Operations | Monitoring | ITSM | DevOps | Cloud

On 1 July 2024 we released a fix for the high-impact CVE-2024-6387 vulnerability, nicknamed regreSSHion, as part of the coordinated release date (CRD). Discovered and responsibly disclosed by Qualys, the unauthenticated, network-exploitable remote code execution flaw affects the OpenSSH server daemon (sshd) starting with version 8.5p1 and before 9.8p1.

Canonical’s Managed Solutions team is proud to announce Firefighting Support, a new service for organisations that manage their infrastructure by themselves but need experts on call for troubleshooting needs. Firefighting Support provides managed-service-level support to customers who graduate away from fully managed services or are under security regulations too stringent to grant environment access to a third-party.

In the first part of this blog journey (I’d call it a post, but it’s actually two posts) we explored what operational excellence looks like in public cloud deployments. And while I do not want to spoil it for you, the main takeaway was that it is not easy and can become resource-intensive. With this in mind, you might should be wondering what you can do to achieve excellence without focusing all your resources on operations.

You might be tempted to think that running an app on a public cloud means you don’t need to maintain it. While that would be wonderful, it would require help from the public cloud providers and app developers themselves, and possibly a range of mythological creatures with magic powers. This is because any app, regardless of the infrastructure on which it runs or its output, requires maintenance in order to yield accurate and reliable outputs.

‘Everything LTS’ – Canonical will build distroless Docker images to customer spec that include upstream components not packaged in Ubuntu, and fix critical CVEs within 24 hours, supported on RHEL, Ubuntu, VMware or public cloud K8s for 12+ years.

Like many other industries, organisations in the public sector have been keen to make use of the flexibility offered by cloud computing, but are now observing unpredictable and rising costs. Much of which can be mitigated through careful planning and on-premise infrastructure. Government guidance now recommends switching to a strategy of the most appropriate solution for a problem, rather than a one-size-fits-all or carte blanche approach of shifting all applications to the cloud.

Strong, wide-reaching regulation can bring safety to communities – but it can also bring uncertainty. The Cyber Resilience Act (CRA) has proven no exception to this universal rule. Across the open source community and the wider tech landscape, people have been greeting the news with the whole spectrum of reactions: concern, anxiety, hope. But is there anything to fear? Does the CRA really change things in open source? And how should your teams be preparing for this legislation?

For 20 years, Ubuntu has been at the cutting edge of technology. Pioneers looking to innovate new technologies and ideas choose Ubuntu as the medium to do it, whether they’re building devices for space, deploying a fleet of robots or building up financial infrastructure. The rise of machine learning is no exception and has encouraged people to develop their models on Ubuntu at different scales.

At our core, we believe in Ubuntu: “I am what I am because of who we all are.” This philosophy of interconnectedness is woven into everything we do, including how we approach software development. This belief in our interconnectedness extends to how we build software. Pair programming, a practice where two developers work side-by-side, isn’t just a reflection of our values—it’s a powerful driver of quality, innovation, and team cohesion.