Nov 3, 2009

New features in Ubuntu 9.10

New features in 9.10 since Ubuntu 9.04


These features are showcased for your attention.

 Upstart


As part of our boot performance work, we have now transitioned to Upstart. If you are testing on your primary machine, we strongly suggest having an Ubuntu 9.10 LiveCD available, or creating an Alpha 5 USB startup disk before doing an upgrade. This will allow us to help you recover in the case that something goes wrong during the boot of your system after upgrade. We request that all bugs affecting the performance or functionality of boot be tagged with ubuntu-boot in Launchpad.

Boot Experience


We've done some work on improving the overall look and feel of booting the system. Please open bugs with the tag "ubuntu-boot-experience" on any messages you see flashed after grub loads and before the new Ubuntu Splash screen (xsplash) displays. If you have trouble catching them before the splash screen loads, you can also check vt1 or dmesg output for copies of these messages. We also accept photos or video attachments if that's easier, however please make sure the text is readable.

Software Center


Ubuntu 9.10 Beta includes the Ubuntu Software Center, replacing 'Add/Remove' in the Applications menu. We kindly request users to try it out, and report any bugs they find.

GNOME


Ubuntu 9.10 Beta includes the latest GNOME 2.28 desktop environment with a number of great new features:
  • Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework.
  • The gdm 2.28 login manager is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.

Application development with Quickly


Quickly makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.

Kubuntu


Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview.

Ubuntu Enterprise Cloud Images


Ubuntu 9.10 Beta includes images for common use on Ubuntu Enterprise CloudEC2 Starter's Guide. (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the

Ubuntu One file sharing


Ubuntu 9.10 Beta ships the Ubuntu One file sharing service by default, providing tightly-integrated file synchronization of your computer with other computers and the Ubuntu One network storage service.

Linux kernel 2.6.31


Ubuntu 9.10 Beta includes the 2.6.31-11.36 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages.

hal deprecation


Ubuntu 9.10 Beta's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev". When testing Ubuntu 9.10 Beta, please be alert for regressions in those areas and report any bugs you find.

New Intel video driver architecture available for testing


The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 Beta also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.

ext4 by default


The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 Beta; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 Beta.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.

GRUB 2 by default


GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 Beta, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.
If you wish to upgrade your system to GRUB 2, then see the GRUB 2 testingupstream draft manual. page for instructions. See also the
Some features are still missing relative to GRUB Legacy. Notable among these are lock/password support, an equivalent of grub-reboot, and Xen handling.

iSCSI installation


The iSCSI installation process has been improved, and no longer requires iscsi=true as a boot parameter; the installer will offer you the option of logging into iSCSI targets if there are no local disks, or you can select "Configure iSCSI" in the manual partitioner.
Putting the root filesystem on iSCSI is now supported.

AppArmor


AppArmor in Ubuntu 9.10 Beta features an improved parser that uses cache files, greatly speeding up AppArmor initialisation on boot. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.

New profiles


In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, the GNOME document viewer (evince), and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package. A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5

Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu.

Libvirt


Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation.

Uncomplicated Firewall


The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features.

Non-eXecutable Emulation


Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature.
For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory.

Blocking Module Loading


To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.

Position-Independent Executables


Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel.
In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits.