Mark Shuttleworth Reveals Ubuntu 18.04 Will Get a 10-Year Support Lifespan (zdnet.com) 110
At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span.
When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.
When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.
Re: (Score:1)
If Canonical keeps their release cycle of an LTS version every two years, it might be a lesser PITA than the forced updates on Windows10.
You could take every second LTS version, 4 years apart, and probably have less troubles than with Windoze. Right now, there is a Win10 company laptop behind me that has mysteriously "lost" WLAN a while ago. It also says in Settings => Windows Updates that it cannot search for updates because it is not connected to the internet. Actually it is on Ethernet right now and I
Re: (Score:1)
Only in this case a reboot does not help.
Re: Free or paid? (Score:2, Interesting)
This.
You used to be able to buy extended access to repo for $250. Then they stopped responding and blocked me from the repo. This is AFTER they had promised the service would be available to buy for 4 years at least.
After continuously trying to contact them I found out they now have a minimum spend, and if you are below it they don't want to know about you. and don't even bother responding to you. There sales team is on a commission where only the new volume deal count for anything.
Ubuntu eventually updat
Re: (Score:3)
Why not let the actual users decide how long? (Score:2, Interesting)
This should be a feel-good story, but... I already upgraded one of my Ubuntu machines past 18.04 and I'm mostly annoyed.
Here's a crazy idea: Why not ASK THE USERS how much support they are actually willing to pay for? As long as there are enough users who are willing to chip in to keep a particular version alive, then it can stay alive. When there are too few users, then it just has to die.
My vision of the "chip in" is on the order of 10 bucks, which isn't much, but you would get to multiply by the number o
Re: (Score:2, Insightful)
uh, since $10 is less than what they actually charge, and they picked 10 years based on their actual paying customers' feedback, they are doing exactly what you are saying, minus the whining.
https://www.ubuntu.com/support/plans-and-pricing#ua-support
Re: (Score:1)
Clearly you’re not in charge of things
Re: (Score:3, Insightful)
This is how things have always been in the free world: the users can singularly or collectively decide how much they're willing to offer and under what terms to get someone to do programming work. Thanks to software freedom, anyone with a copy of free software also has the freedom to get someone to improve that program for them, for any definition of "improve". The rest are details to be negotiated in a work contract such as how much to pay, who will do the work, contact points for progress updates, and whe
Re: (Score:3, Interesting)
Where is this "free world" of which you speak? Mostly it makes me think you're one of those Libertarians with a totally distorted understanding of reality. Having a theoretical freedom to do something is NOT the same as having any meaningful capability to do that thing. However the real problem with the real world in contrast to the Libertarian fantasy world is that the information is never equally or fairly shared. It's like the delusion that stock prices reflect perfect information of the real value rathe
Re: (Score:1)
How about we not clap such an onerous tax burden the people actually making jobs for Americans? Venezuela did that and nationalized stuff left and right, and they basically have a failed state.
The US is thriving, with the stock market at record highs, and the economy hotter than ever. Lets not plunge ourselves into another 2008. Libertarian values are at the helm right now, and the country is experiencing prosperity unthinkable just a few years back.
Oh, and most of these people drive better cars than you
Re: (Score:2)
My take is that we need different economic models. For example, I think we should have a pro-freedom anti-greedom taxation system as part of the general solution to the monopoly problem. The tax rate on corporate profits should be progressive, but not in absolute terms, but rather based on market share.
This is one of those ideas that sound plausible on paper but when you look at it in practice it will bring registration and gerrymandering hell to everyone as politicians, lobbyists and corporations manipulate what is "the same" market. Like for example if you produce salmon are you in the salmon market, the fish market or the food market? Luxury brands like Rolex will be taxed almost nothing as they're a tiny segment of the watch market. Every professional eBay seller would have to register every product b
Re: (Score:2)
There are responses to your comments. You actually raise some valid points. Not new points. Not points that I have not already considered in some detail. Not points that cannot be addressed. But still valid. They merit response.
However your offensive attitude says it would be a waste of time to make the attempt. Congratulations on being an archetype and poster child for closed minds. I wouldn't want you to hurt yourself by thinking too hard.
It's sort of interesting to watch how the Internet in general and S
Re: (Score:3)
I think that they needed to compete with Red Hat, which has been offering 10 years of support on their OS releases since RHEL 5.
Even that doesn't seem to be enough time for some organizations, who are still using RHEL5 on their servers and friggin Windows XP on their client systems.
Re: (Score:2)
That would be an important economic consideration if Ubuntu were a normal business. However the primary economic model of Ubuntu is big-donor charity, and in that case too many of the crucial decisions depend on what the big donor wants. Another way to interpret my position is that I am advocating for a little-donor model, whereas many of these decisions would depend on what the little donors are willing to donate for. Cost recovery, not profits.
I actually speculate that the big donor behind Ubuntu would lo
Re: (Score:2)
Sometimes I wonder if Microsoft, or Google would be an ideal suitor for Canonical. Since Ubuntu is one of the defaults in both WSL, and Hyper-V, it would be ideal.
I do have my reservations about IBM and RedHat. On one side, I know IBM wants some revenue after buying RH, as they didn't buy it for altruism. However, for a big company, it is a good match, since IBM has been selling RedHat on a lot of their POWER and zSeries line for a while.
Re: (Score:2)
Sometimes I wonder if Microsoft, or Google would be an ideal suitor for Canonical.
Sometimes I wonder if Jerry Sandusky would be an ideal babysitter for my 10 year old son.
Jeezuz man, of all the really bad ideas, your's ranks pretty highly.
Re: (Score:3)
Re: (Score:2)
I absolutely agree with you, but we could both be wrong about how many old machines are out there and how many people might be willing to pony up 10 bucks to keep using an old machine. The essence of my suggestion is that there should be a mechanism to let them be visible, but in a sense of giving them meaningful freedom to choose whether to keep supporting their old distro, switching to and supporting a competing distro, or even "investing" (on a charitable basis) in creating a new distro.
Re: (Score:2)
While I agree in theory with you; I think in practice anything greater than 10 years is not practical. Providing support has a definite price to pay in terms of resources and providing for a decade is an extremely long time. Just think back to what the computing landscape by going back every 10 years ago will make this obvious.
What's obvious?
* AMD and Intel had x86-64 already (2000/2004)
* Double data rate type three SDRAM (DDR3 SDRAM) has been in use since 2007
* PCI-SIG announced the availability of the PCI Express Base 2.0 specification on 15 January 2007
* Since 2004, AGP has been progressively phased out; by mid-2008 only a few models remained
* The USB 3.0 specification was released on 12 November 2008
* SATA's market share in the desktop PC market was 99% in 2008
* 802.11-2007 rolled up all the 802.11a/b/g amendments (1997-2003)
Re: (Score:2)
This is about corporate. I have upward of 2000+ servers and $1.5billion in spend. All i need is one vendor/partner to cry foul and say that their platform depends on unsupported technology that is subject to a zero day flaw resulting in me having to spend stupid cash for one vendor not having an upgrade strategy. Awesome from Ubuntu.
Whats important to recognize is that they understand their needs of their fellow sysadmins and teams and they are willing to commit engineers and r&d to support. They sh
Re: (Score:2)
You should be clear that the "I" in your comment is not you, but rather some hypothetical CTO at a giant company. However I'm afraid that you comment mostly reveals that you don't even know how Canonical is structured now.
It would probably help to clarify things if you would summarize your history with Linux in general and Ubuntu in particular. I can't really remember for sure, but I think I've been using Ubuntu since the 3rd or 4th release. There was one with a double-D name, but I can't remember if that w
Can they also adjust the licence... (Score:5, Insightful)
Unsupported devices need to fall back gracefully (Score:3)
Is that your best idea for a constructive solution? Seems really thin, but maybe you want to flesh it out? However you provoked me into solidifying one of my additional suggestions a bit.
Devices or software that need security support should have a fail-safe mechanism. Such a device should know how to check whether or not it is still supported for its security updates, and when it cannot confirm the positive status, then it should be designed to fall back to an unsupported status with whatever limitations it
Re: (Score:2)
Is that your best idea for a constructive solution?
Nope - my best idea for any IoT devices that require connection to a vendor server is to hit them repeatedly with a hammer.
The same approach should be used on the vendor.
OK, so perhaps not "constructive" in the literal sense, but still...
Re: (Score:3)
Nope - my best idea for any IoT devices that require connection to a vendor server is to hit them repeatedly with a hammer.
What about this: any IoT device should refuse to contact the wide Internet unless it can periodically contact an user-configurable update server?
This would handle all major use cases: 1. no network, 2. local network only, 3. Internet at large; provide a reasonable default for the uneducated crowd while giving control to those who want it, and provide a configurable compromise between privacy and updates.
Ubuntu uses apt, and there's a large selection of tools to set up your own mirrors, caches or own reposit
Re: (Score:2)
Mostly just noting that I think we are basically in agreement, though you also seem to be feeding or supporting YuppieScum in some way. I can only see his latest contribution as justified if it's a bid for "Funny" mods, but if so, it's a rather low bid.
Your [KiloByte's] contribution is one implementation approach. My perspective is sort of higher level. Basically I'm trying the say that any device (but especially Internet-connected devices) should not do dangerous things. In the case of a device that needs
Re: (Score:3)
That is an interesting idea. There are a lot of advantages of this. Especially if the device would know that it would be updated to a certain time/date, then from there, it is on its own.
I do see a few faults, knowing IoT vendors, and their callous attitude:
This can be used as a denial of service attack, if an device is isolated from the mother ship somehow, goes into fail-secure mode, and loses functionality. Or, it is used to ensure devices have an always-on Internet connection for slurping telemetry 2
Re: (Score:2)
I partly agree with you, but my main disagreement would be about the DoS attacks. There has to be a motivation for a sustained DoS attack, and just shutting down someone else's systems has limited benefit. If the goal is simply to deny service, then there are lots of ways to do it, and I don't that forcing devices into their safe modes is likely to be especially effective or damaging (as long as the devices also recover gracefully when communications are restored). In any case, the source of the DoS needs t
Re: (Score:2)
What would be an ideal is a UL-like entity, but for IoT stuff. This entity would have standard security measurements, and would enforce security [1] updates for "x" amount of time, perhaps with some surety presented if a company fails to live up to their promises.
[1] Security as in protection from remote attacks, not just jailbreak resistance, which often get confounded. In general, IoT makers love jailbreak resistance, but hate having to work on protection from remote attacks, since it means fewer featu
Re: (Score:2)
I think UL is a testing organization? Let me see. Ah, yes. Underwriters Laboratories. Not a bad approach.
However I think in the terms of this discussion you basically need a way for the device to run a checksum on it's own code and compare it with the checksum it gets from its home server. If they do not match and the device cannot update itself to make them match, then the device should only be able to do "safe" things. Arbitrary example, but if it was an IoT refrigerator, then it would fall back to normal
Re: (Score:2)
Why it won't improve security.
Angry user mob: The device you produced was discovered to have a backdoor! You need to update the firmware!
Dodgy manufacturer: We have issued a security update, see changelog.
Change Log:
Backdoor password changed.
Re: (Score:2)
Updates are not a solution to the IoT problem. There is just no way we will ever get manufacturers to support devices for 10+ years, and even if we somehow did they would just go bust or lose their update signing keys anyway.
The fix is security in depth. Build a well secured OS with only the absolute minimum required for the application, to minimize the attack surface. Don't allow connections in or out except via a VPN back to the company server, or locally. No UPnP etc. Set up a sandbox for the application
Re: (Score:2)
Better than for Windows now (Score:3, Interesting)
At first glance, Canonical is only matching the 10 years Microsoft used to promise for Windows, counting extended support. But if you look closer, Microsoft already is weaseling out of some edge cases (the latest Intel CPUs and AMD's Ryzen on Win7).
So I'd bet on Ubuntu 18.04 being a safer option than Windows 10 for a system you want to keep for a long time. Let alone that Ubuntu 18:04 was released almost three years after Windows 10. So even if both companies keep their 10 year promises, Ubuntu 18:04 is the better long term option from today's perspective :)
Good (Score:5, Insightful)
While I do not use Ubuntu (I use Debian sans systemd-crap), this is good news, as it sets standards for everybody else.
Thanks, Canonical! :-) (Score:2)
Re: (Score:2)
May I ask whether you put any actual money on the horse? I think you're just speaking metaphorically.
Just guessing, but (Score:2)
corporate chirping (Score:2)
"we don't share your data" - Face book
"don't be silly on bear stearns" - Jim Cramer, Mad Money
" We can't be sued for lying to shareholders because it was obvious we were lying" - Wells Fargo CEO
"you can't possibly use all that 10Mb hard drive" - someone said about the 10Mb PC hard drive
"we'll support it 10 years!" - Ubuntu....
The real question, "how big a sucker are you?"
Re: (Score:2)
But will linux on Windows 10 support systemd?
No. [slashdot.org]
Re: (Score:2)
Poor Canonical engineers (Score:1)
Imagine having to support a SystemD-based Linux distribution for a decade!
Re:Poor Canonical engineers (Score:4, Informative)
You realise one of the key reasons for adopting systemd was that distribution maintainers have LESS work to do right? Not having to manage a shitload of nasty scripts was one of its great selling points to the maintainers.
Plus within the next 5 years systemd will have included the entire userland including a web browser and an office suite and will all be delivered via a single package that auto-updates regardless of whether you've set your system to do so or not. The engineers will only have a single package they need to test and everyone will be happy as pie.
Oh and systemd-mail will include adverts unless you subscribe to systemd-cloudoffice.
Re: (Score:3)
You realise one of the key reasons for adopting systemd was that distribution maintainers have LESS work to do right?
That's the only upside of systemd I know of: it reduces the work of maintainers if they ship upstream integration as-is. But if the maintainers try to improve it, it all falls apart (case in point: Debian systemd maintainers still didn't manage to split the package to put the kitchen sink, bicycle and fish bowl (aka different components of systemd) apart. As for benefits for the user... nope. But alas, when distribution maintainers and users disagree, the former prevail.
Not having to manage a shitload of nasty scripts was one of its great selling points to the maintainers.
Right. A typical init script is o
Re: (Score:2)
(case in point: Debian systemd maintainers still didn't manage to split the package to put the kitchen sink, bicycle and fish bowl (aka different components of systemd) apart.
Still didn't manage to implies they were actively trying. Do you have evidence to back up that statement?
Right. A typical init script is one line (using #!/lib/init/init-d-script), systemd usually requires you to edit 3-5 files.
Sorry but that is known horseshit. No major distro used that method, including Debian due to shitton of customisation used by each package. I remember this argument when systemd came out. The *average* init file used by Debian at the time was over 150 lines, though some of those were comments.
Also if you're editing more than 1 file to create a systemd unit then you're doing something very wrong. Though
Re: (Score:2)
SystemD is kind of like LSB. So many other packages have come to depend on SystemD because package maintainers love the fact that they can count on it providing the entire set of utilities and not some unpredictable selection chosen separately by each distro. If it were just an init system it wouldn't have gained so much traction, it's the way it gobbled up everything else that made it the easy lazy thing to require.
Market it to people on Windows 7 (Score:4, Interesting)
Re: (Score:3)
Alas, GNOME. It's not reasonable to expect Windows users to learn a completely different interface type, especially if there's no direct benefit from doing so. Such users also don't yet know they can switch the user interface.
Re:Market it to people on Windows 7 (Score:4, Insightful)
Not only that, Windows recently insisted their users all learn a completely different interface type.
Re: (Score:2)
Windows recently insisted their users all learn a completely different interface type.
And backpedaled so fast it was halfway neutered by the next point release, and almost back to normal by the next major version?
Exciting as a grandma OS (Score:1)
This is cool because it means I can put 18.04 on a friend or family member's computer and just not worry about upgrades. I can say it's good for the realistic life of the computer. Where a 5 year OS was probably not going to outlast a desktop computer, especially for a non-technical person who doesn't get excited about upgrading their system.
Home of the once-a-year 24 hour fiasco (Score:2, Interesting)
Just a few days ago I was loading Python packages on my 10 old (but fairly fast due to a SSD) desktop for a development project. I accepted an upgrade message suggesting I move from Ubuntu 18.04 to 18.04.1. The computer has old built in graphics and the upgrade dragged in a package called ubuntu-desktop that dragged in something that completely broke my graphical desktop. It turned out the computer was running Linux just fine and I could ssh into it and get a shell prompt. All I needed at that time was inf
Ubuntu used to be such a great distro (Score:2)
And every release just got better.
Sad.
Re: (Score:1)
Re: (Score:2)
I welcome this news but.. (Score:3)
Re: (Score:2)
The real reason I suspect is embedded - there are still times we use Ubuntu 14.04 because we have to support customers using old Android versions. You can use Ubuntu 16.04 to build Android 7, 9 and 9 projects, but older projects require older Ubuntu versions to build.
We only started provisioning Linux machines with 16.04 this year because we couldn't find machines that run 14.04 without patching, but also because for the most part, most projects are using Android 7 and we've got Android 8 BSPs so most new e
Cannonical don't write the software (Score:2)
OpenStack self install (Score:1)
For those of us who don't have $75,000 to install OpenStack, you can do it yourself, https://www.ubuntu.com/opensta... [ubuntu.com]