The Ubuntu phone is about to go on sale, but curb your enthusiasm

Finally, after many delays, the first Ubuntu phone is about to hit the market. In Europe. And only through a series of online flash sales. And you’ve almost certainly never heard of the manufacturer.

On the plus side, it will come with quite a few recognizable mobile services, including [company]Facebook[/company], [company]Twitter[/company], [company]eBay[/company], [company]Amazon[/company], [company]Time Out[/company], [company]Yelp[/company], [company]SoundCloud[/company] and [company]Grooveshark[/company]. It won’t have WhatsApp but it will have the Telegram encrypted messaging service. However, given how Canonical has talked up Ubuntu for phones in the last few years, it’s hard not to feel let down.

Great expectations

Canonical promised a uniquely converged device that behaves like a phone until it’s plugged into a keyboard and monitor, at which point it becomes a fully-fledged Ubuntu desktop. The Ubuntu Edge crowdfunding campaign was a record-breaker even though that flagship concept phone would never be made, but still failed to pique the interest of major manufacturers.

The device that will go on sale next week is a variant of the Aquaris E4.5, a modest handset from Spanish manufacturer BQ, which is slightly better known for making e-readers. It will certainly be on the cheaper side at €170 ($193), and it will have two SIM slots, but otherwise the specs are quite middling: a quad-core processor running at “up to 1.3GHz”, 1GB of RAM, 8GB of storage, an 8MP back camera and a 5MP front camera.

The key differentiator is of course the software, which is based on Ubuntu’s “Scopes” concept. Rather than using a grid of app icons, Scopes aggregates content from various services into type-specific screens, such as music, video and news. It’s a radically different approach in a mobile scene that is so tuned to the Android/iOS user experience, and I fear Canonical will struggle to show it off properly without putting phones in physical shops.

Ubuntu phone Scopes feature

Ubuntu phone Scopes feature

What would give the company a ready-made audience would be that converged handset/desktop thing we were promised. So when’s that happening? According to Canonical mobile chief Cristian Parrino, it’s “part of our future vision.” Parrino said in a Thursday pre-brief, “In the next couple of releases there will be major improvements on that story.”

Drones not phones

Given that this feature was supposed to appear almost a year and a half ago, when Ubuntu mobile first became available to flash onto certain Android devices, you’ll forgive me for not holding my breath. Oh, and that whole thing about putting Ubuntu onto Android phones without having to de-Androidify them? That’s also not happening because (unsurprisingly) “it doesn’t have backing from the industry.”

Ubuntu phones also won’t be able to run the “snappy” apps that people will be building for the Ubuntu Core connected-devices push – which just got a big boost through the appearance of the Core-supporting Raspberry Pi 2 — because, while snappy/Core evolved out of the “click” app packaging mechanism used on Ubuntu for phones, Ubuntu handsets are still stuck on click. This is, Parrino said, a “timing issue.”

I’m a lot more confident about Ubuntu’s future in drones than I am about its future in phones. The promise of mobile Ubuntu is hugely attractive, but it’s not what’s being delivered this month, and I’m not sure how Canonical is going to get from here to there.

But anyway, perhaps I’m being overly harsh. It’s not like the handset is super-expensive, after all. If you’re in Europe and you want one, keep an eye on the Ubuntu and BQ social media channels on Monday for announcements of the flash sale dates. SIM cards from 3 Sweden, Spain’s Amena, the U.K. GiffGaff and Portugal Telecom will also be offered at checkout, if you’re in one of those countries.

Severe “Ghost” flaw leaves Linux systems vulnerable to takeover

A serious vulnerability in a key Linux library could let attackers take complete control of systems, such as servers, that are based on the open-source operating system. Those running Linux systems are advised to download a patch for their distribution immediately.

Qualys researchers discovered the “Ghost” vulnerability – named for the fact that it can be triggered by “gethostbyname” DNS resolution functions – during a recent code audit.

In a Tuesday blog post and video they said they had “developed a proof-of-concept in which we send a specially created e-mail to a mail server and can get a remote shell to the Linux machine,” though they won’t release this exploit until they see around half of the Linux servers out there have been patched appropriately.

The researchers said the buffer overflow flaw in the GNU C (“glibc”) library had been around since 2000 and had actually been fixed in 2013 (only versions before 2.18 are affected). However, it wasn’t recognized as a security threat at the time, so many long-term-support versions of Linux distros are still affected.

Distros that are known to be affected include: Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, and Ubuntu 12.04. Patches for these distros are now available to download, and doing so would be a very good idea. End-of-life distros are obviously also affected, but you shouldn’t be using those anyway.

It’s impossible to tell whether the vulnerability has been exploited, though Trend Micro has noted, “with only four or eight bytes as the initial exploit vector, gaining further access is highly dependent on application design and memory usage.” Also, as Robert Graham at Errata Security has pointed out, the gethostbyname() function is obsolete and people should rather be using the IPv6-friendly getaddrinfo() function instead.

This article was updated at 2.15am PT to include Trend Micro’s observation.

CloudSigma gains Ubuntu certification through Canonical tie-in

Swiss/U.S. infrastructure-as-a-service provider CloudSigma has joined the likes of Amazon Web Services and Microsoft Azure in gaining Ubuntu certification — a move that should make it more attractive for those looking to deploy the much-used guest operating system. Ubuntu certification means CloudSigma, which pitches itself as a more highly configurable alternative to its rivals, is now integrated with Canonical’s repositories, so that the Ubuntu server images in CloudSigma’s marketplace are optimized and updated on a near-daily basis. Because CloudSigma now also has local mirrors of the Ubuntu archive, it’s also promising faster installation and patching than before, and of course, the Ubuntu tie-in means apps can be deployed into its cloud using JuJu.

Ubuntu may soon get native Netflix support

Getting Netflix to work on Linux has always been a bit difficult. Now, Ubuntu could gain native Netflix playback capabilities, thanks to Netflix’s adoption of HTML5 video streaming.

Why the operating system still (kind of) matters

Canonical founder and space traveler Mark Shuttleworth came on the Structure Show this week to discuss Ubuntu’s role as the operating system of choice for cloud computing. As OpenStack takes precedence over the operating system, he argues, Red Hat’s licensing can’t last.