The beta of Ubuntu 9.10—or Karmic Koala as it's also known—offers the core open-source updates you would expect. But it also provides important enhancements in the areas of disk encryption, tightened system permissions and cloud service integration—all of which combine to make Ubuntu even more attractive as the Linux distro of choice on the desktop.The Ubuntu project recently set loose a beta version of its next
Linux-based operating system release, known as Ubuntu 9.10 or, more
fancifully, as the Karmic Koala. I've been testing this in-development
Ubuntu version for several weeks now, but this beta milestone seems
like a good time to single out a handful of the new or enhanced
features that have caught my eye so far.
Karmic will ship with a long list of enhancements and additions,
including the sort of core open-source application updates you expect
to see with any Linux distribution refresh (new versions of Firefox,
OpenOffice.org and the GNOME desktop environment). Beyond these typical
updates, however, I've taken particular note of changes around disk
encryption, tightened system permissions and cloud service
integration.
For screenshots of these new Ubuntu features in action, check out this eWEEK Labs Gallery.
All told, I expect that the 9.10 release will strengthen Ubuntu's
position as the most popular Linux option for desktop and mobile
implementations. On the server side of the distribution, the Ubuntu
project has covered a lot of ground on private and public cloud
deployment options with this release, and eWEEK Labs will investigate
these enhancements in an upcoming story.
Disk Encryption
Given how easily notebooks and netbooks can be lost or stolen, and
how easily an unauthorized person can pull sensitive data from an
unencrypted disk, no one should be toting a portable computer around
without the protection of hard-drive encryption. The past few Ubuntu
releases have offered users the option of encrypting all but their boot
partitions with block-level encryption, but this feature has been
limited to the text-based alternate install disk, which most users pass
over in favor of the default LiveCD-based install disk. What's more,
the UNR (Ubuntu Netbook Remix) installer offers no clear path to
encrypted hard drives at all.
Rather than build this block-level encryption option into its
default installer, the Ubuntu team has been pursuing an encryption
scheme that's layered atop the file system and that targets specific
system folders, as opposed to encrypting everything on disk.
Version 8.10 saw the addition of an encrypted Private directory for
each user. However, to take advantage of the directory's protection,
users had to copy files into the directory and, for application
configuration folders, create symlinks from the folder to the home
directory locations where the applications expected to find these
folders. In Version 9.04, the team expanded this protection to cover
the entire home directory, but the option to trigger this protection
was exposed only in the alternate installer.
In Ubuntu 9.10, this home directory encryption option has finally
made its way into the default LiveCD installer. During installation,
the Ubuntu installer asked me whether I wanted to configure my system
for auto-login, for password-protected login or for password-protected
login with home directory encryption. Choosing the home directory
encryption option also configures the swap partition for encryption,
which is important because sensitive data can hang around in swap, even
on systems with plenty of RAM.
In contrast to the block-level encryption option, which is still
available in the alternate installer, Ubuntu's home directory
encryption should deliver improved performance by ignoring data outside
of home or swap directories. Most of what's in the root directory of an
Ubuntu system isn't particularly sensitiveafter all, both the
binaries and the source for most of what you'll find there are
available for free public download.
What's more, this home directory encryption scheme allows for
unattended booting (the block-level method requires a passphrase at
boot time), as well as for multiple home directories, each encrypted
with its own key.
For now, however, systems encrypted in this way lack hibernation
support, due to the method used to encrypt the swap partition. With
that said, the Ubuntu project is working on a solution for re-enabling
hibernation.
Firefox AppArmor Policy
Ubuntu has been shipping with the AppArmor enhanced access control
framework since Version 7.10, and while the Ubuntu's AppArmor
implementation has never been promoted or exposed to users as
prominently as SELinux has in Red Hat's Fedora and RHEL distributions,
the framework has been making steady progress during the past several
Ubuntu releases.
AppArmor bolsters existing Linux access controls by enabling
administrators to grant or deny system privileges more granularly than
is possible with Linux's default discretionary access control scheme.
Ubuntu 9.10 includes a policy for applying these controls to contain
the Firefox Web browser. In the beta release I tested, this policy was
inactive by default; I activated it by issuing the command "sudo
aa-enforce firefox" and then restarting Firefox.
I took a peek at the Firefox AppArmor policy, which is stored as a
fairly readable text file, and noted that the policy denied Firefox
access to the folder in my home directory that stores SSH keysa
directory that I'm allowed, by default, to view and edit freely. With
typical Linux access controls, the applications I run enjoy the
same rights that I do, which means that Ior someone who has
taken control of my browsercould read and modify sensitive SSH
configuration files in that directory from Firefox. With the AppArmor
policy for Firefox enabled, however, I couldn't access or modify the
SSH directory in my home folder.
I'd like to see the Ubuntu project step up its efforts around
AppArmor, potentially by extending the project's Personal Package
Archive build service with AppArmor policy generation tools. The other
major Linux distribution that ships AppArmor, SUSE, has its own build
service, and there may be an opportunity for the two projects to
collaborate to bring this functionality to their respective build
services.
UbuntuOne
Last May, Canonical, the company that sponsors Ubuntu, launched a
closed beta of a Web storage and synchronization service called Ubuntu
One. The service provided 2GB of free online storage space or 10GB of
space for $10 a month. The service provided storage synchronization
between computers running Ubuntu and a Canonical-run Web service that
tapped Amazon's S3 for storage. Since then, the beta has gone public,
the storage cap for paid subscriptions has been raised to 50GB, and the
service has expanded beyond file synchronization to take on data sync
duties for specific Ubuntu desktop applications.
For instance, the version of the Tomboy note-taking application that
comes with Ubuntu 9.10 includes Ubuntu One among its list of note
synchronization targets, making it possible to use the Canonical
service to keep one's notes in sync on multiple machineseventually.
So far, I haven't managed to get this feature to work on my test
system. Similar sync options have turned up for contact records used
with the distribution's Evolution mail client and for Firefox
bookmarks, both of which rely on the document-oriented database project
CouchDB for syncing up with Ubuntu One.
The Ubuntu One service, and its associated client-side components,
are definitely still rough around the edgesthe Web-based interfaces
for viewing notes and browsing files, in particular, could use an
overhaul. However, I'm impressed with the promise of these capabilities
to bridge the divide between locally run and Web-based applications on
the Linux desktop.
Executive Editor Jason Brooks can be reached at jbrooks@eweek.com.
| | Reader Comments: REVIEW: Ubuntu 9.10 Beta Promises to Strengthen Distro's Position as Desktop Favorite | | >>> Post your comment now!
| | | | | | | | IT ManagerI tried a fresh install of 9.1 on an blank machine and it failed. I used an IBM ThinkCenter 1Gb ram, 2.3Ghz P4 processor. I found a several posting... Posted At: 11-16-09
By: Brian | | | | | | Bloatware?I fear that Ubunto and several other distributions are in danger of becoming bloatware as they try to buddle everthing that you might want into the... Posted At: 10-21-09
By: David | | | | | | Common binary platformWhat would be nice to see in any Linux is a common platform for binary packages. I often find the binary package for an application, but it is an RPM... Posted At: 10-20-09
By: Dave | | | | | | Try WindowsThen try Windows Vista...or even Windows 7. You will learn what hell is and you have to pay for that!
My wife, who is not an IT expert, loves... Posted At: 10-20-09
By: Anonymous | | | | | | ubuntui tried ubunutu last year. i hated it. that's the great thing about linux, you can always find a flavor you like. i found pclinux os. that's... Posted At: 10-20-09
By: Azri | | | | | | Re: Intel graphics fixI've got a low-end HP laptop with an integrated Intel graphics chipset. I've noticed a huge improvement in graphics performance since I upgraded to... Posted At: 10-19-09
By: caerbannog | | | | | | >>> Post your comment now! | | | | | |
|
 |
Linux & Open Source 
