I plan to run LTS on my laptop from now on, so that I get a stable desktop environment. I used to be a sucker for running the latest and greatest, but I guess I'm too old for that now.
I wonder how my applications will fare. I would like to have the latest version of Firefox, emacs, git, and so on. It's the desktop environment and OS itself I want to be as stable as possible. I'd also like to get the most recent kernel, I think, since the kernel is pretty darn stable and rarely has regressions, at least in my experience.
I also learned that there's an official plan for 18.04.1, to be released July 26th. This is the release that will prompt 16.04 LTS for an upgrade. In other words, the official upgrade path for an LTS is to wait for the first patch release, and not upgrade immediately. So I'm considering waiting to update from 17.10 until 18.04.1 is out.
To get the latest version of an app you can use snap-packages. E.g. to always get automatically the newest version of LibreOffice: sudo snap install libreoffice
Don't forget to remove the preinstalled – and soon outdated – .deb-package version of LibreOffice :)
the Snap packages are really nice when installing. However, i got a lot of issues with accessing network shares and other mounted drives from inside the applications. I also ran into issues where the cache from one of the applications (Spotify) would not migrate to another disk, so i ended up uninstalling all snap apps out of frustration and installed them locally.
Nope, they use a much more sane paradigm of letting the package manager handle updates, much like in iOS or Android. That way you can have your entire system update when needed, rather than whenever you start each individual program.
Programs are not supposed to update themselves, but some like Telegram or Steam annoyingly do.
On the other hand the only users that predictively fall to browser exploits when we run end user targeted red-team ops are the devs and IT peeps that run Linux instead of OSX/Windows.
In fact across the board Linux machines in many enterprises are more likely to run outdated and possibly vulnerable software.
It sounds like that's a failure of your IT team to handle updates. Either that or your sourceless claims are just to spread FUD.
Most distros have different update channels so that you can install security updates without feature updates. Tools like unattended-upgrades make it trivial to automatically install daily security updates. You can then manually install other updates at a later time if you're concerned with breakage.
I'm very well aware that there are ISM solutions for ensuring updates for all operating systems.
For Linux Desktops it is especially hard since many of the solutions are not oriented for desktop users and when the package manager is not used there are gaps in software enumeration.
The best solutions I've seen so far are essentially block access to all online repos and manage your own but many organizations don't want to go that route, with ubuntu you can even use the "appstore" UI for displaying only your repo.
Your thinking is also too narrow while I gave examples from a managed environment there are plenty of Linux users running on unmanaged machines. Most users even "technically savvy" ones are not going to be reading release notes and reviewing CVEs daily via RSS.
Having a reliable way to ensure automated updates for Linux especially for commonly used and exploited software is an important tool to have and I wish more repos would implement something like Windows Update than say "what if Firefox puts in a keylogger" because that isn't a good argument as you can argue to them back "what if you put in a keylogger?" if you already pull your updates from your distro's managed repo you already accept that risk as such the risk of having no automatic updates at that point makes you less secure not more.
If you want to use a different repo or build everything from source locally that's fine but that is a completely different security model.
Also neither shifting the blame or claiming FUD are good arguments.
Firstly there was no blame associated with the end user, at any point where there is a security system failure the end user isn't the "causal factor" doesn't matter if it's an unpatched system or did clicked on a phishing link they are do not own any of the causal blame.
As for FUD, calling something FUD is generally intellectually lazy and is used to end an argument by moving the goal post and changing the subject.
This is because Ubuntu doesn't automatically install updates by default. On Fedora you can install updates when shutting down your computer, resulting in less people delaying it.
My point wasn't about Ubuntu or not but rather about this so called "threat model" that is the reason behind the lack of automatic updates.
The threat model is simply not valid for the security model that users who use a package manager follow.
Don't get me wrong supply chain based threat models including the source and intermediates are a valid concern.
But you already accept those risk by using a package manager and a managed repo which contains the source code and or binaries for the applications you want.
Not providing automatic updates to protect me from Mozilla won't reduce the risk when the risk from the package manager and the managed repo is just as high if not higher it just increases the overall risk as now I need to ensure that I follow their release cycle closely to make sure that my browser is always up to date.
That's not for "Linux" to say. It would be easy to set up a Linux system that updates automatically, but it's more sensible to have the user review changes before updating. This is the default policy in all Linux distributions I'm familiar with.
* Traditional Windows Apps
=> bazaar, everyone does whatever they want
* Snap Apps
=> centralized, the snap-system updates the apps on a regular schedule
Traditionally on Linux there was only the system-package-manager to update the system and applications. Snaps are confined (unless declared --classic) and allow to have a stable base-system and up-to-date applications.
PS: Can't say much about how snaps compare to macOS.
On macOS it is a combination of centralized (if you install through the App Store) and free for all. Almost all applications that auto update use the same framework though (Spark) so the update look&feel is usually the same.
There are five ways to have update software on Ubuntu Linux these days:
* Ubuntu Store (snap).
* Via Flathub (flatpak).
* Official deb repository pool (apt-get).
* Community maintained PPAs (apt-get).
* Other, tools like appimage, nix, linuxbrew etc. etc.
If you are not fan of terminal tools, sometimes "Software Updates" popup will appear to ask you if you would like to install new updates.
By default there isn't any self-update enabled (please correct me if I am wrong), though it is recommended to configure automatic updates of unattended-upgrades [1]. In my experience 17.10 were asking about installing updates when you were shutting down or restarting OS.
> I used to be a sucker for running the latest and greatest, but I guess I'm too old for that now.
This seems to be much easier these days. Around 10.x / 12.x releases being on recent versions of everything made a lot of sense. Especially with browsers not updating separately from the main repo. There were actual, big improvements with drivers, power management, hi-res support, and other things. These days, I don't see that many reasons to keep current. All the tools I use are stable and almost old - vscode may be the only new one in 5 years. That's my anecdata anyway.
You can always use something like the Nix package manager[1] to install Firefox, Git, and Emacs, and leave the rest to Ubuntu. Save for Firefox, which I install from a tarball and use auto-update, I have been doing that with Debian stable on my laptop, and it works well.
So they will run on X11 that's from Debian stable? Will for example Emacs read your .Xresources from your home directory?
I've been eyeing this setup with Guix but I have some concerns. If I install a newer version of GCC through Nix/Guix, can I run update-alternatives on it?
Yes, it will run on your system X11 obeying your .Xresources. I have never tried using update-alternatives to replace the system-wide GCC (or any piece of software for that matter).
Yeah, life really is nicer if you only have to muck about with the software you actually care about. I've been using LTS for several releases now, and have remained in blessed ignorance of X.org settings for most of that time :)
I would avoid running LTS unless you really need the stability. Otherwise, having the latest applications (and utilities like git) is going to be difficult.
I'm on 16.04 and I have no problems with that. I use the repositories of the developers, so I get the latest versions. I use Canonical's repositories for the OS and the software I don't really care much about. I had no problems with this approach (LibreOffice, PostgreSQL, etc). I occasionally run some software in a docker container to get the latest version, or to run multiple versions of the same server application (example: I've got two Redis for two different projects). Asdf [1] can manage multiple PostgreSQL versions (and several languages).
The real advantage of staying on a LTS has been no big updates and no changes in the GUI. I'm on Gnome Flashback which I tweaked to be as closed as possible to Gnome 2. It seems that Gnome Shell eventually got enough extensions to also make it look like Gnome 2. I'll give it a try again after those memory leaks will go away. I can probably stick to 16.04 for another year before developers start skipping it in their builds.
Edit: I checked and I have git 2.17.0, which is the latest version. I keep it up to date with ppa.launchpad.net/git-core/ppa/ubuntu
I'll definitely look into Gnome Flashback. I'm not all that happy with Gnome 3. It often fails to restore my windows when attaching an external monitor at work, and the caffeine extension for keeping the display on during presentaitons etc somehow managed to lock up Gnome entirely when suspending. A sign of a unhealthy plug-in architecture, maybe...
It is worth noting Ubuntu comes with snap and flatpack support since latest two releases, and it works flawlessly for most of GUI applications. Sadly there isn't many CLI tools available to download like aforementioned git or zsh.
On newer laptops, disk space is at something of a premium (SSDs are expensive, so the disk size got smaller again), so Snap / Flatpak / Appimage are a bit of an issue.
I'd argue that's less of an issue these days. Hopping between LTS releases seems to be the most productive and free from issue way of working, at least for me.
The main thing is latest browser versions and they still ship with the LTS release.
There's an ppa for the latest emacs and fish shell anyway. Maybe I can find a ppa for git. My other editor, IntelliJ, updates itself. Spotify also has its own repo.
When using core tools (like git) in a large company, there is zero chance of everyone having the latest version. Nobody builds anything assuming you have the latest version and so everyone can keep working. We can't even rely on everyone having access to worktrees!
The stability of LTS far, far outweighs every new feature I've found so far. It's a no-brainer when you are trying to get stuff actually done and don't appreciate having to regularly waste cycles on your toolbox.
The only reason why i would NOT run the LTS, is if i need some very new and fancy kernel version. However, even then they normally get backported into LTS, but sometimes that wait can leave you without something critical (like wifi or hibernation / sleep support) for months. There is always the option of recompiling the kernel from LTS to support the driver you want, but at that point, i would just go with the latest release.
Great release, with great features, and still a really (really) bad UI. The new theme has so many inconsistencies and bad decisions made. And I find it really cringy for an LTS release to distribute this new theme as the default one.
I hoped hard the communitheme would be the official theme of this release, but no.
Examples:
- The active directory effect in Nautilus's sidebar makes me thing there were two sidebars with different purpose [1]
- Changing the background of every other rows in the settings look weird. The fact they are splitting settings by group do not help. I thought it was a theme glitch, and found out it was an actual feature [2]
I understand why people are interested in more serious theme (arc-theme) or even other Ubuntu-based distros (elementary...).
Personally I have no idea why they rolled these theme styles for nautilus while they have been worked on Communitheme [1], which does not have tab-like menu [2]. However I'd like to note even in adwaita (and many other styles) there is design inconsistency between nautilus and gnome-tweak-tool. Sadly, Ubuntu dev team and community have not released any stable version Communitheme yet, so they were too late to bring new, consistent theme to 18.04.
yes - and the best solution I found is a long and cryptic series of commands involving "apt-get purge" ... as long as those kind of issues bother users Linux is practically not usable for non-technicians.
Weird, I am still getting "No new release found." when running `do-release-upgrade`...
EDIT:
Found the answer in another comment:
> I also learned that there's an official plan for 18.04.1, to be released July 26th. This is the release that will prompt 16.04 LTS for an upgrade. In other words, the official upgrade path for an LTS is to wait for the first patch release, and not upgrade immediately. So I'm considering waiting to update from 17.10 until 18.04.1 is out.
If you really want to upgrade, you can run `do-release-upgrade --devel-release` (or just -d), which will get you from 16.04 to 18.04. Apparently, 18.04 is considered an development level release from the perspective of 16.04?
(I don't really know what I'm talking about here.)
There is an experimental feature that enables it on Gnome with Wayland [1]. The result is off in various ways though (blurry things here and there, some weird positioning). At least on my Fedora install I just keep it at 100% on my 4k 30" screen and then use the tweak tool to adjust font sizes to 150%. That works reasonably well and as a benefit makes those huge title-bars not so huge any more.
Unity's approach introduced some visual glitches due to rounding errors and didn't work with multiple monitors (with different dpi), I wouldn't call that "solved".
https://news.ycombinator.com/item?id=16931491