Canonical preps security lifeboat, yells: Ubuntu 12.04 hold-outs, get in

Window XP moment for penguins


Canonical is extending the deadline for security updates for paying users of its five-year-old Ubuntu 12.04 LTS – a first.

Ubuntu 12.04 LTS will become the first Long Term Support release of Canonical’s Linux to get Extended Security Maintenance (ESM). There are six LTS editions.

All others have been end-of-lifed – and given no security reprieve.

LTS editions of Ubuntu Linux are released every two years. Desktop support runs for three years and the server edition receives security patches and updates for a period of five years. LTS editions also set the theme – the look and feel, the UI tweaks and the big features – for the intervening, non-LTS editions of Ubuntu.

Security updates for 12.04 were scheduled to run out on April 28, 2017 but that now won’t happen for those on Canonical’s Ubuntu Advantage programme.

They’ll now receive important security fixes for the kernel and “most essential” userspace packages on their servers running 12.04.

In what’s shaping up to be Canonical’s Windows XP moment over at Microsoft, the Linux spinner rolled out the lifeline because customers are clinging to 12.04.

According to Canonical, “lots of [Ubuntu] users" have 12.04 in production on “thousands of servers”.

The company said: “While it’s easy to upgrade to the next version of Ubuntu… we wanted to enable those that have big deployments of 12.04 more runway to plan effectively whilst still be assured of ongoing security support from Canonical.”

Cognisant of the problem this represents, Canonical has encouraged 12.04 penguins to jump to a newer iceflow.

Despite ESM, Canonical said it would encourage 12.04 customers “to think about upgrading before the end of April.”

Unlike Microsoft, which offered Windows XP holdouts extended support with the proviso they had a migration plan end date, Canonical is not making a migration data part of ESM cover.

Ubuntu 12.04 was Canonical’s fourth LTS and packed in a number of features at just the right moment in the ascent of cloud, helping establish it in the server room.

The Xen hypervisor, an industry standard, was included and supported for the first time. A new Ubuntu Cloud Archive feature allowed users to install new releases of OpenStack as they became available while Metal as a Service would automate deployment of physical servers running the competition – CentOS, RHEL, SUSE and Windows.

Also included was Any Web Service Over Me (AWSOME), giving AWS-compatible APIs for Infrastructure as a Service (IaaS), making it easy to deploy cloud services on Ubuntu-powered OpenStack clouds as well as on Amazon’s platform.

All these debuted just as cloud computing started its move beyond the whispering classes of the AWS elect – and as Microsoft struggled to get Azure up. ®


Other stories you might like

  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading
  • Microsoft pledges neutrality on unions for Activision staff
    Now can we just buy them, please?

    Microsoft isn't wasting time trying to put Activision Blizzard's problems in the rearview mirror, announcing a labor neutrality agreement with the game maker's recently-formed union.

    Microsoft will be grappling with plenty of issues at Activision, including unfair labor lawsuits, sexual harassment allegations and toxic workplace claims. Activision subsidiary Raven Software, developers on the popular Call of Duty game series, recently voted to organize a union, which Activision entered into negotiations with only a few days ago.

    Microsoft and the Communication Workers of America (CWA), which represents Raven Software employees, issued a joint statement saying that the agreement is a ground-breaking one that "will benefit Microsoft and its employees, and create opportunities for innovation in the gaming sector." 

    Continue reading

Biting the hand that feeds IT © 1998–2022