As part of the 2018 station upgrade I assembled an Intel i5 based PC for use as the new k6hr.com server. I finally found the time to load and configure the O/S and associated software onto this machine. All went well through the installation and migration process and the new k6hr.com server is up and running!
WordPress was installed here one year ago next week (Dec 10) and the site has quickly outgrown the old server.
The new machine is an Intel Core i5-4460 CPU at 3.20Ghz (x4), 4GB RAM and a 500GB SSD running Ubuntu 16.04.5 LTS. This new hardware is a vast improvement over the old Pentium D. It had only 1GB RAM and a 32GB SSD that was almost full. The Pentium D will live out its days as the JNOS BBS packet radio station.
At this point I consider the server configuration complete. The machine is online and the traffic is flowing!
As with every new release, packages–applications and software of all kinds–are being updated at a rapid pace. Many of these packages came from an automatic sync from Debian‘s unstable branch; others have been explicitly pulled in for Ubuntu 16.04.
For a list of all packages being accepted for Ubuntu 16.04, please subscribe to xenial-changes.
Linux kernel 4.4
Ubuntu 16.04 LTS is based on the long-term supported Linux release series 4.4.
Python2 is not installed anymore by default on the server, cloud and the touch images, long live Python3! Python3 itself has been upgraded to the 3.5 series.
If you have your own programs based on Python 2, fear not! Python 2 will continue to be available (as the python package) for the foreseeable future. However, to best support future versions of Ubuntu you should consider porting your code to Python 3. Python/3 has some advice and resources on this.
VIM defaults to python3
The default VIM package has been built against python3 instead of python2. This means plugins that require a python2 interpreter support from VIM will not work anymore. For this case alternative VIM packages are available that still use python2, for example vim-gnome-py2. They can be made the default via the alternatives mechanism:
- sudo update-alternatives –set vim /usr/bin/vim.gnome-py2
The golang toolchain was upgraded to the 1.6 series, and gccgo was upgraded to the GCC 6.1 release candidate 1. Thus the same level of standard library and compiler features are provided by both compilers on all fully supported architectures.
Recent OpenSSH releases disable several pieces of weak, legacy, and/or unsafe cryptography. If you are upgrading a system remotely over SSH, you should check that you are not relying on these to ensure that you will retain access after the upgrade.
- Support for the legacy SSH version 1 protocol is disabled by default at compile time. Note that this also means that the Cipher keyword in ssh_config(5) is effectively no longer usable; use Ciphers instead for protocol 2. The openssh-client-ssh1 package includes “ssh1”, “scp1”, and “ssh-keygen1” binaries which you can use if you have no alternative way to connect to an outdated SSH1-only server; please contact the server administrator or system vendor in such cases and ask them to upgrade.
- Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the upstream instructions.
- Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the upstream instructions.
- Support for the legacy v00 cert format has been removed.
- Several ciphers are disabled by default in ssh: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.
- MD5-based and truncated HMAC algorithms are disabled by default in ssh.
glibc was updated to the 2.23 release, binutils to the 2.26 release, and GCC to a recent snapshot from the GCC 5 branch (post GCC 5.3.0).
Apt 1.2 includes the new privilege separation features introduced in Apt 1.1. Importantly, the unprivileged “_apt” user is now used when making outgoing network connections and parsing the results for the various apt transport methods (HTTP, HTTPS, FTP).