with the name “Notkia”, as spotted by a fellow Twitter user. Did they also receive a notice by Nokia? Who knows?
|
||||||
|
|
||||||
_What do you think about the open-source project for a pocket-sized phone powered by Linux?_ _Share your thoughts in the comments down below._
|
*What do you think about the open-source project for a pocket-sized phone powered by Linux?* *Share your thoughts in the comments down below.*
|
||||||
|
|
||||||
**Via**: [Vice][8]
|
**Via**: [Vice][8]
|
||||||
|
|
||||||
@ -67,19 +70,19 @@ _What do you think about the open-source project for a pocket-sized phone powere
|
|||||||
via: https://news.itsfoss.com/nokia-notkia/
|
via: https://news.itsfoss.com/nokia-notkia/
|
||||||
|
|
||||||
作者:[Ankush Das][a]
|
作者:[Ankush Das][a]
|
||||||
选题:[lujun9972][b]
|
选题:[lkxed][b]
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
[a]: https://news.itsfoss.com/author/ankush/
|
[a]: https://news.itsfoss.com/author/ankush/
|
||||||
[b]: https://github.com/lujun9972
|
[b]: https://github.com/lkxed
|
||||||
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9Ijc2NiIgd2lkdGg9IjEwMjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmVyc2lvbj0iMS4xIi8+
|
[1]: https://news.itsfoss.com/wp-content/uploads/2022/07/nokia-targets-linux-phone-notkia.jpg
|
||||||
[2]: https://hackaday.io/project/185645-notkia-name-change-planned
|
[2]: https://news.itsfoss.com/wp-content/uploads/2022/07/notkia-nokia-1024x766.jpg
|
||||||
[3]: https://twitter.com/nokia?ref_src=twsrc%5Etfw
|
[3]: https://hackaday.io/project/185645-notkia-name-change-planned
|
||||||
[4]: https://t.co/jcUkVpWx5o
|
[4]: https://twitter.com/nokia?ref_src=twsrc%5Etfw
|
||||||
[5]: mailto:ReimuNotMoe@mastodon.social
|
[5]: https://pbs.twimg.com/media/FWftWyjUYAA49ew?format=jpg&name=large
|
||||||
[6]: https://twitter.com/ReimuNotMoe/status/1542466662154108930?ref_src=twsrc%5Etfw
|
[6]: https://twitter.com/ReimuNotMoe/status/1542466662154108930?ref_src=twsrc%5Etfw
|
||||||
[7]: https://www.linkedin.com/company/notkia-it/
|
[7]: https://www.linkedin.com/company/notkia-it/
|
||||||
[8]: https://www.vice.com/en/article/93awjz/nokia-asks-open-source-notkia-phone-project-to-change-its-name
|
[8]: https://www.vice.com/en/article/93awjz/nokia-asks-open-source-notkia-phone-project-to-change-its-name
|
Loading…
Reference in New Issue
Block a user