Feeds

Linux patch becomes terminal pain

Update malaise spreads

Using blade systems to cut costs and sharpen efficiencies

Many users of the increasingly popular Ubuntu Linux distribution found themselves thrown back to mid-1990s on Tuesday, when a botched update to the graphical X Window subsystem brought them face-to-face with the command-line terminal.

The update, pushed out to Ubuntu users Monday night, aimed to fix some hardware issues to the X Window software used by almost all Linux systems, but instead caused the graphical user interface (GUI) to fail to initialise, leaving users to deal with issuing text commands through the terminal.

By Thursday, more than 700 comments had been posted to the Ubuntu forums by affected users looking for answers, and the Linux project - managed by software and service firm Canonical - issued an apology.

"When we learned of the problem, the patch was immediately withdrawn," the group said in the mea culpa posted to its website. "Mirrors have also been disabled to ensure that the faulty patch isn't available from them. We have launched an investigation and formal quality process review to understand exactly how this happened and what corrective actions to take."

Instructions posted to the Ubuntu website allow affected users to roll back the problematic update with a few commands. The project withdrew the faulty patch early Tuesday, after about 17 hours.

"It was not clear how many people were affected," Matt Zimmerman, chief technology officer for Ubuntu, said in an interview with SecurityFocus. "The bug seems to be hardware specific."

Ironically, the incident occurred as Linux competitor Microsoft had update problems of its own. A cumulative patch to Internet Explorer published by the software giant over a week ago fixed eight vulnerabilities but introduced an exploitable security flaw into the web browser. On Thursday, Microsoft pushed out an upgrade patch that fixed the problem.

Earlier this year, Ubuntu fixed a security hole in its Linux distribution caused by the installer storing the user's main password without first encrypting the data.

Many users were willing to give a pass to the Ubuntu project, which has generally garnered rave reviews among Linux users, for the rare update issue.

"This fix worked perfectly for me," wrote a member of the Ubuntu forums identified as "Moephan." "I had no GUI for about five minutes total. Also, I didn't lose any data or anything...Stuff like this happens, even to big companies like Sun and Microsoft."

Others users criticised the project for missing the problem during quality control and predicted that the mistake would cost the project future users.

"Overall, this was an eight hour exercise, eight hours that I could afford to take out of my day, but how many others have that luxury?" wrote a forum member with the handle "Dale61". "I'm wondering how many others, particularly those in business, are still trying to find a solution to a problem that should never have happened in the first place."

Despite the distributed programming model of open source projects, catastrophic errors in patches are rare. The companies and groups behind most Linux distributions extensively test software updates, said Holger Dyroff, vice president of marketing for Novell's SUSE Linux group.

"What you try to do as a business - and this is true for Microsoft as well as the enterprise Linux distributions - you try to make sure that these issues don't happen," Dyroff said. "With thousands of customers out there - many paying for the product - it's important to invest in quality assurance."

As a project, Ubuntu checks any updates from internal and external sources and requires that a member of the team sign off on the changes. Ubuntu's Zimmerman remained hopeful that the incident would not cause users or administrators to delay patching their systems - or at least, delay any more than they already do.

"I think it is a common practice among administrators of large networks to wait before applying patches," he said. "Those administrators are very conservative and don't apply updates right away no matter who the vendor is."

The project is currently reviewing its quality checking procedures, and in the end, the incident will serve to make Ubuntu's update process better, Zimmerman said.

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus

The smart choice: opportunity from uncertainty

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.