惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Ubuntu 26.04: Goodbye sudo, Hello Rust and Post-Quantum SSH
Arthur · 2026-05-19 · via DEV Community

On 23 April 2026, Canonical released Ubuntu 26.04 LTS, codenamed Resolute Raccoon. The release will be supported on the standard LTS track until April 2031, and on the Ubuntu Pro extended-maintenance track for several years beyond that. The accompanying changelog is the kind of document most engineers skim once and ignore; it has the layout and prose density of a parts catalogue. There is a table of version numbers, a short paragraph on each subsystem, a migration checklist, and a closing reminder to test SSSD configuration before pushing the upgrade to production.

I want to take this changelog seriously rather than skim it. It is the most consequential release-notes document Canonical has shipped since 18.04, and the reason is not Linux 7.0 or PostgreSQL 18 or the new GNOME — though it ships all of those. The reason is that this release is, by default, a different operating system at three layers most users will never look at. The default sudo is now a Rust binary. The default SSH key exchange is post-quantum. The legacy resource-control framework that has shipped in every modern Linux for fourteen years has been removed. None of these are individually flashy. Together they are the resolution, in a Tuesday LTS release, of three arguments the Linux community has been having for between ten and fifteen years.

The boring distribution has, this time, carried a thesis.

Memory safety reaches /usr/bin

The headline change is that /usr/bin/sudo is, on a fresh 26.04 install, a binary produced by the sudo-rs project, a memory-safe reimplementation of sudo and su, written in Rust by the Trifecta Tech Foundation. The original sudo, maintained by Todd Miller since 1994, remains available under the package name sudo.ws. It has not been removed. It is, however, not what runs when an administrator types sudo at the prompt.

The funding chain behind sudo-rs is itself worth pausing on. The project was funded primarily through NLnet's NGI0 Core Fund, a programme of the European Commission's Next Generation Internet initiative, with additional support from the Sovereign Tech Fund, the German government's open-source infrastructure investment vehicle. This is not a Big Tech rewrite. It is a piece of public-interest infrastructure, paid for by two European public bodies that decided the world would be better off if the binary every Linux administrator types twenty times a day were memory safe. The Trifecta Tech Foundation has a similar project for the Network Time Protocol called ntpd-rs, and the broader thesis is the same: pick the most security-critical piece of legacy C in the userland, write a careful Rust replacement, and, eventually, ship it as the default in a mainstream distribution.

The reason this thesis exists at all is a famous statistic. In a February 2019 BlueHat IL talk, Microsoft's Matt Miller reported that approximately 70% of the security vulnerabilities Microsoft had assigned a CVE over the previous twelve years were memory-safety issues — heap overflows, use-after-free, type confusion, uninitialized reads. The number has been verified across other large vendors and codebases since then. It is the load-bearing fact under every "rewrite it in Rust" headline of the last seven years. The argument is not that Rust is a fashionable language. The argument is that two-thirds of the security work the industry does could, if the underlying C were replaced with a memory-safe equivalent, simply not exist.

sudo is a particularly sharp case. It is set-uid root. Any memory bug in it is, structurally, a privilege escalation. Qualys disclosed CVE-2021-3156, "Baron Samedit," in January 2021 — a heap-based buffer overflow in sudoedit that had been latent in the codebase for almost ten years and was reachable by any unprivileged user on a Linux system with sudo installed. The patch was straightforward; the fact that the bug had survived a decade of review in a piece of software run by every Linux administrator on Earth was less so. A memory-safe rewrite is not a guarantee against future bugs. It is a guarantee against this particular class of bugs, which happens to be the class that produces the most consequential CVEs.

Canonical has shipped the Rust rewrite of sudo. It has explicitly not shipped the Rust rewrite of cp, mv, and rm, which would have been the natural matching change in coreutils. The release notes attribute the omission to eight unresolved time-of-check-to-time-of-use race conditions in the Rust implementations — the kind of low-level filesystem-API subtlety that GNU coreutils worked out over forty years and the new replacements are still working out. The decision to ship Rust ls and base64 while holding cp, mv, and rm for the next non-LTS release is the strongest signal in the changelog that this migration is real rather than performative. The careful version of "rewrite it in Rust" looks exactly like this — rewrite the CVE-prone parts first, hold the others until the bugs are fixed, and accept that Ubuntu 26.04 will not be the release that finishes the project.

Post-quantum cryptography, by default

The second thesis arriving in the release is post-quantum key exchange in OpenSSH. On a fresh 26.04 install, the default key exchange algorithm an SSH client will negotiate is mlkem768x25519-sha256, a hybrid construction combining ML-KEM-768 — the lattice-based post-quantum KEM specified in NIST's FIPS 203, finalised in August 2024 — with the classical X25519 elliptic-curve Diffie-Hellman. The hybrid runs both key exchanges in parallel and combines the resulting secrets. If the post-quantum half is broken in some unforeseen way, the classical half holds. If the classical half is broken by a sufficiently large quantum computer, the post-quantum half holds. Either failure mode is survivable; both failing simultaneously is the threat model the construction does not cover, which is the threat model nobody has a defence against.

OpenSSH 10.0, released in April 2025, made mlkem768x25519-sha256 the default for the first time, and Ubuntu 26.04 ships OpenSSH 10.2. The user-visible effect is approximately nothing — handshakes are slightly larger and slightly slower, well within the noise floor of network round-trip time — and the security-visible effect is that traffic captured today and stored for decryption decades from now, a tactic the security community has been calling "harvest now, decrypt later" since the early 2010s, can no longer be decrypted by an adversary who later gets a fault-tolerant quantum computer. The threat model is speculative. The architectural change is permanent.

What "by default" buys is the difference between a security improvement and a security feature. An opt-in algorithm changes the behaviour of the operators who go looking for it. A default changes the behaviour of every system administrator who runs apt install openssh-server, which is a very large fraction of the Internet's hosts. In aggregate, the upgrade from default classical to default post-quantum SSH is the kind of architectural shift that happens once per decade in Internet protocols, and it is happening, in the most populous Linux distribution's LTS branch, this April. The next LTS release, in 2028, will inherit it. The release after that, in 2030, will not remember when SSH was anything else.

The deprecation cycle, finishing

The third pattern in the changelog is the one that makes the LTS model useful in the first place. Several long-running deprecations have, this release, finally completed.

cgroup v1, the original Linux resource-control framework, has been removed. cgroup v2 has been the recommended interface since approximately 2016 and the default in fresh installations for several years; v1 was kept around to support container runtimes and monitoring tooling that had not migrated. After roughly a decade of "v2 is the future, v1 still works," the kernel team and Canonical have made the transition mandatory in this LTS. Container deployments that have been running on legacy v1 for years will not boot on 26.04 without configuration changes.

DSA host keys, deprecated in OpenSSH 7.0 in 2015 because the algorithm's parameter sizes had been understood as inadequate since approximately 2010, have been removed entirely. Any ~/.ssh/known_hosts or authorized_keys entry still using DSA stops working after the upgrade. Eleven years of "please migrate" have ended in the version where it stops being optional.

The release notes describe Ubuntu 26.04 as the last LTS that will carry System V init script support. systemd has been the default since Ubuntu 15.04, eleven years ago. Legacy services that still ship /etc/init.d/ scripts have one more LTS cycle to migrate before they stop working entirely.

The pattern is consistent. Each deprecation is announced, tolerated, supported, eventually removed — across timescales of ten to fifteen years. The boring distribution's job, in that pattern, is to be the layer at which the removal becomes mandatory. The kernel can move every six weeks. The userland migration cycle, as Greg Kroah-Hartman has observed about Linux ecosystems generally, is closer to fifteen years. An LTS release is the inflection point at which the second of those numbers finally catches up to the first.

What the release isn't

This is not an argument that Canonical has done something heroic. The interesting work in this release was done by the upstream projects — the OpenSSH developers, the sudo-rs team at Trifecta Tech, the kernel maintainers who removed cgroup v1, the rust-coreutils contributors. Canonical's contribution is integration: choosing which of those upstream changes to take as default, making the migration paths legible, holding the line on the tools that aren't quite ready yet.

That kind of integration is not glamorous, and Canonical's commercial model is not universally popular, and none of that is the subject of this essay either. The subject is what an LTS distribution actually is, in 2026, after the upstream community has done the loud work of arguing for memory safety and post-quantum cryptography for a decade. An LTS is the layer at which the arguments end. Ubuntu 26.04 is what the end of those particular arguments looks like.

Reading the changelog twice

The 23 April release notes read, on first pass, like a parts catalogue. A version table, a paragraph each on the major server subsystems, a series of small migration notes for operators about config-format changes and long-deprecated defaults that have finally been removed. The skim version of the document is the version most operators read, and the skim version is mostly accurate.

The interesting version of the document is on the second pass, when the reader notices that the Tuesday-release boilerplate is not boilerplate. The default sudo is the resolution of an argument that started in 2019. The default SSH key exchange is the resolution of an argument that started in 2014. The cgroup v1 removal closes an interface that has been deprecated for a decade. Each line item is the end of a story whose middle the rest of us have been living through. The boring distribution did the work the spectacular distributions never quite got around to. It put the receipts in the changelog, and shipped on Tuesday, and the end of three long arguments arrived in /usr/bin and /etc/ssh/sshd_config and /sys/fs/cgroup without anyone ringing a bell.