Canonical Preps Security Lifeboat, Yells: Ubuntu 12.04 Hold-Outs, Get In (theregister.co.uk) 88
Gavin Clarke, writing for The Register: Canonical is extending the deadline for security updates for paying users of its five-year-old Ubuntu 12.04 LTS -- a first. Ubuntu 12.04 LTS will become the first Long Term Support release of Canonical's Linux to get Extended Security Maintenance (ESM). There are six LTS editions. All others have been end-of-lifed -- and given no security reprieve. LTS editions of Ubuntu Linux are released every two years. Desktop support runs for three years and the server edition receives security patches and updates for a period of five years. Security updates for 12.04 were scheduled to run out on April 28, 2017 but that now won't happen for those on Canonical's Ubuntu Advantage programme. They'll now receive important security fixes for the kernel and "most essential" userspace packages on their servers running 12.04. In what's shaping up to be Canonical's Windows XP moment over at Microsoft, the Linux spinner rolled out the lifeline because customers are clinging to 12.04.
Re: Should not be necessary. (Score:1)
Re: Should not be necessary. (Score:1)
I don't know if you've ever done bug hunting on a large codebase like the Linux kernel, but it's hard. Stupid hard on code that has been audited thoroughly, because all the low hanging fruit has been found already.
An experienced bug hunter can review the same code many many times before finding a subtle bug, and there just aren't that many people out there with that skill set. Also consider that some appreciable fraction of those people are finding bugs for private, offensive use rather than to fix them.
Re: (Score:1)
Re: Should not be necessary. (Score:2)
I cannot understand...
Is this a riddle? I know the answer! It's because you're a shill, right??
slashdot being trolled by Dancing Monkey Boy .. (Score:2)
ref [slashdot.org]: "After all this time, there should have been enough eyeballs scouring the open source code for vulnerabilities that it should be impregnable. I cannot understand how something like this could happen with open source being constantly audited by all its users for bugs before they compile and install."
XP moment: not quite (Score:3, Interesting)
In another 5-10 years, this may be true. Mainstream support for XP lasted a decade, and some versions were supported for 13 years. 5 years support for an OS is, as The Orange Asshole would say, "Sad!".
Re: (Score:3, Insightful)
I think people are hanging onto 12.04 because the next LTS release is where Ubuntu started to go off the rails.
Re:XP moment: not quite (Score:4, Insightful)
Umm.. As far as I'm concerned, the next LTS, that being 14.04, is just fine... Its the following one, 16.04 that DEFINITELY "went off the rails", that being systemd.. All my systems are staying on 14.04 until close to its EOL, in April 2019, giving me 2 more years to find a non-systemd alternative to Ubuntu.. I'd rather stay with a Debian-derived OS, but its looking like I may be going back to my Linux "roots", that being Slackware, where I started with Linux in 1994..
Re: (Score:2, Insightful)
I seriously doubt Patrick Volkerding is gonna go down the systemd "rathole"... Although if for some insane reason, he did do that to Slackware, like you say, theres always the 'BSD's, which wouldn't be so bad to replace Linux...
Re: (Score:2)
Go download an iso and fire up a VM? Make sure install the handbook in the install as you will need it. Only downside to BSD is being conservative it is a very basic install. No bash or Xorg. You can install those and make it into a Linux like distro by installing bash and gnuls instead of bsd ls with --color option (how is that compared to Unix like lol). Also it comes with clang. GCC is still there via the ports in usr/ports as well as the binary pkg-add utility.
Clang eats ram for breakfast and I did a /u
Re: (Score:2)
All those things that you claim are bad downsides, are the very things I like more about BSD and dislike about Linux. You've shown above how easy it is to solve your own complaints. I rather not have X and just install it if needed, that have tons of X shit by default that I don't need that I have to go down dependency hell lane to remove junk. And just try to see how far you can get ripping out systemd from Linux. ...yeah good luck with that. At least the PulseAudio and NetworkManager bullshit are easy fixes.
That's what I love about FreeBSD too, but hate sometimes. I love that it not only supports tinkering, but ENCOURAGES IT! THe whole system is built from the ground up to do whatever you want on it. Isn't that the traditional power of the PC over the Mac and appliances?
Problem is it rather is a pain in the ass if you want a quick desktop. But, it is very well designed. I loved /usr/share/examples where CVSUP used to be be. I remember FreeBSD 4.x used to have sample /etc/x scripts you can use. I HATE RC. FreeB
Re: (Score:2)
I think you'd best count on Debian doing this at some point. The only solutions are either to move to one of the looser distros like Slackware, or to FreeBSD. While I do love Slack, I don't know if I'd ever have enough confidence in it to put in a server room, so that leaves FreeBSD, which is where I'm heading. It does take some getting used to, I have to put on my old quarter century old Xenix hat to some extent, but it least it actually functions like Unix should.
Re: (Score:2)
Oh yes.. I've used plain-jane Debian quite a bit on several hosted VMs I run, mainly because the VPS vendor didn't have any non-EOL'ed Ubuntu images.. All they had, in 2015, mind you, were a bunch of EOL'ed (12.10/13.04/13.10) non-LTS versions, which nobody in their right mind would use on an internet-facing host, therefore I used/still use Debian there.. I am unaware that systemd can be removed from the current releases of Debian, which is why I started looking at Devuan (or howEVER you spell it) which is
Re: (Score:2)
Consider Freebsd? It's networking performance is very good and it's TCP/IP stack is the standard which is why Cisco used it and Juniper still does.
Freebsd is one of the most conservative and stable versions of Unix and the Freebsd handbook has excellent documentation. Also to mention FreeBSD specific features include jails, Zfs, and dtrace. Hyper-V and VMware support are top notch as well as both Microsoft and Amazon hosting Freebsd on their clouds.
Re: XP moment: not quite (Score:2)
Just throwing this out there: Gentoo or Archlinux with OpenRC.
Insert systemd FUD by LVSlushdat (Score:2)
ref [slashdot.org]: "Umm.. As far as I'm concerned, the next LTS, that being 14.04, is just fine... Its the following one, 16.04 that DEFINITELY "went off the rails", that being systemd.. All my systems are staying on 14.04 until close to its EOL, in April 2019, giving me 2 more year
Re: (Score:1)
A lot of distributions have made their stand on systemd, be it for or against. I found myself in a similar situation when I left Arch for Gentoo in 2012. Gentoo supports any init system you want, really. There's also Slackware, CRUX, Gobolinux, Devuan, Alpine, Damn Small, Tiny, Puppy... tons of smaller distros that aren't swayed so easily.
It's really only the mainstream distros that went systemd. Most of that is due to the campaigning Red Hat developers did throughout the community, from pushing systemd as
Re: (Score:2)
Re: (Score:2)
Actually Hairy you may want to look at FreeBSD. It has an ABI unlike Linux and changes are much much more minimal making it easy to upgrade without stuff craping out.
Unfortunately, it is not for Grandma or our users by far. FreeBSD gets updated all the time and with things not changing you can do a pkg-add or a make install clean at /usr/ports for any package. Since the kernel team and userland are all one there is that sense of integration. Also the scripts in /etc are simplistic. Not horrible if/fi else p
Re: (Score:1)
I'm sorry but no Linux system comes even slightly close to the amount of support you get from Windows, Windows Vista is only now having its free support end, Windows 7 will continue to get updates until 2020 and Windows 8.1 gets patches until 2023...can anybody show me even a single Linux distro that gets free security patches without forcing the user on the upgrade treadmill for this long?
Centos comes to my mind (and of course RHEL). Centos releases are supported for about 10 years, which is about in same level as Windows 7 support.
Centos 5 was released April 2017, and its support is ending 31 March 2017.
Why 12.04? (Score:1, Interesting)
is there something "special" about 12.04? With 16.04 ubuntu got systemd-infested, but was there something after 12.04 that customers don't like? Or simply "we don't upgrade, period"?
Re: (Score:1)
14.04 has unity
Re: (Score:1)
This isn't about desktops. It's about LTS on their server edition.
Re: (Score:2)
Yeah.. but not on Ubuntu 12.04_Server.. which is what _I assume_ is having support extended....
Re: (Score:1)
And that matters on the server edition (the thing being discussed) how?
Re: (Score:2)
is there something "special" about 12.04? With 16.04 ubuntu got systemd-infested, but was there something after 12.04 that customers don't like? Or simply "we don't upgrade, period"?
Probably just the inherent risk and potential cost of changing anything you know works. Had that at work today, we'd stopped updating data on a legacy format that had been properly notified in all the right places that was going to be shut down and that it had been shut down, both the ones formally in charge and the key consumers directly. It was left accessible for legacy data. And then there's one little rarely run side process that ends up with stale data for the last part of the year and the data gets o
Re:Why 12.04? (Score:4, Informative)
For a long time you needed 12.04 to build Android, though recent releases allow 14.04 and I think 16.04 without issue But if you have a range of Android versions, 12.04 will build a lot of them.
Re: (Score:2)
Well it was very stable, has a good desktop environment. In fact if I recall it was the last LTS before unity. Of course Mate desktop gives you an upgrade path now that wasn't apparent back when unity was rolled out.
LinuxCNC has been based on Ubuntu 12.04 for years. I have a hunch that Tormach still uses that base distro for their advanced fork of LinuxCNC. Again for the same reasons as above. Stability and lack of change in the underlying system are very important in this space. Not saying they were r
Re: (Score:1)
Maybe read the submission more closely? This is about Ubuntu server edition support.
Re: (Score:3)
12.04 was the first widely used version of Ubuntu in the mainstream. It also ironed out a bunch of the weirdness from it's predecessors and the versions after it (13.x and especially 14.04) are basically the same on the server side so there was very little reason to upgrade from 12.04 and then after that 16.04 has all it's systemd weirdness that people are actively trying to avoid until 14.04 goes EOL at which point enterprise folks might start doing preliminary testing on it.
If 12.04 weren't going
Help (Score:5, Funny)
Re: (Score:3, Funny)
It's this new invention called a joke.
Re: (Score:1)
Can't tell if austistic or not...
Re: (Score:1)
No, you need ubuntu for windows for those.
Re: (Score:3, Funny)
Hmm, I think you should run Cygwin in WINE. That will give you the best of both worlds for sure.
Re: (Score:1)
They were clearly being sarcastic. Do you need your sense of humor tuned up?
Reason is SystemD (Score:1)
all later versions start to force systemd, or make it really hard to remove.
Why is more recent valued over more stable? (Score:3)
It has always interested me to know what drives companies to upgrade their systems. Let's say you have a farm of 1,000 servers that you've had for 5 years, doing useful stuff, running 12.04 - what incentive is there for you to upgrade?
If they are web facing, and under attack - sure, I get it.
If you are developing cutting edge software for deployment to other hosts - I get it.
But if you are using them to actually do work for your company, say, running some data mining, or hosting a big kafka cluster, why change? The logical point is when you rip the lot out and install new hardware (and decide on a new machine config, including OS) but for existing hardware, shouldn't the OS choice live for the life of the server?
Re: (Score:1)
Security fixes?
Re: (Score:2, Informative)
1) Even internal servers should be running versions receiving security patches to prevent easy pivots once you're inside the perimeter.
2) Vendor support only lasts so long and some companies need/require it to ensure they meet SLAs.
3) Non-homogeneous hardware deployments but homogeneous system builds.
4) Perpetually developing against old libraries will eventually cause you issues when you are forced to upgrade.
Re: (Score:2)
It has always interested me to know what drives companies to upgrade their systems. Let's say you have a farm of 1,000 servers that you've had for 5 years, doing useful stuff, running 12.04 - what incentive is there for you to upgrade?
If they are web facing, and under attack - sure, I get it.
If you are developing cutting edge software for deployment to other hosts - I get it.
But if you are using them to actually do work for your company, say, running some data mining, or hosting a big kafka cluster, why change? The logical point is when you rip the lot out and install new hardware (and decide on a new machine config, including OS) but for existing hardware, shouldn't the OS choice live for the life of the server?
Technical debt and hardware support.
Look you can't expect things to always magically work. Hardware dies, new standards come into play, newer software needs to interact, security fixes, etc. Have you read about struts exploit going on at arstechnica.com?
IE 6 problems haunted my last employer. Guess what they still use it!! In a VM now but still. Technology should always change as things always change. Looking forward and being agile means you pay less being proactive rather than reactive. Also being hacked
Re: (Score:2)
The problem is that existing hardware isn't available forever. Standards change and the underlying hardware changes and you find your $stable_version doesn't have drivers for it.
In theory, virtualization will extend those lifetimes even longer, and it sure seems to be a common use case -- but even hypervisors end support for operating systems.
Re: (Score:1)
Eye candy on the server edition? What?
SystemD (Score:4, Informative)
It's quite obvious.
If you must upgrade try FreeBSD. We don't change things for the sake of changing them their and it is a very stable conservative version of Unix.
Re: (Score:2)
If that were the reason then there is 14.04.
Re: (Score:2)
Or bite the bullet, install a SystemD distro on your desktop so you can learn to live with it.
I'm not a fan, but it's obvious that systemd is where things are heading. Like it or not, the sooner I get on board and learn how to use it properly the easier things will go for me long term.
Re: (Score:2)
My desktop is 16.04 (well, whatever the Mint equiv is), but my two servers are still 14.04 and I have no plans to upgrade them. If I replace the hardware I may end up with systemd, but I am trying to avoid it for server as long as possible. For my desktop I care a lot less and it is becoming more difficult to get a newer linux desktop without it. I do not run server type services on my desktop machine, so my interaction with systemd is virtually none. I do have to use linux machines at work that run sys
Re: (Score:1)
Reading comprehension fail? The sentence is saying no other alreadyEOLed version has been given this reprieve. Versions that are not EOL obviously fall out of the scope of what was being talked about.