Revisiting Linux Part 1: A Look at Ubuntu 8.04
by Ryan Smith on August 26, 2009 12:00 AM EST- Posted in
- Linux
Ubuntu – Long Term Support
One item of particular interest with Ubuntu is their development schedule. Because a typical Linux distribution is composed of many applications from many different parties, the Ubuntu developers do not directly control or develop a lot of the software included in Ubuntu. Furthermore Ubuntu tries to be a complete desktop environment rather than just an operating system, which means it includes a wider variety of software than what’s found in Windows and Mac OS X.
What this amounts to is that Ubuntu needs to both provide future patch support for included applications, and it needs to compensate for the fact that they don’t develop many of these programs. Coupled with this is the fact that 2nd party application development is not necessarily synchronized to Ubuntu’s release schedule and some applications (and the kernel itself) can have a rather rapid development rate.
Trying to deal with all of these factors, Ubuntu has settled on two classes of releases. Every 6 months – in October and April – Ubuntu takes what’s ready and releases a new version of the OS. For 1st party material this is tied with some goal for the release (such as replacing the audio daemon) while for 3rd party software this may be as simple as grabbing the latest version. This puts regular Ubuntu versions in an unusual position when trying to classify them – it’s significantly more than a Mac OS X point update, still more than a Windows service pack, and yet a single release generally encompasses less than a new version of either OS. But at the same time, there’s no guarantee that any given release of Ubuntu won’t break software compatibility or binary driver compatibility, which puts it up there with major OS releases.
Furthermore because of the need to provide security updates for all these different programs in all of these different versions, Ubuntu has a very short support cycle, and in that cycle only bug fixes and security updates will be issued, software is not otherwise changed as it’s intended to represent a stable platform. A regular release is only supported for 1.5 years; which for example means support for 7.10 Gutsy, the immediate predecessor to 8.04 Hardy Heron, expired in April. This pushes new versions of Ubuntu back towards the idea of them being closer to a service pack or a point release. In essence, it’s intended that everyone using regular versions of Ubuntu will stick to a relatively rapid upgrade treadmill.
But this obviously doesn’t work for everyone, which results in there being two classes of Ubuntu. What we’re looking at today, 8.04, is what Ubuntu calls a long term support (LTS) release. Every 2 years a version of Ubuntu is labeled as a LTS release, which entails a much greater effort on the developer’s part to support that edition of the OS. The standard support period is 3 years instead of 1.5 years, and for the server edition of the OS that becomes 5 years.
This makes the LTS releases more comparable to Mac OS X and Windows, both of which have long support periods in excess of 3 years. This is also why we’re starting with a review of Hardy, in spite of it being over a year old now, because it’s the current LTS release. Regular short-support Ubuntu releases have their place, but they are not intended for long-term use. Coming from Windows or Mac OS X, a LTS release is the comparable equivalent.
Operating System | Mainstream Support | Extended Support |
Windows | 5 years | 5 additional years |
Ubuntu | 1.5 years | None |
Ubuntu LTS | 3 years | None |
Mac OS X | So long as it's the newest OS | So long as it's one version behind |
Unfortunately, in spite of the LTS designation, not all of the applications in a LTS release are intended to be used for such a long period of time, or are their developers willing to support them for that length of time. If we take Firefox for example, the last Ubuntu LTS release, 6.06 Dapper, shipped with Firefox 1.5. Mozilla very quickly ended support for Firefox 1.xx after Firefox 2 shipped, and now you can’t even get support for 2.xx now that 3.xx has been out for quite some time. This leaves the Ubuntu developers in charge of supplying security updates for the older versions of Firefox they still support, which while better than the alternative (no security patches) isn’t necessarily a great solution.
The Ubuntu developers have done a good job of staying on top of the matter (they just published a new 1.5 security patch as recently as last month) but it highlights the fact that the Ubuntu developers do not always have the resources to maintain both a stable platform and the necessary security updates. So while an LTS release is supposed to be supported for 3 years, in reality not every component is going to make it that long.
Digging through the bugs list for Dapper and Hardy, I get the impression that these kinds of cracks only occur on less-used software (particularly that which is not part of the default install, such as VLC), so an option for users who need to stick with the base OS for the entire life of a LTS release, but don’t mind upgrading a few applications can go that route and cover all of their bases. Unfortunately this is easier said than done, and we’ll get to why that is when we discuss the package manager.
What this amounts to is that if you’re the kind of person that intends to run a computer and an OS for a very long period of time – say on the scale of XP, which turns 8 this year – Ubuntu likely isn’t a good fit for you.
195 Comments
View All Comments
ioannis - Wednesday, August 26, 2009 - link
...sorry, I think it's Alt+F2 by default. I'm talking about the 'Run Command' dialog.Eeqmcsq - Wednesday, August 26, 2009 - link
Oh, yes you're right. I stand corrected.sprockkets - Wednesday, August 26, 2009 - link
Ubuntu doesn't ship with the firewall on eh? Weird. SuSE's is on, and that has been the default for quite some time. GUI management of it is easy too.clarkn0va - Wednesday, August 26, 2009 - link
For incoming connections I don't quite grasp what good a firewall will do on a system with no internet-facing services. With no open ports you stand little to gain from adding a firewall, and any internet-facing service you might add, well, you don't want to firewall that anyway.I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use: 1) a machine that has open ports out of the box (I'm looking at you, Windows), and 2) for the folks who want to police outgoing connections.
In the case of the former, why would we open ports and then block them with a firewall, right out of the box? This makes as much sense to me as MS marketing their own antivirus. Third-party firewalls were rightfully introduced to remedy the silly situation of computers listening on networks where they shouldn't be, but the idea of MS producing a host-based firewall instead of just cleaning up their services profile defies common sense.
In the case of outbound firewalling, I've yet to meet a home user that understood his/her outbound firewall and managed it half-way effectively. Good in theory, usually worse than useless in practice.
db
VaultDweller - Wednesday, August 26, 2009 - link
Just because a port/service is open, doesn't mean you want it open to the whole world.Examples:
SMB
NFS
VNC
RDP
SSH
Web (intranet sites, for example)
And the list could go on... and on and on and on, really.
Also, it's erroneous to assume that only 1st party software will want to open ports.
And that is to say nothing of the possibility of ports being unintentionally opened by rogue software, poorly documented software, naughty admins, or clumsy admins.
Host-based firewalls help with all of these situations.
clarkn0va - Wednesday, August 26, 2009 - link
Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you; you'll need a more sophisticated product or a hardware firewall for that.I'm not saying there's no case for host-based firewalls, I'm just saying it's pointless for most users out of the box, where Ubuntu doesn't need it and Windows should be looking at fixing the problem of unneeded services running, rather than just bolting on another fix.
VaultDweller - Wednesday, August 26, 2009 - link
"I can see two theoretically plausible arguments for a host-based firewall, but even these don't really stand up in real-world use"That sounds to me like a claim that there is little or no case for a host-based firewall; at least, that's how I interpreted it.
"Windows firewall doesn't filter by source. In other words, if you want SMB or any other service open to some peers and not others, Windows firewall can't help you"
That is incorrect, and you should check your facts before making such statements. The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets.
The firewall in Vista and Windows 7 goes a step further, as it is location aware. Different ports and services are opened depending on the network you're plugged into, as exemplified by the default behavior of treating all new networks as "Public" (unknown and untrusted) until instructed otherwise.
clarkn0va - Wednesday, August 26, 2009 - link
"The Windows Firewall can filter by source. Any firewall exception that is created can be made to apply to all sources, to the local subnet only, or to a custom list of IPs and subnets. "In that case I retract my assertion that an out-of-the-box firewall makes no sense in the case of Windows.
As for Ubuntu, or any other desktop OS having no open ports by default, I still see including an enabled firewall by default as superfluous. Meanwhile, firewall GUIs exist for those wishing to add them.
Paazel - Wednesday, August 26, 2009 - link
...not enough pictures. admittedly my interest additionally waned when i read the newest ubuntu isn't be reviewed.philosofool - Wednesday, August 26, 2009 - link
I'm not done with this article, which I'm loving. However, there's a grammatical/spelling quibble that's driving me nuts: "nevertheless" is one world.