October 19, 2018 brianradio2016

Canonical’s Ubuntu distribution for Linux has earned a reputation for being user-friendly, with editions aimed at desktop, server, cloud, and IoT users. This changelog tracks updates to Ubuntu across its release cycle, including its LTS (long term support) releases. 

Canonical produces new Ubuntu releases every six months and supports them with free security updates and bug fixes for at least nine months. New LTS releases arrive every two years and are supported for five years.

Where to download Ubuntu Linux

Canonical maintains a download site for all flavors of Ubuntu Linux—desktop edition, server edition, cloud (essentially an OpenStack distribution), and the IoT edition. Canonical also maintains a number of “flavors” of Ubuntu, built with different desktop environments or mixes of software for specific needs.

What’s new in Ubuntu 18.10 “Cosmic Cuttlefish”

The latest version of Ubuntu Linux, Ubuntu 18.10 (codenamed “Cosmic Cuttlefish”) has the following major changes:

October 19, 2018 brianradio2016

Canonical’s Ubuntu distribution for Linux has earned a reputation for being user-friendly, with editions aimed at desktop, server, cloud, and IoT users. This changelog tracks updates to Ubuntu across its release cycle, including its LTS (long term support) releases. 

Canonical produces new Ubuntu releases every six months and supports them with free security updates and bug fixes for at least nine months. New LTS releases arrive every two years and are supported for five years.

Where to download Ubuntu Linux

Canonical maintains a download site for all flavors of Ubuntu Linux—desktop edition, server edition, cloud (essentially an OpenStack distribution), and the IoT edition. Canonical also maintains a number of “flavors” of Ubuntu, built with different desktop environments or mixes of software for specific needs.

What’s new in Ubuntu 18.10 “Cosmic Cuttlefish”

The latest version of Ubuntu Linux, Ubuntu 18.10 (codenamed “Cosmic Cuttlefish”) has the following major changes:

October 19, 2018 brianradio2016

The latest fiasco to befall Windows 10 – Microsoft two weeks ago pulled the fall feature upgrade from distribution and urged those already with a copy not to install it – has triggered calls for the company to get its act together.

“Microsoft really needs to get a handle on this. They’re running out of time,” said Chris Goettl, product manager with client security and management vendor Ivanti, when asked his reaction to the show-stopping problem of deleted user files. “If Microsoft wants to continue down this track of the Windows 10 [rapid release] model, its upgrades and updates must be of better quality than they have been.”

Four days after releasing Windows 10 October 2018 Update – also known as 1809 in Microsoft’s yymm numeric format – the firm shut down access to the feature upgrade. The problem: On some PCs, the upgrade process erased all the files in the Documents, Pictures, Music and Videos folders.

Although Microsoft restarted testing of 1809 with its Insider beta program participants on Oct. 9, it has not yet restored access to the upgrade for manual download nor begun to deliver it to customers via Windows Update or WSUS (Windows Server Update Services), the default consumer- and commercial-grade distribution networks. The Redmond, Wash. company has not set a date when the upgrade process would resume.

The debacle was the biggest yet in Windows 10’s short history. “That’s an extremely unwelcome first for Microsoft, and it raises the question of whether the company is moving too fast and breaking too many things in the process,” said long-time Windows-watcher Ed Bott of the decision to shut down 1809’s dissemination. Bott also called Microsoft’s move “unprecedented.”

Although commentary varied about the retraction – and what it meant to Microsoft and customers – there were general themes, none of them really new to the debate over Windows 10 and its maker’s OS strategy. It was the tenor of the critiques that seemed different.

October 19, 2018 brianradio2016

(Image: file photo)

Apple CEO Tim Cook is calling for Bloomberg News to formally retract its story alleging that a bevy of major tech companies were victims of a Chinese spy campaign via compromised server hardware. Bloomberg reported earlier this month that tiny chips implanted into server hardware facilitated backdoors into the systems of up to 30 companies, including Apple and Amazon.

Both companies have shot down Bloomberg’s main findings. AWS’ chief information security officer Steve Schmidt dismissed the report and asserted that “there are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count.”

Apple also immediately denied the Bloomberg report, but the usually press-friendly Cook is now saying the publication should retract the story altogether — the first time Apple has ever made such a request.

“I feel they should retract their story,” Cook said to Buzzfeed News. “There is no truth in their story about Apple. They need to do that right thing.”

See also: China blamed for data theft from US Navy contractor | Chinese police arrest hacker who sold data of millions of hotel guests on the dark web | China aims to narrow cyberwarfare gap with US

“I personally talked to the Bloomberg reporters along with Bruce Sewell, who was then our general counsel,” he added. “We were very clear with them that this did not happen, and answered all their questions. Each time they brought this up to us the story changed, and each time we investigated we found nothing.”

Read on: Chinese hacking group returns with new tactics for espionage campaign | Hacking campaign combines attacks to target government, finance, and energy | Cyberattacks from China: Less numerous but more effective | Edge computing: the cyber security risks you must consider

October 19, 2018 brianradio2016

Microsoft has rolled out a preview of a new expense-tracking application. Developed by some of the people involved in Mobile Data Labs (the makers of MileIQ mileage-tracking app), the new app, called Spend, is considered one of the Microsoft Garage incubation projects.

microsoftspendexpensetracking.jpg Credit: Microsoft

(Microsoft bought Mobile Data Labs in 2015 for an undisclosed amount.)

Spend is designed to track users’ business and/or personal expenses for reimbursement or taxes. Users can get a weekly or monthly report about their expenses in spreadsheet or PDF form. Spend lets users match receipts to purchases and categorize and tag their expenses, as well.

The Spend preview, available for download from Apple’s app store, works on iOS 10.0 or later and works on iPhones, iPads and iPod touch devices only (so far).

Because Spend is a Microsoft Garage app, it’s considered experimental. Microsoft sometimes commercializes its Garage apps and sometimes it simply discontinues them, based on feedback and demand.

(Thanks to OnMSFT for the heads-up about Spend.)

Featured stories

October 19, 2018 brianradio2016

Remember how patches always came on Tuesdays?

Looks like we’re back to getting patches – sometimes large patches – on random days of the week. Let’s look at them chronologically.

Windows 7 Servicing Stack tag team

Microsoft has a mess on its hands because the Win7 update installer isn’t smart enough to update itself before installing new updates. I talked about that last week. Those of you still using the, ahem, most popular version of Windows have been treated to a roller coaster ride of behind-the-scene antics trying to get this month’s Monthly Rollup chicken to match up with this month’s newly refurbished “KB 3177467-v2” Servicing Stack egg.

In theory, the October patches were supposed to correct the mistakes caused by the September Monthly Rollup. Susan Bradley has details on AskWoody.

After several days of hide-and-seek, Microsoft finally settled on a preferred approach by re-issuing this month’s KB 4462923 Monthly Rollup on Oct. 15, with modified metadata (which is to say, the rules that dictate when a patch is installed).

As @abbodi86 explains, the latest version really makes things weird.

October 19, 2018 brianradio2016

Who sends out an invitation with more than 350 different image designs? Apple, that’s who, and this is precisely what the company has done inviting media to its next big iPad Pro and Mac reveal, set to take place in New York on Oct. 30.

‘There’s more in the making’

Apple on Thursday invited selected media to a special event at the plush surroundings of the 2,000+ capacity Brooklyn Academy of Music on Oct. 30 at 10 a.m. ET.

We’ve since discovered that more than 350 iterations of the brightly colored Apple logo image on the front of the invitation exist. The slogan is “There’s more in the making.

It’s the second time this year Apple has chosen to host a launch east of San Francisco. The event reminds me of my annual pilgrimages to Apple’s annual product announcements at Macworld Expo in New York and big moments such as the G4 Cube, 17-in. iMac introduction and then-CEO Steve Job’s explanation of the “digital hub” concept, which basically means we now carry everything on our wrists.

What’s in it for the enterprise?

Enterprise users will be looking for performance and productivity enhancements across Apple’s mobile products and (see below) they won’t be disappointed; expect the company ot introduce lower cost Mac notebooks, vastly improved iPad Pros, and improved Mac mini systems (at last) all squarely focused on enterprise use cases, such as low-energy servers and more.

apple oct 30 event logo 53Apple

What will Apple introduce?

We never truly know what Apple is going to reveal. Even Mark Gurman’s fleet of nanoparticle-sized HYDRA spy drones (or whatever they are) can’t quite see everything, can they?

October 19, 2018 brianradio2016

Apple has secretly patched a bunch of high-severity bugs reported to it by Google’s Project Zero researchers.

More security news

The move has resulted in Google’s Project Zero once again calling Apple out for fixing iOS and macOS security flaws without documenting them in public security advisories.

While it’s good news that Apple beat Project Zero’s 90-day deadline for patching or disclosing the bugs it finds, the group’s Ivan Fratric recently argued that the practice endangered users by not fully informing them why an update should be installed.

This time the criticism comes from Project Zero’s Ian Beer, who’s been credited by Apple with finding dozens of serious security flaws in iOS and macOS over the years.

Beer posted a blog about several vulnerabilities in iOS 7 he found in 2014 that share commonalities with several bugs he has found in iOS 11.4.1, some of which he’s now released exploits for.

Beer notes that none of the latest issues is mentioned in the iOS 12 security bulletin even though Apple did fix them. The absence of information about them is a “disincentive” for iOS users to patch, Beer argues.

“Apple are still yet to assign CVEs for these issues or publicly acknowledge that they were fixed in iOS 12,” wrote Beer.

“In my opinion a security bulletin should mention the security bugs that were fixed. Not doing so provides a disincentive for people to update their devices since it appears that there were fewer security fixes than there really were.”

In other instances, such as one macOS bug Beer reported, Apple did actually assign a CVE, but it still hasn’t updated the relevant security bulletin to reflect the fix.

Apple similarly allocated CVE-2018-4337 to another high-severity iOS bug, which was fixed in iOS 12, but isn’t currently acknowledged in the iOS 12 security bulletin.

In another case, Apple fixed a bug that affected iOS and macOS but didn’t assign a CVE or mention it in the security bulletins.

Not only may it be a disincentive for end-users to patch iPhones and Macs, but Beer also points out in another bug report that the lack of public acknowledgement by Apple means he has no way of knowing whether the issue is a duplicate that another researcher may have already found.

As he notes in the blog, many of the bugs he has found in iOS are very similar or the same as bugs found by noted jailbreaking hackers Pangu Team.

Previous and previous coverage

Google: Apple, your sneaky iPhone patching is endangering users

If I can find these bugs using public tools, think what baddies can do with secret ones, says Project Zero expert.

Apple iOS 12 security update tackles Safari spoofing, data leaks, kernel memory flaws

The iPad and iPhone maker’s iOS 12 launch is accompanied by a slew of security updates for various products.

Windows 10 security: Google Project Zero shreds Microsoft’s unique Edge defense

Google Project Zero says Microsoft’s Arbitrary Code Guard in Edge fails where Chrome’s site isolation succeeds.

Apple improves security protections in macOS Mojave

macOS Mojave is the latest version of the Mac operating system, unveiled today during Apple’s WWDC conference.

Google Project Zero: ‘Here’s the secret to flagging up bugs before hackers find them’

Google’s Project Zero has issues with Samsung and HackerOne’s security bug reporting processes.

Google’s Project Zero exposes unpatched Windows 10 lockdown bypass

Google denies multiple requests by Microsoft for an extension to Project Zero’s 90-day disclose-or-fix deadline.

Chinese spy chips: 3 potential fallouts for the business world TechRepublic

A Bloomberg report found that Chinese spies secretly added microchips on motherboards that went to Apple, Amazon, and the CIA.

Apple, Amazon deny report that Chinese spy chips infiltrated their hardware CNET

The tech giants dispute the suggestion of a mass surveillance campaign.