Ubuntu 26.04 - Hacker News

Posted by lxst 7 hours ago

218 points | 125 commentspage 2

superkuh 6 hours ago|

The comments there note there is no official Ubuntu MATE release for the first time since Ubuntu 15 (and before 14.04 gnome2 was an option). That's a shame but probably most people who chose MATE (or gnome2) no longer chose Ubuntu due to the conflicting ideologies inherent in the two. MATE users generally don't like change for change's sake.

razingeden 6 hours ago|

its in the daily builds. I haven't tried it yet.

not sure if this confirms the impression you have there... I wasn't like this until a couple of headless VPS'es (on Arm8) got through the upgrade from 18.x -> 20.x -> 22.x and then crashed out over -> 24.x for a still unknown reason. now I'm just afraid .. or I should say reluctant ..to repeat that whole fiasco.

https://cdimage.ubuntu.com/ubuntu-mate/daily-live/current/

Joel_Mckay 5 hours ago||

There were some issues with how the menu icon manager handled the new security policy defaults. This means the editor will break, and the displayed menu may be missing any item that didn't follow the naming convention syntax. Its a lot of packages to bring into compliance, for that one silly feature the devs had to put in before it was ready...

Maybe they fixed it since the rc release, but there were some rough edges in Feb... the kernel USB support cooked the thumb drive partition structure.

In 22.04 to 24.04 the kernel Nvidia GPU driver EOL abandonment began... In 26.04 people will discover most EOL hardware support prior to RTX series will be difficult to bring up.

Probably wise to wait a few weeks for the bug reports to clear out a bit. =3

rasengan 6 hours ago||

> TPM-backed full-disk encryption

This is going to be very useful for servers hosted in third party DCs.

Daviey 6 hours ago||

Keeping the key in the same room as the padlock only protects against casual drive theft and secure disposal.

Personally I'm more worried about someone stealing the entire server or a local threat actor.

Sure, keep TPM to help with boot integrity, maybe even a factor for unlock, but things like Clevis+Tang (or Bitlock Network Unlock for our windows brethren) is essential in my opinion.

djkoolaide 6 hours ago|||

The beta installer was completely unsuccessful in setting the TPM-backed disk encryption on both a ThinkPad X1 Carbon (Intel 258V) and a ThinkPad P14s (AMD 300-something). Hopefully they ironed that part out in the release, but it seems still early for this feature (at least for my comfort level).

nechuchelo 6 hours ago||

Same on my Framework Desktop. Looks like it works only with a limited number of TPM chips for now.

bboozzoo 2 hours ago||

The constructed policy is quite strict and expects certain UEFI things to be set up correctly. For example both this https://github.com/canonical/secboot/blob/7434bac27844362ff8... and https://github.com/canonical/secboot/blob/7434bac27844362ff8... are enabled in the policy. The policy choices and various early checks, even as trivial as confirming that the TCG log content is correct after booting into installation system, are enough to rule out a lot of potentially problematic EFI deployments. Effectively making it more strict helps avoid a lot of funny issues where the firmware is clearly buggy and things would fall apart sooner or later.

hyperman1 1 minute ago||

Strict is probably good. My company started to enable bitlocker this year on win11, and a non trivial amount of initial encryptions seem to be failing, destroying the user data and requiring a full reformat.

Gigachad 5 hours ago|||

I want this on my own homeserver. Protection against someone stealing the server without requiring me to type a password every boot.

zenoprax 5 hours ago||

In what way is TPM protecting your data if someone steals the entire server? TPM only ensures that the boot environment has not been modified. Whatever key is being used to automatically decrypt the disk would be in the clear.

Unless I'm misunderstanding your situation, I think you should look up the "Evil Maid Attack" to better understand how to mitigate risk for your threat model.

hfjtnrkdkf 3 hours ago||

assuming there are no bugs in linux and you enable full memory encryption in BIOS, it protects you in the same way the FBI cant get into a locked iphone they physically posess

but linux is not as secure as an iphone, and linux users typically dont know how to set this up, so in practice you are right, it doesnt protect you

Gigachad 13 minutes ago||

My threat model is a junkie breaks in to my house and flips my server on facebook marketplace. Then the buyer curiously pokes through my hard drives. Of course if protecting against government agencies is the threat model then TPM alone isn't enough.

For me, a zero friction way to have decent security is worlds better than the normal state where homeservers are not encrypted at all.

senectus1 6 hours ago||

oh man i hope this works on dell laptops

ChrisArchitect 6 hours ago||

Earlier official blog: https://ubuntu.com/blog/canonical-releases-ubuntu-26-04-lts-... (https://news.ycombinator.com/item?id=47878560)

rs_rs_rs_rs_rs 6 hours ago|

Hard to get some spotlight for this with all these new models around, I feel bad for Canonical.