August 28, 2025 - We are excited to announce the general availability of Ubuntu Pro Minimal 22.04 LTS with CIS hardening, a new variant of Ubuntu designed for organizations that require tight security controls, minimal attack surface, and out-of-the-box compliance. This new offering combines the efficiency of Minimal Ubuntu with the enterprise-grade security coverage of […]

28 Aug 2025 9:00am GMT

August 28, 2025 - We are excited to announce the general availability of Ubuntu Pro Minimal 22.04 LTS with CIS hardening, a new variant of Ubuntu designed for organizations that require tight security controls, minimal attack surface, and out-of-the-box compliance.

This new offering combines the efficiency of Minimal Ubuntu with the enterprise-grade security coverage of Ubuntu Pro and, now, pre-applied Center for Internet Security (CIS) benchmark hardening, helping enterprises deploy infrastructure that's compliant from Day Zero.

What is Ubuntu Pro Minimal with CIS hardening?

Starting from Minimal Ubuntu, a streamlined Ubuntu Server variant built with a minimal set of packages, this image includes only the essential components, reducing its attack surface and resource footprint.

Ubuntu Pro adds an enterprise-grade security layer, delivering patches for high and critical CVEs across all open source packages in Ubuntu, covering thousands of packages.

On top of this minimal, fully secured foundation, we've applied a CIS Level 1 benchmark hardening profile. This enforces configuration policies aligned with industry standards and best practices, covering areas such as:

• File system and permission policies
• Secure boot settings
• Network and firewall configurations
• Logging and auditing rules
• Access control and authentication mechanisms

Benefits of Ubuntu Pro Minimal with CIS hardening

• Hardened Out-of-the-box: The majority of the CIS security controls are pre-applied, reducing manual effort and human error. You get a secure, minimal OS that's ready for production from first boot.
• Minimal Footprint, Maximum Control: By starting from a minimal base, you deploy only what's needed, keeping your systems lightweight and performant.
• Pro-Grade Security Coverage: Includes up to 120 years of CVE patching for the full Ubuntu archive (both main and universe) and access to FIPS-certified cryptographic modules, DISA-STIG profiles, and kernel livepatch.
• Optimized for AWS: Shipped with the AWS-optimized kernel and agents for full compatibility across all instance types and EC2 AWS services.

How to get started

Ubuntu Pro Minimal 22.04 LTS with CIS hardening is already available on the AWS Marketplace and can also be launched using the EC2 console after subscribing to the product.

• Ubuntu Pro Minimal 22.04 LTS with CIS hardening (AMD64) - For x86 based instance types.
• Ubuntu Pro Minimal 22.04 LTS with CIS hardening (ARM) - For Graviton instance types

To learn more about Ubuntu Pro on AWS and our optional support options, contact us via our webpage or email us at aws@canonical.com.

28 Aug 2025 9:00am GMT

Desta vez, o plantel está completo, numa antevisão do clássico Derby da Festa do Software Livre! Temos comentadores de peso: André Alves, Tiago Carreira e João Jotta, na mesa com Miguel e Diogo Constantino, que vão partilhar um pouco das suas aventuras tecnológicas, mas sobretudo as suas expectativas para a Festa do Software Livre, que decorrerá no Porto, de 3 a 5 de Outubro.

Já sabem: oiçam, subscrevam e partilhem!

• Festa do Software Livre 2025, Porto, 3 a 5 de Outubro: https://festa2025.softwarelivre.eu/pt/
• https://ansol.org
• https://masto.pt/@andralves
• https://masto.pt/@tcarreira@floss.social
• https://mastodon.online/@joaojotta
• https://metenamesa.pt
• https://modaafoca.com
• https://joaojotta.com
• https://www.amazon.es/E1-Desktop-Computer-RJ45-4K-Display/dp/B0DWVZQ3SQ
• https://www.gmktec.com/products/intel-twin-lake-n150-dual-system-4-bay-nas-mini-pc-nucbox-g9
• https://netbird.io/
• Ubuntu Summit 2025, Londres, 23-24 de Outubro: https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london
• LoCo PT: https://loco.ubuntu.com/teams/ubuntu-pt/
• Mastodon: https://masto.pt/@pup
• Youtube: https://youtube.com/PodcastUbuntuPortugal

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo Senhor Podcast. O website é produzido por Tiago Carrondo e o código aberto está licenciado nos termos da Licença MIT. (https://creativecommons.org/licenses/by/4.0/). A música do genérico é: "Won't see it comin' (Feat Aequality & N'sorte d'autruche)", por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License. Os separadores de péssima qualidade foram tocados ao vivo e sem rede pelo Miguel, pelo que pedimos desculpa pelos incómodos causados. OS efeitos sonoros têm os seguintes créditos: Isto é um Alerta Ubuntu: Breaking news intro music by humanoide9000 - https://freesound.org/s/760770/ - License: Attribution 4.0. ; Junta-te à Força Aérea! - SunixMuz - Devil Dance (Opening, trailer, epic music, Free CCBY) by SunixMuz - https://freesound.org/s/767842/ - License: Attribution 4.0 Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização. A arte de episódio foi criada por encomenda pela Shizamura - artista, ilustradora e autora de BD. Podem ficar a conhecer melhor a Shizamura na Ciberlândia e no seu sítio web.

28 Aug 2025 12:00am GMT

Ubuntu 25.10 daily builds now include the Ptyxis terminal and Loupe image viewer apps out-of-the-box, along with new sudo-rs, hwcrtl, and Ubuntu Insights tools.

You're reading New Apps Arrive in Ubuntu 25.10 Dev Builds, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

27 Aug 2025 8:02pm GMT

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Read more at Skiniques

27 Aug 2025 4:27pm GMT

Canonical announced that official support for the NVIDIA Jetson Thor family is coming to Ubuntu, continuing a strategic collaboration with NVIDIA to accelerate AI innovation at the edge. The official support from Canonical will offer optimized Ubuntu images and enterprise-grade stability and security. This commitment to long-term support and security updates ensures enterprise-grade stability and reliability to the combination of Ubuntu and NVIDIA Jetson system-on-modules.

NVIDIA Jetson Thor: A powerful edge platform for physical AI and robotics

NVIDIA has just announced the availability of the Jetson AGX Thor Developer Kit along with the Jetson Thor™ series modules. The NVIDIA Jetson AGX Thor Developer Kit is a powerful platform for humanoid robotics and physical AI applications, delivering unmatched performance and scalability in a compact, power-efficient form factor. Built on advanced NVIDIA Blackwell and 128 GB of memory, NVIDIA Jetson Thor series modules deliver up to 2070 FP4 TFLOPS of AI compute effortlessly running the latest generative AI models to enable highly sophisticated robotic systems - all in a compact form factor. Compared with its predecessor, NVIDIA Jetson Orin™, Jetson Thor delivers up to 7.5x higher AI compute and 3.5x greater energy efficiency.

The NVIDIA Jetson Thor developer kit is a complete system for software development and prototyping, featuring a module on a carrier board with standard I/O. The Jetson Thor module is the core computing component designed for integration into a final product's custom hardware. The developer kit is for creating and testing software, while the module is for deploying that software in a production device.

Committing to secure & reliable AI deployment at the edge

NVIDIA JetPack is a comprehensive software development kit (SDK) that provides a full development environment for building and deploying AI applications on the NVIDIA Jetson platform. JetPack 7 uses the Linux 6.8 kernel with real-time support, which is the same as in Ubuntu 24.04 LTS. Canonical's official Ubuntu image for NVIDIA Jetson Thor will enable developers and enterprises to create breakthrough AI solutions, such as vision AI agents, Generative AI edge applications, medical devices and autonomous robots. The work between Canonical and NVIDIA will enable sustainable deployment of Generative AI applications at the edge - for the entire Jetson Thor series of modules.

Key benefits of this collaboration include:

• Enterprise-ready security: Benefit from Ubuntu's robust security features and long-term support, which enables compliance with regulations such as the Cyber Resilience Act.
• Reliable stability on certified hardware: Canonical's QA team performs an extensive set of over 500 OS compatibility-focused hardware tests to ensure that every aspect of the system is checked and verified for the best Ubuntu experience.
• Seamless development to deployment: Use the same architecture in your workstation and the cloud for a clear path to mass edge AI application distribution.

What does it mean for application developers?

The NVIDIA Jetson Thor modules are optimized for physical AI and robotics. Developers will be able to run the most popular GenAI models locally, such as Llama3.1, qwen3. gemma3, and deepseek-r1. Application developers can use their familiar inference engines like Ollama, vLLM, and Huggingface.

What makes Jetson Thor modules transformative is their support for GenAI applications. Its features include:

• Real-time kernel: A real-time kernel ensures predictable, low-latency task execution. This is critical for robotics applications, which need deterministic timing to avoid jitter.
• Multi-instance GPU (MIG): MIG partitions a single GPU into multiple secure, isolated instances. Each instance has dedicated hardware resources, allowing developers to run multiple AI models simultaneously with guaranteed performance.
• Support Any Generative AI model and Framework: JetPack7 provides a powerful compute stack to support any model AI models including large language model, vision language model or vision language action model such as NVIDIA GR00T N.
• NVIDIA Holoscan: This platform enables low-latency data streaming from sensors directly to the GPU. It allows developers to perform real-time sensor fusion and perception without CPU bottlenecks.

A shared vision for the AI era

This Jetson Thor release is the latest in a long series of Canonical initiatives integrating NVIDIA technology, and one of many releases under Canonical's Silicon Partner Program, which releases optimized images of Ubuntu for certified hardware from the world's biggest manufacturers.

Canonical's work with NVIDIA technologies aligns perfectly with our mission to make AI accessible for developers to build and reliable for businesses at scale. As a member of the NVIDIA Partner Network (NPN), Canonical offers official support for a wide range of NVIDIA products and solutions. Whether you're an enterprise delivering commercial solutions or an enthusiast looking to get hands-on with AI, Ubuntu on NVIDIA Jetson Thor provides the ideal platform for building the next million-device AI application.

Getting started

Jetson Thor image availability will be announced soon.

To get started with Ubuntu on NVIDIA Jetson, visit our download page.

These images are optimized for both the developer kit and the modules, ensuring you can build the most powerful edge AI applications, and scale their deployment successfully. Using these images is fast and easy: simply select the OS image to match your hardware, flash it onto a USB or NVMe disk, and load it onto your board. For Ubuntu Core, you will be able to download pre-built images for exploration and experimentation.

About Canonical

Canonical, the publisher of Ubuntu, provides open source security, support, and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.

Learn more at https://canonical.com/

Learn more

Find out more about Canonical's collaboration with NVIDIA.

Have a new AI accelerator? Explore certifying your hardware with images optimized for a variety of silicon platforms.

27 Aug 2025 11:14am GMT

Canonical commits to Ubuntu long-term support and security patching for NVIDIA Jetson Thor, bringing real-time performance, out-of-the-box compatibility, and a seamless runtime for AI inference workloads at the edge.

27 Aug 2025 11:14am GMT

Thunderbird 142 release is here with message linking, PDF signatures, Fastmail calendar fixes, and some new-found respect for system Do Not Disturb modes!

You're reading Thunderbird 142 Lets You Add Signatures to PDFs In-App, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

27 Aug 2025 2:50am GMT

Bazaar is a new multi-threaded Flatpak app for installing other Flatpak apps. It can handle multiple operations, curated apps, and integrated desktop search.

You're reading Bazaar is a Slick New Desktop Flathub Frontend, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

26 Aug 2025 10:30pm GMT

Parallels Desktop 26 adds macOS Tahoe support, Windows 11 25H2 compatibility, and expanded Linux VM options for both Apple silicon and Intel Macs.

You're reading Parallels Desktop 26 Update Improves Ubuntu VMs on macOS, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

26 Aug 2025 6:24pm GMT

Collaboration combines the leading cloud OS with the industry's first unified private cloud platform to accelerate cloud native innovation [LAS VEGAS] August 26, 2025-Broadcom Inc. (NASDAQ: AVGO) and Canonical today announced an expanded collaboration to help customers ship modern container-based and AI applications faster and more securely. By bringing together Canonical's trusted open-source software with […]

26 Aug 2025 1:09pm GMT

Allow-listing web traffic - blocking all web traffic that has not been pre-approved - is a common practice in highly sensitive environments. It is also a challenge for developers and system administrators working in those environments. In this blog, we'll cover an easy way to mitigate this challenge by using LXD to generate allow-lists. The […]

26 Aug 2025 1:00pm GMT

Welcome to the Ubuntu Weekly Newsletter, Issue 906 for the week of August 17 - 23, 2025. The full version of this issue is available here.

In this issue we cover:

• SRU and Governance docs -> Ubuntu Project docs
• Ubuntu Stats
• Hot in Support
• Rocks Public Journal; 2025-08-22
• Other Meeting Reports
• Upcoming Meetings and Events
• FOSS for All Conference 2025
• UbuCon Africa x DjangoCon Africa 2025: A Celebration of Community and Open Source
• Pre-UbuConLA 2025: Virtual Talks and Workshops Leading Up to Our Main Event
• LoCo Events
• [winning works] Questing Quokka Wallpaper Competition
• Ubuntu Project docs: Piloting 'article series'
• [Spec] stubble: A secure-boot friendly device-tree loading EFI stub
• Ubuntu at DevConf.US - Boston, USA, September 19th - 20th
• Ubuntu Cloud News
• Canonical News
• In the Press
• In the Blogosphere
• Other Articles of Interest
• Featured Audio and Video
• Updates and Security for Ubuntu 22.04, 24.04, and 25.04
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• Cristovao Cordeiro (cjdc) - Rocks
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

25 Aug 2025 11:09pm GMT

Zen Browser is a Firefox fork that rethinks modern web browsing with vertical tabs, split views, and a clean way to open new tabs - all without AI gimmicks.

You're reading Zen Browser - What Mozilla Firefox Should Be?, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

25 Aug 2025 10:49pm GMT

Today marks both a milestone and a turning point in my journey with open source software. I'm proud to announce the release of KDE Gear 25.08.0 as my final snap package release. You can find all the details about this exciting update at the official KDE announcement.

After much reflection and with a heavy heart, I've made the difficult decision to retire from most of my open source software work, including snap packaging. This wasn't a choice I made lightly - it comes after months of rejections and silence in an industry I've loved and called home for over 20 years.

Passing the Torch

While I'm stepping back, I'm thrilled to share that the future of KDE snaps is in excellent hands. Carlos from the Neon team has been working tirelessly to set up snaps on the new infrastructure that KDE has made available. This means building snaps in KDE CI is now possible - a significant leap forward for the ecosystem. I'll be helping Carlos get the pipelines properly configured to ensure a smooth transition.

Staying Connected (But Differently)

Though I'm stepping away from most development work, I won't be disappearing entirely from the communities that have meant so much to me:

• Kubuntu: I'll remain available as a backup, though Rik is doing an absolutely fabulous job getting the latest and greatest KDE packages uploaded. The distribution is in capable hands.
• Ubuntu Community Council: I'm continuing my involvement here because I've found myself genuinely enjoying the community side of things. There's something deeply fulfilling about focusing on the human connections that make these projects possible.
• Debian: I'll likely be submitting for emeritus status, as I haven't had the time to contribute meaningfully and want to be honest about my current capacity.

The Reality Behind the Decision

This transition isn't just about career fatigue - it's about financial reality. I've spent too many years working for free while struggling to pay my bills. The recent changes in the industry, particularly with AI transforming the web development landscape, have made things even more challenging. Getting traffic to websites now requires extensive social media work and marketing - all expected to be done without compensation.

My stint at webwork was good while it lasted, but the changing landscape has made it unsustainable. I've reached a point where I can't continue doing free work when my family and I are struggling financially. It shouldn't take breaking a limb to receive the donations needed to survive.

A Career That Meant Everything

These 20+ years in open source have been the defining chapter of my professional life. I've watched communities grow, technologies evolve, and witnessed firsthand the incredible things that happen when passionate people work together. The relationships I've built, the problems we've solved together, and the software we've created have been deeply meaningful.

But I also have to be honest about where I stand today: I cannot compete in the current job market. The industry has changed, and despite my experience and passion, the opportunities just aren't there for someone in my situation.

Looking Forward

Making a career change after two decades is terrifying, but it's also necessary. I need to find a path that can provide financial stability for my family while still allowing me to contribute meaningfully to the world.

If you've benefited from my work over the years and are in a position to help during this transition, I would be forever grateful for any support. Every contribution, no matter the size, helps ease this difficult period: https://gofund.me/a9c55d8f

Thank You

To everyone who has collaborated with me, tested my packages, filed bug reports, offered encouragement, or simply used the software I've helped maintain - thank you. You've made these 20+ years worthwhile, and you've been part of something bigger than any individual contribution.

The open source world will continue to thrive because it's built on the collective passion of thousands of people like Carlos, Rik, and countless others who are carrying the torch forward. While my active development days are ending, the impact of this community will continue long into the future.

With sincere gratitude and fond farewells,

Scarlett Moore

25 Aug 2025 3:42pm GMT

In sectors where precision and predictability are non-negotiable, timing is everything. Whether coordinating robotic arms on a factory floor, maintaining ultra-reliable latency in telecom networks, or ensuring an automotive braking system responds instantly, the success of these systems depends on meeting strict timing deadlines. This is the domain of real-time computing, where the operating system […]

25 Aug 2025 1:07pm GMT

New report indicates that open source adoption increases productivity, and offers opportunities for developing digital sovereignty and advancing AI projects Released in collaboration with Canonical, the company behind Ubuntu, the Linux Foundation's latest report, Open source as Europe's strategic advantage: trends, barriers, and priorities for the European open source community amid regulatory and geopolitical shifts, […]

25 Aug 2025 7:38am GMT

What are code imports?

Launchpad's code import service allows users to automatically mirror code from external version control systems into Launchpad. Historically, this has supported imports from CVS, Subversion, Bazaar and Git.

As part of this, Launchpad currently also supports imports into Bazaar branches from:

• Concurrent Version System to Bazaar
• Subversion via cvs2svn to Bazaar
• Subversion via bzr-svn to Bazaar

These imports will be deprecated.

Why deprecate these imports?

As announced in Phasing out Bazaar code hosting, Bazaar itself has been deprecated and is no longer actively developed. The last release was in 2016, and usage has steadily declined.

Maintaining imports from these less common version controls to Bazaar requires significant efforts.

To streamline our services and focus resources where they matter most, Launchpad will be retiring the previously mentioned Bazaar-based imports.

Timelines

• September 18th, 2025: No new import configurations for the previously mentioned Bazaar-based imports will be accepted.
  
• October 1st, 2025: All existing CVS to Bazaar and SVN to Bazaar imports (both cvs2svn and bzr-svn) will be shut down. Import jobs will no longer run after this date.
  

Migration paths

If you are currently using these imports, we recommend:

• Migrating the source repository to Git.
• Reconfiguring your Launchpad project to use a Git-based import instead.

Guides and references:

• Migrate a Repository From Bazaar to Git
• General CVS/SVN to Git migration tools (such as git cvsimport, svn2git, or git svn) are widely documented.

Call for action

If you have a project still depending on CVS to Bazaar or SVN to Bazaar imports, and you are unsure how to migrate, please reach out to us.

You can contact us in #launchpad:ubuntu.com on Matrix, or via e-mail at feedback@launchpad.net.

Join the discussion at: https://discourse.ubuntu.com/t/deprecating-cvs-and-subversion-imports/66876

25 Aug 2025 7:14am GMT

Firefox web app support is on the way, and a recent stable build gives users on Windows an early chance to test it out for running websites as windowed apps.

You're reading Firefox Web App Support Available to Test (on Windows, At Least), a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

24 Aug 2025 10:39pm GMT

FFmpeg 8.0 introduces Vulkan compute-based codecs for pro-grade video formats, new decoders, Whisper AI transcription, and other assorted improvements.

You're reading FFmpeg's 'Largest Release' Yet Brings Vulkan Video Processing, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

24 Aug 2025 3:22pm GMT

Aviator is a user-friendly GTK4 AV1 encoder for Linux that makes it easy to convert convert videos to AV1. Smaller file sizes with minimal quality loss.

You're reading Aviator is a Fast, User-Friendly App for AV1 Video Encoding on Linux, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

23 Aug 2025 3:20am GMT

A more responsive Tidal experience with gapless playback is on offer in the latest update of High Tide, a GTK4/libadwaita Tidal client for Linux.

You're reading High Tide (Linux Tidal Client) Adds Gapless Playback, Replay Gain, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

22 Aug 2025 4:20pm GMT

Azure's Update Manager now shows missing Ubuntu Pro updates for all Ubuntu Long-Term Support (LTS) releases: 18.04, 20.04, 22.04 and 24.04. The feature was first introduced for only 18.04 during its move to Expanded Security Maintenance. With this addition, Azure highlights where Ubuntu LTS instances would benefit from Expanded Security Maintenance updates if the administrator […]

22 Aug 2025 12:59pm GMT

Kdenlive 25.08 brings improved audio mixing, enhanced Titler, 10-bit H.265 encoding for NVIDIA GPUs, and plenty of bug fixes to this FOSS video editor.

You're reading Kdenlive 25.08 Enhances Audio Mixer, Adds 10-bit H.265 Support, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

21 Aug 2025 7:26pm GMT

Thunderbird Pro will offer Thundermail email service, appointment scheduling, file sharing, and maybe even AI features. Email will be hosted on German servers.

You're reading Thunderbird Pro Features Detailed in New Update, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

21 Aug 2025 3:50pm GMT

Security researchers found that a free VPN extension for Chrome with over 100k is taking screen grabs of users' browsing and uploading them to a remote server.

You're reading Free VPN Extension Found Taking Screenshots, Uploading Them, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

20 Aug 2025 7:26pm GMT

Many business owners in the software development industry are investing a lot into LLM bots, marketed as "generative AI". Some of them go as far as forcing software developers to use such tools under the threat of being fired if they don't comply. After all, why shouldn't they? This technology has a catchy name, it produces very convincing output that sometimes is correct (or close to being correct), and companies producing these tools are very good at downplaying their limitations and at promising that the "next version" will be astonishingly better than the one before.

My day-to-day experience, and scientific research, however show a quite big problem: while senior developers get little or no gain from "generative AI" (1, 2, 3, 4), junior developers get massive boosts in productivity. Why am I describing a boost in productivity as a problem? Well, it's simple: the new generations of software developers (the ones that are just entering the job market, and the ones that are still in school) are relying heavily on these LLM tools for nearly all work-related tasks. And, again, why shouldn't they? The entire world is telling them to do so! And as a result of that, they are advancing without gaining any actual skill.

Me and other (ex-)coworkers have seen it first hand: a junior developer completes a task using an LLM bot. More senior developers find major problems with the result. Junior developers go back to the LLM tool asking for a fix, wasting hours or days without a positive outcome. Junior developers are becoming unable to perform tasks independently.

In addition to that, there's a problem that I feel like is not talked about extensively: these LLM tools can only regurgitate what they've been trained with. They're good at finding patterns and re-applying strategies that have been used in prior work, but by their nature they cannot create or innovate. So, if this trend continues, the new generations of software developers are not just going to be skill-less, they're also going to be incapable of solving new problems that haven't been seen before.

My prediction? Within 10 or 20 years, the older generation of software developers will be asked to come out of retirement to fix the unmaintainable mess created by the newer generations, and to make advancements in the information technology sector. A bit like old COBOL developers are asked to come out of retirement to maintain banking systems, but on a much larger scale. This, unless there will be advancements towards true Artificial Intelligence, or unless the current trend in education is broken.

Now don't get me wrong: I'm not opposed to LLM bots (although I'm against calling them "AI", because they're very far from fulfilling the AI promise), and I think they can be very powerful tools. What I'm worried about is that new generations are being told to rely on them almost exclusively, and this can only lead to an evident skill gap. In fact, I think that if there's a country that in the future will be able to harness the power of the LLM bots and at the same time maintain a good enough level of education, thus addressing the skill gap problem, they will be the dominant economic power of the future, because they will be able to automate tasks that are time/energy-consuming for humans, while at the same time use the human brain to innovate and advance.

20 Aug 2025 5:17pm GMT

LibreOffice 25.8 released with PDF 2.0 export, 30% faster file opening, new Calc functions, better performance, and various user-interface tweaks.

You're reading LibreOffice 25.8 Released with PDF 2.0 Export, Faster Performance, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

20 Aug 2025 11:13am GMT

Ubuntu is the home of ROS. The very first ROS distribution, Box Turtle, launched on Ubuntu 8.04 LTS, Hardy Heron, and since then, Ubuntu and ROS have grown hand in hand. With every Ubuntu LTS release, a new ROS distribution follows, an intentional alignment that ensures ROS works out of the box on Ubuntu Desktop, […]

20 Aug 2025 1:48am GMT

I haven't posted for quite some time, and a lot has happened. For instance, my wife revived Edubuntu and my work with Ubuntu Studio now spans over 7 years.

Recently, I became the proud owner of a Behringer X-Air XR18. This became the key to opening a new business, which I'll announce at a later date. I'm working on acquiring more equipment to make this work.

As many people know, the XR18 is a stagebox-style mixer in which the mixer is physically on the stage with no controls but controlled with an iPad or Android tablet. However, as the owner of a Behringer X-Touch, which integrates seamlessly with an X-Air mixer via either MIDI or Network connections. In my situation, this gives the ability to have a physical front-of-house setup, with a computer showing the X-Air Edit application.

However, what if I want to multi-track record or add custom effects via Ubuntu Studio? This is where it would get complicated as I would then have to run a prohibitively-long USB cable from my computer to the XR18 on the stage. This would not be ideal.

As many people know, MIDI can be routed via network, which is the way the X-Touch, XR18, and X-Air app work together. A simple WiFi router and ethernet cable wouild be a great solution to this problem, but that also leaves an Ethernet cable prone to being tripped-over by audience members (unless one were to gaff it down). So, since we've already got WiFi, let's take advantage of that.

To expose the audio ports to the WiFi, we're going to have to bridge it. But… how? Most people would tell me just to use Dante but, unfortunately, Audinate refuses to support Linux, and AES67 support in PipeWire is very young. However, it turns out, JackTrip is in the Ubuntu repositories and, as its name would imply, integrates seamlessly with JACK and, therefore, PipeWire.

Setting this up is rather simple, and I'm documenting the process here.

Prerequisites

• A Raspberry Pi 4 or higher (I have a late 2023 Raspberry Pi 5)
• A micro SD card (16GB or larger)
• Ubuntu Server for Raspberry Pi (I used 24.04, linked here).
• Optional: Ubuntu Pro (for the RealTime Ubuntu Raspberry Pi Kernel)

Here we go…

The first thing I did was install the downloaded preinstalled server image to a micro SD card. This is accomplished using Raspberry Pi Imager. I used the Snap version maintained by Dave Jones of Canonical, part of Canonical's Raspberry Pi team. If you've never met Dave, he does all of his computing via Raspberry Pi, and it's a sight to behold!

To get that, it's as easy as sudo snap install rpi-imager.

I made sure to set the server to automatically detect my WiFi, but if you plan to use a hard Ethernet connection, this isn't necessary. Just be sure you can SSH into the machine as this is key (pre-set a user and set the machine name).

Once the SD card is imaged, I SSH'd into the machine (ssh erich@{computer-name}.local). The first thing I did was install jackd2 and jacktrip:

sudo apt install --no-install-recommends jackd2 jacktrip

One must use the --no-install-recommends option to avoid installing unecessary graphical tools as jackd2 will want to install qjackctl which is the GUI application to control JACK. We don't need it here. JackTrip has an option to automatically connect to all inputs and outputs, so we'll use that here.

To automatically start JACK upon boot, I modified this systemd unit file to be custom for my setup. You'll notice I made the buffer 256 (-p 256) with 3 periods per buffer (-n 3) as gives the highest reliablility on a USB connection. Additionally, the highest frequency an XR18 runs at is 48000 Hz, so I made sure to set the frequency there (-r 48000). Also, we want the process to run in realtime and directly to ALSA (--realtime -dalsa):

[Unit]
Description=JACK server using %i user profile
Documentation=man:jackd(1)
After=sound.target local-fs.target

[Service]
User=%i
Group=%i
#Type=notify
EnvironmentFile=-/etc/jack/alsa.conf
#EnvironmentFile=-%h/.config/jack/%i.conf
ExecStart=/usr/bin/jackd --realtime -dalsa -p 256 -n 3 -r 48000
# -d $DEVICE $DRIVER_SETTINGS
LimitRTPRIO=95
LimitRTTIME=infinity
LimitMEMLOCK=infinity
# Caution: use on memory-limited devices only
# OOMScoreAdjust=-1000

[Install]
WantedBy=multi-user.target

I installed this to /usr/lib/systemd/system/jackd@.service.

Next, I created a systemd unit file to start JackTrip. I needed this to be a server (-s), with 18 inputs and outputs (for an XR18, -n 18) and automatically connect upon start (-q auto):

[Unit]
Description=JackTrip Audio Network Service
After=network.target sound.target jackd@%i.service
Wants=network-online.target

[Service]
# Run as a specific user who has JACK permissions
User=%i
Group=%i

ExecStart=jacktrip -s -n 18 -q auto --udprt
Restart=always
RestartSec=5

# Optional: environment for JACK if needed
#Environment=JACK_NO_AUDIO_RESERVATION=1

# Give JACK/JackTrip real-time priority
LimitRTPRIO=infinity
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target

I installed this to /usr/lib/systemd/system/jacktrip@.service.

Next, to make sure this runs as my user, I did the following:

sudo systemctl enable jackd@erich.service
sudo systemctl enable jacktrip@erich.service

Optionally, since this will be used as a headless appliance, one can use Ubuntu Pro to get the RealTime Kernel. This is accomplished by the following with an Ubuntu One account:

pro attach
pro enable realtime-kernel

To make sure everything worked, check pro status.

You can have up to 5 machines running Ubuntu Pro for free. In my case, as an Ubuntu Member, I can have up to 50 machines for free, and this is only my third one!

Once this is done, reboot. On your other machine, install jacktrip-gui. (This will be in Ubuntu Studio 25.10 and higher by default!): sudo apt install jacktrip-gui.

Opening it, it will ask you if you want to sign in with a Virtual Studio account. This is because JackTrip allows you to collaborate across the entire internet with fellow musicians with very low latency! It's pretty cool! However, we don't need that for this purpose. Instead, we're going to say "No" and simply connect to the server as a P2P client:

Enter the computer name with .local afterwards, and it should find it as long as your desktop or laptop is connected to the same network as the Raspberry Pi.

After you click "Connect", you should see this:

As you can see, this has audio coming in from a microphone already.

Back in X-Air Edit, already connected to the mixer, I changed my routing so channels 1 and 2 were being sent to the aux, so I can then use my computer's audio there for music from e.g. Spotify:

Next I started a Dummy Audio Device from Ubuntu Studio Audio Configuration and made it the main output for the computer. I then connected the monitor of the dummy output to channels 1 and 2 of JackTrip using Patchance:

…and VIOLA! Even testing my microphone, there was so little latency it was imperceivable.

I'm envisioning a setup like this:

STAGE:
 _________       USB      _______
|  X-Air  |--------------| RasPi | 
|_________|---   ETH  ---|_______|
             _|______|_                           __________
            | WiFi     |                         | WiFi     |
            | Router   |   ))))           ((((   | Repeater |
            |__________|                         |__________|
                                                ETH    |           
                                  FOH:      ------------
                    __________        _____|_____        _________
                   | Computer | ETH  | Ethernet  |  ETH | X-Touch |
                   |__________|------| Switch    |------|_________|
                                     |___________|

I'm excited to test this further! Overall, I feel like I've found a way to do a Dante-less audio-over-ethernet setup that cost me nothing!

19 Aug 2025 7:48pm GMT

Monitor disk space in GNOME Shell with this extension. An alternative to the now-gone Other Locations panel in Nautilus, it gives glanceable filesystem usage checks.

You're reading For a Quick Way to See Disk Space in Ubuntu, Try This Extension, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

19 Aug 2025 5:54pm GMT

Ubuntu 25.04 introduces full AMD SEV-SNP host support, making Ubuntu the first production-grade Linux distribution to deliver end-to-end confidential computing , from host to guest , without out-of-tree patches or experimental builds. With this release, enterprises can deploy confidential virtual machines on fully Ubuntu-based stacks in both private and public clouds. SEV-SNP enforces hardware-level isolation by encrypting guest memory with per-VM keys and protecting integrity through secure nest

19 Aug 2025 12:36pm GMT

Welcome to the Ubuntu Weekly Newsletter, Issue 905 for the week of August 10 - 16, 2025. The full version of this issue is available here.

In this issue we cover:

• Questing (to be 25.10) now in Feature Freeze
• Ubuntu Release Management Newsletter - August 2025
• Ubuntu Stats
• Hot in Support
• Rocks Public Journal; 2025-08-12
• Other Meeting Reports
• Upcoming Meetings and Events
• DjangoCon Africa 2025 kicks off
• LoCo Events
• [update] Kernel Version Selection for Ubuntu Releases
• Linux 6.17 in Ubuntu 25.10 to be an Unstable Kernel at release
• EuroPython 2025: "I came for the language, but stayed for the community"
• Welcome to the CODA Workshop at DjangoCon Africa
• [Video] UbuCon Korea 2025 Interview with Sponsors
• Other Community News
• Canonical News
• In the Blogosphere
• Featured Audio and Video
• Updates and Security for Ubuntu 22.04, 24.04, and 25.04
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• Cristovao Cordeiro (cjdc) - Rocks
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

.

18 Aug 2025 10:44pm GMT

Firefox 142 lets US users curate stores on the new tab stories by topic and lets web extensions use local AI models, among other changes. Highlights inside.

You're reading Firefox 142 Adds New Tab Topics, Local AI in Extensions + More, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

18 Aug 2025 10:19pm GMT

Raspberry Pi launch a 5-inch Touch Display 2, ideal for interactive projects. It features 720×1280 resolution and supports five-finger touch gestures.

You're reading Smaller, Cheaper Raspberry Pi Touch Display 2 Announced, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

18 Aug 2025 2:04pm GMT

Embarking on a quest can be serious business - whether you're going off on a family holiday or traveling the hills of Britain in search of the holy grail, our focus is very much affixed to the finish line. Every year, nearly 1 million people from across the globe pack their bags and trek thousands […]

18 Aug 2025 11:23am GMT

Introduction

The Linux Containers project maintains Long Term Support (LTS) releases for its core projects. Those come with 5 years of support from upstream with the first two years including bugfixes, minor improvements and security fixes and the remaining 3 years getting only security fixes.

This is now the fifth round of bugfix releases for LXC, LXCFS and Incus 6.0 LTS.

LXC

LXC is the oldest Linux Containers project and the basis for almost every other one of our projects. This low-level container runtime and library was first released in August 2008, led to the creation of projects like Docker and today is still actively used directly or indirectly on millions of systems.

Announcement: https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438

Highlights of this point release:

• Fixes a regression introduced in LXC 6.0.4 which was causing some hooks to fail due to no-new-priv handling
• Removed support for building with the bionic C library (Android) as it hadn't been functional for a long time
• Fixed handling of the container_ttys environment variable
• Added support for both move and nosymfollow mount options
• Improved testsuite coverage

LXCFS

LXCFS is a FUSE filesystem used to workaround some shortcomings of the Linux kernel when it comes to reporting available system resources to processes running in containers. The project started in late 2014 and is still actively used by Incus today as well as by some Docker and Kubernetes users.

Announcement: https://discuss.linuxcontainers.org/t/lxcfs-6-0-5-lts-has-been-released/24437

There are no significant changes in this release, only a couple of minor changes to our CI scripts. We are still pushing a LXCFS update out to keep versions in sync between LXC, LXCFS and Incus, but this release is effectively identical to 6.0.4.

Incus

Incus is our most actively developed project. This virtualization platform is just over a year old but has already seen over 3500 commits by over 120 individual contributors. Its first LTS release made it usable in production environments and significantly boosted its user base.

Announcement: https://discuss.linuxcontainers.org/t/incus-6-0-5-lts-has-been-released/24445

Highlights of this point release:

• Support for memory hotplug in VMs
• Reworked logging subsystem
• SNAT support on complex network forwards
• CLI support for server-side filtering on all collections
• Windows agent support for VMs
• Improvements support to incus-migrate (extra disks, OVA, …)
• SFTP API support on custom storage volumes
• Support for publishing instances as split images
• S3 upload of instances and volume backups
• More flexible snapshot configuration

What's next?

We're expecting another LTS bugfix release for the 6.0 branches by the end of 2025.
In the mean time, Incus will keep going with its usual monthly feature release cadence.

Thanks

This LTS release update was made possible thanks to funding provided by the Sovereign Tech Fund (now part of the Sovereign Tech Agency).

The Sovereign Tech Fund supports the development, improvement, and maintenance of open digital infrastructure. Its goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity, and the people behind the code.

Find out more at: https://www.sovereign.tech

15 Aug 2025 7:26pm GMT

This release brings certified Ubuntu to Qualcomm Dragonwing QCS6490 and QCS5430 processors, accelerating time to market for ODMs/OEMs

14 Aug 2025 7:28pm GMT

O episódio de hoje é abreviado, porque está um calor de ananases dos trópicos; demos uma vista de olhos sobre tópicos assim-assim, outros meio tristes sobre vistas curtas, fizemos vista grossa sobre temas entrópicos e há mudanças à vista.

Já sabem: oiçam, subscrevam e partilhem!

• https://archive.org/details/tristes-tropiques
• https://pt.wikipedia.org/wiki/Redufla%C3%A7%C3%A3o
• https://openprinting.github.io/OpenPrinting-News-25-years-of-working-full-time-for-printing-with-free-open-source-software/
• https://ubuntu.social/@till/114932477260801209
• https://www.linkedin.com/pulse/welcome-openprinting-openprinting-fsu8f/
• https://www.linkedin.com/in/kamppetertill/
• https://www.theregister.com/2025/08/04/canonical_drops_openprinting_lead/
• The Future of Open Printing: https://www.youtube.com/watch?v=0bSuV9advtA
• https://en.wikipedia.org/wiki/CUPS
• https://github.com/openprinting/cups
• https://discourse.ubuntu.com/t/listening-to-contributors-code-documentation-translation-testing-etc-participate-in-a-feedback-session/63837
• Questing Quokka 25.10 Wallpaper Competition: https://discourse.ubuntu.com/t/questing-quokka-25-10-wallpaper-competition/61560
• https://discourse.ubuntu.com/t/questing-quokka-25-10-wallpaper-competition/61560
• Ubucon Africa / DjangoCon Africa, Arusha, Tanzania, 11 a 15 de Agosto: https://ubuntu.com/blog/ubucon-africa-and-djangocon-africa-2025
• https://2025.djangocon.africa/
• Festa do Software Livre 2025, Porto, 3 a 5 de Outubro: https://festa2025.softwarelivre.eu/pt/
• Ubuntu Summit 2025, Londres, 23-24 de Outubro: https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london
• LoCo PT: https://loco.ubuntu.com/teams/ubuntu-pt/
• Mastodon: https://masto.pt/@pup
• Youtube: https://youtube.com/PodcastUbuntuPortugal

Atribuição e licenças

Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo Senhor Podcast. O website é produzido por Tiago Carrondo e o código aberto está licenciado nos termos da Licença MIT. (https://creativecommons.org/licenses/by/4.0/). A música do genérico é: "Won't see it comin' (Feat Aequality & N'sorte d'autruche)", por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License. Os separadores de péssima qualidade foram tocados ao vivo e sem rede pelo Miguel, pelo que pedimos desculpa pelos incómodos causados. Este episódio e a imagem utilizada estão licenciados nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização. A arte de episódio foi criada por encomenda pela Shizamura - artista, ilustradora e autora de BD. Podem ficar a conhecer melhor a Shizamura na Ciberlândia e no seu sítio web.

14 Aug 2025 12:00am GMT

Effective AppSec is not a one-time fix but a continuous journey across every facet of your application's lifecycle. By embracing a Secure Software Development Lifecycle (SSDLC) from the outset, diligently uncovering potential risks, and mastering your cybersecurity fundamentals, you lay a robust foundation for resilient applications.

11 Aug 2025 9:00am GMT

Debian 13 has finally been released!

One of the biggest and under-hyped features is support for HTTP Boot. This allows you to simply specify a URL (to any d-i or live image iso) in your computer's firmware setup and then you can boot to it directly over the Internet, so no need to download an image, write it to flash disk and then boot from the flash disk on computers made in the last ~5 years. This is also supported on the Tianocore free EFI firmware, which is useful if you'd like to try it out on QEMU/KVM.

More details about Debian 13 available on the official press release.

The default theme for Debian 13 is Ceratopsian, designed by Elise Couper. I'll be honest, I wasn't 100% sure it was the best choice when it won the artwork vote, but it really grew on me over the last few months, and it looked great in combination with all kinds of other things during DebConf too, so it has certainly won me over.

And I particularly like the Plymouth theme. It's very minimal, and it reminds me of the Toy Story Trixie character, it's almost like it helps explain the theme:

Plymouth (start-up/shutdown) theme.

Trixie, the character from Toy Story that was chosen as the codename for Debian 13.

Debian Local Team ISO testing

Yesterday we got some locals together for ISO testing and we got a cake with the wallpaper printed on it, along with our local team logo which has been a work in progress for the last 3 years, so hopefully we'll finalise it this year! (it will be ready when it's ready). It came out a lot bluer than the original wallpaper, but still tasted great.

For many releases, I've been the only person from South Africa doing ISO smoke-testing, and this time was quite different, since everyone else in the photo below tested an image except for me. I basically just provided some support and helped out with getting salsa/wiki accounts and some troubleshooting. It went nice and fast, and it's always a big relief when there are no showstoppers for the release.

My dog was really wishing hard that the cake would slip off.

Packaging-wise, I only have one big new package for Trixie, and that's Cambalache, a rapid application design UI builder for GTK3/GTK4.

The version in trixie is 0.94.1-3 and version 1.0 was recently released, so I'll get that updated in forky and backport it if possible.

I was originally considering using Cambalache for an installer UI, but ended up going with a web front-end instead. But that's moving firmly towards forky territory, so more on that another time!

Thanks to everyone who was involved in this release, so far upgrades have been very smooth!

10 Aug 2025 2:53pm GMT

The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 24.04.3 LTS. This is a minor release which wraps-up the security and bug fixes into one .iso image, available for download now.

The biggest change is the lowlatency kernel has been officially retired, replaced by the generic Ubuntu kernel. Those that have been using Ubuntu Studio 24.04 and upgraded may have already noticed this change.

With that said, much like Ubuntu Studio 24.10 and higher, the generic kernel includes kernel parameters added upon boot that allow the kernel to act in a lowlatency mode, so you now can enjoy the benefits of the lowlatency kernel while using the generic kernel.

We realize this may come as a shock, but when 24.04 was released, we knew this day would eventually come. However, there is no difference between the lowlatency kernel and the generic kernel with these boot parameters. They are:

• preempt=full: Makes the kernel fully preemptible
• rcu_nocbs=all Offloads Read-Copy Update (RCU) callbacks from all CPUs dedicated to kernel threads, improves real-time performance
• threadirqs Forces interrupt handlers to run in a threaded context, reducing buffer xruns

These kernel parameters can be found in the files in /etc/defaults/grub.d

Please give financially to Ubuntu Studio!

Giving is down. We understand that some people may no longer be able to give financially to this project, and that's OK. However, if you have never given to Ubuntu Studio for the hard work and dedication we put into this project, please consider a monetary contribution.

Additionally, we would love to see more monthly contributions to this project. You can do so via PayPal, Liberapay, or Patreon. We would love to see more contributions!

So don't wait, and don't wait for someone else to do it! Thank you in advance!

Donate using PayPal Donations are Monthly or One-Time

Donate using Liberapay Donations are Weekly, Monthly, or Annually

Donate using Patreon Become a Patron!Donations are Monthly

08 Aug 2025 4:15am GMT

About 90% of my Debian contributions this month were sponsored by Freexian.

You can also support my work directly via Liberapay or GitHub Sponsors.

DebConf

I attended DebConf for the first time in 11 years (my last one was DebConf 14 in Portland). It was great! For once I had a conference where I had a fairly light load of things I absolutely had to do, so I was able to spend time catching up with old friends, making some new friends, and doing some volunteering - a bit of Front Desk, and quite a lot of video team work where I got to play with sound desks and such. Apparently one of the BoFs ("birds of a feather", i.e. relatively open discussion sessions) where I was talkmeister managed to break the automatic video cutting system by starting and ending precisely on time, to the second, which I'm told has never happened before. I'll take that.

I gave a talk about Debusine, along with helping Enrico run a Debusine BoF. We still need to process some of the feedback from this, but are generally pretty thrilled about the reception. My personal highlight was getting a shout-out in a talk from CERN (in the slide starting at 32:55).

Other highlights for me included a Python team BoF, Ian's tag2upload talk and some very useful follow-up discussions, a session on archive-wide testing, a somewhat brain-melting whiteboard session about the "multiarch interpreter problem", several useful discussions about salsa.debian.org, Matthew's talk on how Wikimedia automates their Debian package builds, and many others. I hope I can start attending regularly again!

OpenSSH

Towards the end of a release cycle, people tend to do more upgrade testing, and this sometimes results in interesting problems. Manfred Stock reported "No new SSH connections possible during large part of upgrade to Debian Trixie", and after a little testing in a container I confirmed that this was a reproducible problem that would have affected many people upgrading from Debian 12 (bookworm), with potentially severe consequences for people upgrading remote systems. In fact, there were two independent problems that each led to much the same symptom:

• OpenSSH 9.8 split the monolithic sshd listener process into two pieces: a minimal network listener (still called sshd), and an sshd-session process dealing with each individual session. (OpenSSH 10.0 further split sshd-session, adding an sshd-auth process that deals with the user authentication phase of the protocol.) This hardens the OpenSSH server by using different address spaces for privileged and unprivileged code.

  Before this change, when sshd received an incoming connection, it forked and re-executed itself with some special parameters to deal with it. After this change, it forks and executes sshd-session instead, and sshd no longer accepts the parameters it used to accept for this.

  Debian package upgrades happen in two phases: first we unpack the new files onto disk, and then we run some package-specific configuration steps which usually include things like restarting services. (I'm simplifying, but this is good enough for this post.) Normally this is fine, and in fact desirable: the old service keeps on working, and this approach often allows breaking what would otherwise be difficult cycles by ensuring that the system is in a more coherent state before trying to restart services. However, in this case, unpacking the new files onto disk immediately means that new SSH connections no longer work: the old sshd receives the connection and tries to hand it off to a freshly-executed copy of the new sshd binary on disk, which no longer supports this.

  If you're just upgrading OpenSSH on its own or with a small number of other packages, this isn't much of a problem as the listener will be restarted quite soon; but if you're upgrading from bookworm to trixie, there may be a long gap when you can't SSH to the system any more, and if something fails in the middle of the upgrade then you could be in trouble.

  So, what to do? I considered keeping a copy of the old sshd around temporarily and patching the new sshd to re-execute it if it's being run to handle an incoming connection, but that turned out to fail in my first test: dependencies are normally only checked when configuring a package, so it's possible to unpack openssh-server before unpacking a newer libc6 that it depends on, at which point you can't execute the new sshd at all. (That also means that the approach of restarting the service at unpack time instead of configure time is a non-starter.) We needed a different idea.

  dpkg, the core Debian package manager, has a specialized facility called "diversions": you can tell it that when it's unpacking a particular file it should put it somewhere else instead. This is normally used by administrators when they want to install a locally-modified version of a particular file at their own risk, or by packages that knowingly override a file normally provided by some other package. However, in this case it turns out to be useful for openssh-server to temporarily divert one of its own files! When upgrading from before 9.8, it now diverts /usr/sbin/sshd to /usr/sbin/sshd.session-split before the new version is unpacked, then removes the diversion and moves the new file into place once it's ready to restart the service; this reduces the period when incoming connections fail to a minimum. (We actually have to pretend that the diversion is being performed on behalf of a slightly different package since we're using dpkg-divert in a strange way here, but it all works.)

• Most OpenSSH processes, including sshd, check for a compatible version of the OpenSSL library when they start up. This check used to be very picky, among other things requiring both the major and minor number to match. OpenSSL 3 has a better versioning policy, and so OpenSSH 9.4p1 relaxed this check.

  Unfortunately, bookworm shipped with OpenSSH 9.2p1, which means that as soon as you unpack the new libssl3 during an upgrade (actually libssl3t64 due to the 64-bit time_t transition), sshd stops working. This couldn't be fixed by a change in trixie; we needed to change bookworm in advance of the upgrade so that it would tolerate newer versions of OpenSSL. And time was tight if we wanted to maximize the chance that people would apply that stable update before upgrading to trixie; there isn't going to be another point release of Debian 12 before the release of Debian 13.

  Fortunately, there's a stable-updates mechanism for exactly this sort of thing, and the stable release managers kindly accepted my proposal to fix this there.

The net result is that if you apply updates to bookworm (including stable-updates / bookworm-updates, which is enabled by default) before starting the upgrade to trixie, everything should be fine. Many thanks to Manfred for reporting this with just enough time to spare that we were able to fix it before Debian 13 is released in a few days!

debmirror

I did my twice-yearly refresh of debmirror's mirror_size documentation, and applied a patch from Christoph Goehre to improve mirroring of installer files.

madison-lite

I proposed renaming this project along with the rmadison tool in devscripts, although I'm not yet sure what a good replacement name would be.

Python team

I upgraded python-expandvars, python-typing-extensions (in experimental), and webtest to new upstream versions.

I backported fixes for some security vulnerabilities to unstable:

• python-urllib3: CVE-2025-50181, CVE-2025-50182

I fixed or helped to fix a number of release-critical bugs:

• bitstruct: autopkgtest regression: invalid command 'test'
• django-pipeline: autopkgtest failure (contributed supporting fix upstream)
• pnopaste: Fails to install with debconf noninteractive frontend (suggested possible patch)
• py3dns: autopkgtest regression: '96.7.128.186' != '93.184.215.14' (contributed upstream)
• python-marshmallow-dataclass: autopkgtest depends on removed package python-marshmallow-enum
• python-pkgconfig: autopkgtest regression: list index out of range
• python-txrequests: autopkgtest regression: twisted.trial.unittest.FailTest: 200 != 404

I fixed some other bugs, mostly Severity: important:

• afew: Unable to remove tags (reviewed and merged MR)
• ipy: FTBFS with the nocheck build profile
• paramiko: Does not correctly handle OpenSSH 10 version
• python-django-storages: FTBFS with the nocheck build profile
• python-icalendar: Depends on a transitional package (and follow-up fixes for missing build-dependencies in python-recurring-ical-events, python-x-wr-timezone, and todoman)
• python-libais: Stop calling python3 setup.py test (contributed supporting fix upstream)

I reinstated python3-mastodon's build-dependency on and recommendation of python3-blurhash, now that the latter has been fixed to use the correct upstream source.

06 Aug 2025 10:41am GMT

Partners holding big jigsaw puzzle pieces flat vector illustration. Successful partnership, communication and collaboration metaphor. Teamwork and business cooperation concept.

I write this in the wake of a personal attack against my work and a project that is near and dear to me. Instead of spreading vile rumors and hearsay, talk to me. I am not known to be 'hard to talk to' and am wide open for productive communication. I am disheartened and would like to share some thoughts of the importance of communication. Thanks for listening.

Open source development thrives on collaboration, shared knowledge, and mutual respect. Yet sometimes, the very passion that drives us to contribute can lead to misunderstandings and conflicts that harm both individuals and the projects we care about. As contributors, maintainers, and community members, we have a responsibility to foster environments where constructive dialogue flourishes.

The Foundation of Healthy Open Source Communities

At its core, open source is about people coming together to build something greater than what any individual could create alone. This collaborative spirit requires more than just technical skills-it demands emotional intelligence, empathy, and a commitment to treating one another with dignity and respect.

When disagreements arise-and they inevitably will-the manner in which we handle them defines the character of our community. Technical debates should focus on the merits of ideas, implementations, and approaches, not on personal attacks or character assassinations conducted behind closed doors.

The Importance of Direct Communication

One of the most damaging patterns in any community is when criticism travels through indirect channels while bypassing the person who could actually address the concerns. When we have legitimate technical disagreements or concerns about someone's work, the constructive path forward is always direct, respectful communication.

Consider these approaches:

• Address concerns directly: If you have technical objections to someone's work, engage with them directly through appropriate channels
• Focus on specifics: Critique implementations, documentation, or processes-not the person behind them
• Assume good intentions: Most contributors are doing their best with the time and resources available to them
• Offer solutions: Instead of just pointing out problems, suggest constructive alternatives

Supporting Contributors Through Challenges

Open source contributors often juggle their community involvement with work, family, and personal challenges. Many are volunteers giving their time freely, while others may be going through difficult periods in their lives-job searching, dealing with health issues, or facing other personal struggles.

During these times, our response as a community matters enormously. A word of encouragement can sustain someone through tough periods, while harsh criticism delivered thoughtlessly can drive away valuable contributors permanently.

Building Resilient Communities

Strong open source communities are built on several key principles:

Transparency in Communication: Discussions about technical decisions should happen in public forums where all stakeholders can participate and learn from the discourse.

Constructive Feedback Culture: Criticism should be specific, actionable, and delivered with the intent to improve rather than to tear down.

Recognition of Contribution: Every contribution, whether it's code, documentation, bug reports, or community support, has value and deserves acknowledgment.

Conflict Resolution Processes: Clear, fair procedures for handling disputes help prevent minor disagreements from escalating into community-damaging conflicts.

The Long View

Many successful open source projects span decades, with contributors coming and going as their life circumstances change. The relationships we build and the culture we create today will determine whether these projects continue to attract and retain the diverse talent they need to thrive.

When we invest in treating each other well-even during disagreements-we're investing in the long-term health of our projects and communities. We're creating spaces where innovation can flourish because people feel safe to experiment, learn from mistakes, and grow together.

Moving Forward Constructively

If you find yourself in conflict with another community member, consider these steps:

1. Take a breath: Strong emotions rarely lead to productive outcomes
2. Seek to understand: What are the underlying concerns or motivations?
3. Communicate directly: Reach out privately first, then publicly if necessary
4. Focus on solutions: How can the situation be improved for everyone involved?
5. Know when to step back: Sometimes the healthiest choice is to disengage from unproductive conflicts

A Call for Better

Open source has given us incredible tools, technologies, and opportunities. The least we can do in return is treat each other with the respect and kindness that makes these collaborative achievements possible.

Every contributor-whether they're packaging software, writing documentation, fixing bugs, or supporting users-is helping to build something remarkable. Let's make sure our communities are places where that work can continue to flourish, supported by constructive communication and mutual respect.

The next time you encounter work you disagree with, ask yourself: How can I make this better? How can I help this contributor grow? How can I model the kind of community interaction I want to see?

Our projects are only as strong as the communities that support them. Let's build communities worthy of the amazing software we create together.

https://gofund.me/506c910c

04 Aug 2025 9:52pm GMT