Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Ubuntu Advertising Open Source Operating Systems Linux

Ubuntu Disputes 'Ads In MOTD' Claims (twitter.com) 110

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Kirkland describes the design of the feature as follows:
  • Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"
  • It sources 3 admin-editable config variables in /etc/default/motd-news. The defaults are: ENABLED=1, URLS="https://motd.ubuntu.com", WAIT="5"
  • The admin can disable it entirely (ENABLED=0), change or add other MOTD news sources (your corporate IT team could run its own), and change the wait time in seconds
  • If it's enabled, that systemd timer job will loop over each of the URLS (note, that it's important that these should be https with valid SSL certificates), trim them to 80 characters per line, and a maximum of 10 lines, and concatenate them to a cache file in /var/cache/motd-news
  • Every ~12 hours thereafter (with a little bit of random timer fuzzing), this systemd timer job will re-run and update the /var/cache/motd-news
  • Upon login, the contents of /var/cache/motd-news is just printed to screen.

Kirkland notes the message can be customized by local IT administrators, or used to deliver warnings about serious vulnerabilities like Shellshock or Heartbleed. And he also describes the dynamic motd as a Ubuntu feature since adopted by other distros (including Debian) as "a flexible framework that enables distro packages or administrators to add executable scripts in /etc/update-motd.d/* to generate informative, interesting messages displayed at login... for almost 40 years of Linux/UNIX, the 'Message of the Day' was anything but that... It was a message that was created at one point in time, when the distro released, and that's about it. And we managed to change that."

This discussion has been archived. No new comments can be posted.

Ubuntu Disputes 'Ads In MOTD' Claims

Comments Filter:
  • by Anonymous Coward

    Tech industry robber barons have finally destroyed the last vestige of Unix freedom.

    The message of the day is for local news to local users.

    MOTD is off limits to vendors, you money grubbing assholes!

    You damn kids, get off my box!

    • by Lumpy ( 12016 )

      Except it's not happening in Slackware, Debian, or Gentoo..

      ubuntu is NOT all linux distros, but simply the only one that is heavily marketed. It doesnt even have the lions share across all linux installs.

  • Double Standard (Score:3, Insightful)

    by Anonymous Coward on Sunday July 02, 2017 @12:22AM (#54727953)

    When Microsoft places ads in the form of recommended apps in Windows 10, it's denounced as evil. When Ubuntu places ads in the MOTD, it's somehow okay and completely acceptable. It's not unlike Ubuntu sending searches to the internet by default to retrieve recommendations for the user. Of course, this was also tolerated and considered acceptable. There's a double standard in which Microsoft is criticized for the very things open source also does. Now, I'll surely get censored by aggressive moderators who would prefer rather to mod me down to -1 rather than discuss the hypocrisy in what is otherwise an open source echo chamber.

    • Re: (Score:1, Troll)

      by lucm ( 889690 )

      Ubuntu is the Microsoft of the Linux world. Everyone knows that. Why would anyone be surprised by this kind of invasive "feature" is beyond me.

      Also I personally don't get the whole Debian thing, but if someone wants that on their machine, why would they take a retarded relative instead of going for the real thing? That's like choosing Oracle Linux over Red Hat.

    • by Anonymous Coward

      It gets a pass because it actually isn't an ad and because Ubuntu is open source meaning if you don't like something, you can change it.

      Let me know when Microsoft releases the source code for Windows 10 so I can strip all of that spyware, adware and auto update crap from it.

      • It gets a pass because it actually isn't an ad and because Ubuntu is open source meaning if you don't like something, you can change it.

        Let me know when Microsoft releases the source code for Windows 10 so I can strip all of that spyware, adware and auto update crap from it.

        Yes, you're spot on. The Ubuntu MOTD thing is ridiculous but easily fixed by any user with enough knowledge to have installed Ubuntu in the first place. The poster above who claimed there is no freedom in free software was completely wrong. You do have to be willing to put in a little effort (in the MOTD case, very little).

        • Plenty of people use Ubuntu who could not simply fix this, and others will spend time fixing it when they could be making money so this is a costly decision on multiple levels. Bottom line: Linux is still awesome, but Ubuntu sucks donkey sucks even bigger than yesterday's.
          • Plenty of people use Ubuntu who could not simply fix this.....

            Yep, plenty of noobs are going to be logging in on the CLI console instead of into a greeter, all day, every day. Not like the default install a newbie would do includes full desktop and greeter on whatever flavor they have downloaded.... You are aware that MOTD is only displayed in a console TTY yes?

            That's right, the only people who wouldn't know how to fix this are the one who will never even see it. Kind of a really shitty way to deliver ads if you ask me. Almost makes you think that it isn't really an a

            • Despite your SlashID you are clearly a noon yourself. This is a background process running regardless of if anyone uses the terminal. The attack vector is there and people who don't use the terminal are just as vulnerable as those who do. Please don't post anymore until you learn how computers work. Thanks.
              • Yeah, I'm a "noon" whatever that is, because I don't see something as being a great attack vector. Or ad vector for that matter. The only thing slightly worrying is the useragent it sends to get the tailored MOTD data, no compelling need for exact CPU type and uptime.

                Do tell me, how exactly is this so called attack that you worry about supposed to work? Magic text stored in the MOTD file that executes when cat'ed? Maybe you should learn how computers ( and logic for that matter, your post history indicates

                • I haven't looked at the code, but one possibility is to use DNS poisoning to get the computer to pull from a hostile host that sends an endless stream which fills /etc and therefore makes root dir "/" unwriteable. Another is that there may indeed be a buffer overflow that can be exploited allowing code to be executed with systemd privs. My phone changed noob to noon, because like you it thinks it is smarter than me, but is really quite stupid. HAND and FOAD!
    • Re:Double Standard (Score:5, Insightful)

      by cas2000 ( 148703 ) on Sunday July 02, 2017 @04:15AM (#54728399)

      No, neither of those actions by Ubuntu are or were considered acceptable or tolerable. The phone-home search bullshit caused a huge outcry and many complaints until Ubuntu stopped fucking doing it. The MOTD phone-home has just happened and is at the very early stage of that same process.

      Microsoft gets complained about more often when it does this shit because it does it far more often and far more comprehensively. Also, Microsoft either ignores complaints, or pretends to "accommodate consumer feedback" and then just does it again, more sneakily at a lower level in the system so it's even harder to get rid of.

      It doesn't matter at all who does it.

      • If I recall correctly, Ubuntu removed the searches going to Amazon by default. I'm guessing they will also remove this motd crap too. That said, the search crap resulted in me refusing to use their products and attempting to steer people away from Ubuntu. Just like I attempt to steer people away from MS.

        Canonical forgot the golden rules about trust. People will give you an initial level of trust, but that same trust can be instantly lost. Once it's gone, it's extremely difficult to regain.

    • "When Microsoft places ads in the form of recommended apps in Windows 10, it's denounced as evil. When Ubuntu places ads in the MOTD, it's somehow okay and completely acceptable."

      No it isn't, as this response [twitter.com] so clearly demonstrated. Go and take your strawman elsewhere and it is understandable why you would want to post anonymously.

      Placing ads in the MOTD now? Really? [twitter.com]
  • Aha! (Score:2, Funny)

    >> Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"

    So: proof positive that systemd is an evil tool of the devil.

  • by Anonymous Coward on Sunday July 02, 2017 @01:03AM (#54728033)

    Whether the MOTD updates are advertisements or not is almost entirely irrelevant (although it's good for creating extra outrage).

    The problem is that such a monumentally retarded mechanism exists *at all*. In fact, it's even a potential security issue. Sending arbitrary byte sequences to someone's terminal can do some very nasty things, unless they were smart enough to at least restrict it to printable ASCII. It's also an obvious vector for information leakage of various kinds.

  • ...is that most users ignore them.

    We used to have the motd file updated hourly with stats about availability, scheduled maintenance, disks that users should do some personal cleanup on, and other stuff that users were calling admins about and nobody paid much attention to the information. The more astute users quickly learned that that annoying information could be eliminated from their session by putting 'clear' in their profile.

    Just like what happens with motd text, users will quickly learn where the ad

  • by Anonymous Coward

    I can't believe this shit was ever accepted. As someone who maintains hundreds of systems with actual users logging in, get the fuck off my lawn.

    In my case the motd and issue files present legal disclaimers. Yet once again we have a case of companies with either extremely arrogant or ignorant people pushing out changes because they can. Yes, motd has been around for decades and everyone who knows what motd is, knows this. Just because we haven't posted a repo on github doesn't mean it's not used, and n

  • I wonder how many use the terminal in the first place for such an ad to be actually profitable anyway.

  • platform="$(uname -o)/$(uname -r)/$(uname -m)"
    arch="$(uname -m)"
    cpu="$(grep -m1 "^model name" /proc/cpuinfo | sed -e "s/.*: //" -e "s:\s\+:/:g")"

    # Piece together the user agent
    USER_AGENT="curl/$curl_ver $lsb $platform $cpu $uptime"

    Nothing really damning. However, there is an advantage to gathering this info, even if it is (mostly) anonymous.

    EG, how long people leave their machines up, how long between a kernel security announcement, and an reboot after that fact, what types of machines the userbase has, an

    • by cas2000 ( 148703 )

      The problem is that it does this by default, without even asking for permission.

      If people want to voluntarily participate in a cpu/kernel/uptime survey, that's great.

      Forcing them to unless they happen to be aware of it and have the time to find out how to disable it is not great. it is the exact opposite of great. it is evil shit.

      This is why, for example, popcon (the package "popularity contest", http://popcon.debian.org/ [debian.org]) is an optional package in Debian, not even installed unless you deliberately choose

      • by Blymie ( 231220 )

        One must define levels of 'wrong'.

        "Evil shit" might be a bit much. In the world of 'evil', this is like jaywalking. Or, not picking up your dog's shit.

        • by yuhong ( 1378501 )

          Yea, the problem with the Ubuntu search term debacle is that they were sending things like local filenames and making money off it. This is not the case here.

  • two points (Score:5, Insightful)

    by cas2000 ( 148703 ) on Sunday July 02, 2017 @04:04AM (#54728381)

    1. phone-home shit like this is evil and companies like ubuntu should just STOP. FUCKING. DOING. IT.

    2. it's a bit fucking rich for hackernoon to complain about this when you can't even view their web site without enabling javascript from at least 6 different sites. They should just stop fucking doing that shit too.

  • Or BSD?
    Or Haiku Project https://www.haiku-os.org/ [haiku-os.org]
  • People don't like their OS to make network connections without a good reason. When I install a system, i expect it to make NO traffic at all, when I am not doing anything with it.
    We can talk about stuff like NTP and update checks, IF I explicitely enabled it possibly automatic updates. But no fetching of random messages. What's next? Fetching new wallpapers? Sending telemetry data?

  • Went through this thread several times. I fail to see the crisis that has people pounding on their keyboards red faced and bulging bloodshot eyes.

    I guess this never would have happened if we hadn't allowed systemd into the ecosystem.

  • My .hushlogin is 25 years old.

  • Just set fortune cookie to overwrite /etc/motd every day.

    Can lead to really funny stuff and some fun with admins.

Quantum Mechanics is a lovely introduction to Hilbert Spaces! -- Overheard at last year's Archimedeans' Garden Party

Working...