Canonical Launches New Free Tier for Its Security-Focused 'Ubuntu Pro' (zdnet.com) 46
"Starting with the Ubuntu 16.04 edition and including the later LTS versions, Canonical will offer expanded security coverage for critical, high, and medium Common Vulnerabilities and Exposures (CVEs) to all of Ubuntu's open-source applications and toolchains for ten years," reports ZDNet.
"Yes, you read that right, you get security patches not just for the operating system, but for all of Ubuntu's open-source applications for a decade." Most of these are server programs, such as Ansible, Apache Tomcat, Drupal, Nagios, Redis, and WordPress. But, it also includes such developer essentials as Docker, Node.js, phpMyAdmin, Python 2, and Rust. Altogether, Canonical is supporting more than 23,000 packages. Indeed, it's now offering security for, as Mark Shuttleworth, Canonical's CEO, said, "Security coverage to every single package in the Ubuntu distribution."
Canonical isn't doing this on its own. It's offering free, improved security in partnership with the security management company Tenable. Robert Huber, Tenable's Chief Security Officer, said, "Ubuntu Pro offers security patch assurance for a broad spectrum of open-source software. Together, we give customers a foundation for trustworthy open source."
Beyond ordinary security, Canonical is backporting security fixes from newer application versions. This enables Ubuntu Pro users to use the Ubuntu release of their choice for long-term security without forced upgrades. Happy to keep using Ubuntu 20.04? No problem. You can run it until April 2030. Knock yourself out....
Users can obtain a free personal Ubuntu Pro subscription at ubuntu.com/pro for up to five machines. This free tier is for personal and small-scale commercial use.
Mark Shuttleworth, CEO of Ubuntu's parent company company Canonical, explains in a new video that Ubuntu "is now the world's most widely used Linux..."
"What makes most proud, though, is that we have found a way to make this available free of charge to anybody for their personal and for small-scale commercial use.... full commercial use for you, and any business you own, on up to five machines."
"Yes, you read that right, you get security patches not just for the operating system, but for all of Ubuntu's open-source applications for a decade." Most of these are server programs, such as Ansible, Apache Tomcat, Drupal, Nagios, Redis, and WordPress. But, it also includes such developer essentials as Docker, Node.js, phpMyAdmin, Python 2, and Rust. Altogether, Canonical is supporting more than 23,000 packages. Indeed, it's now offering security for, as Mark Shuttleworth, Canonical's CEO, said, "Security coverage to every single package in the Ubuntu distribution."
Canonical isn't doing this on its own. It's offering free, improved security in partnership with the security management company Tenable. Robert Huber, Tenable's Chief Security Officer, said, "Ubuntu Pro offers security patch assurance for a broad spectrum of open-source software. Together, we give customers a foundation for trustworthy open source."
Beyond ordinary security, Canonical is backporting security fixes from newer application versions. This enables Ubuntu Pro users to use the Ubuntu release of their choice for long-term security without forced upgrades. Happy to keep using Ubuntu 20.04? No problem. You can run it until April 2030. Knock yourself out....
Users can obtain a free personal Ubuntu Pro subscription at ubuntu.com/pro for up to five machines. This free tier is for personal and small-scale commercial use.
Mark Shuttleworth, CEO of Ubuntu's parent company company Canonical, explains in a new video that Ubuntu "is now the world's most widely used Linux..."
"What makes most proud, though, is that we have found a way to make this available free of charge to anybody for their personal and for small-scale commercial use.... full commercial use for you, and any business you own, on up to five machines."
Re: Python 2?! (Score:5, Insightful)
Ubuntu's python strategy is poor, but that's because python's python strategy is poor. Unfortunately a ton of projects have not been updated to python 3, so you still need python 2. Even more unfortunately ubuntu's dropped the library packages for 2 so you have to run around getting all the deps lined up, you can't just install packages any more. And the deps for the deps can be a terrible PITA.
Sadly many devs seem to think that this is all ok and if they just give you a snap or flatpak that all is well. Because sure, I want umpteen copies of every library! Surely there could be nothing bad about ancient versions of all that crap running on my machine at once.
Then again, if you see python used for a major project you know the devs don't care about quality or performance anyway...
Re: (Score:2)
I've had to clean out snap and flatpak systems before that were so broken they were running at 10% normal speed and lots of software not even related to snap/flatpak were breaking. Even removing the entire snap/flatpak subsystems didn't fix it because they have so many hooks in to so many places. It's a stupid design.
If you catch it at install time it's still easy to eliminate it from Kubuntu... for now. The first thing I do on a new Kubuntu install is purge snapd and install a real firefox, and then I only still have systemd and pulseaudio to curse at. It's really too much hassle to eliminate those, sadly.
Re: (Score:2)
Luckily it is not for anything really important, but I'm going to have to ditch it and start again at some point which is going to be lots of work.
Re: (Score:1)
Re: (Score:3)
Can't, too much software is written in it and apparently not getting updated.
One example is CHIRP, which is still a python 2 app. They claim the primary platform is Linux but you can't actually run it directly on modern Linux because of missing Python 2 deps, and they distribute a flatpak.
Re: (Score:3)
Can't, too much software is written in it and apparently not getting updated.
That is self-fulfilling. If Python 2 is supported as a base application in every distribution, there is little motivation for projects to update.
Python 3 has been available for 14 years. Yet, in many distros, typing "python" at the command line still runs Python 2.
That's bullcrap.
Re: (Score:2)
It's dumb that still happens. But then, it's dumb so much stuff runs on Python anyway, there's no putting a good face on it
Re: (Score:2)
If Python 2 is supported as a base application in every distribution, there is little motivation for projects to update.
Python 3 has been available for 14 years. Yet, in many distros, typing "python" at the command line still runs Python 2.
That's bullcrap.
Maybe Python 2 vs 3 is like Perl 5 vs 6 (released in 2015, though reportedly not intended as a replacement for v5) in that the older version is "good enough" and the newer version doesn't offer enough to migrate the (small) set of incompatibilities.
Re: Python 2?! (Score:2)
I've used python 3 exclusively for the past 5-6 years and as a long time Python user 3 is much better than 2 ever was. The biggest improvements are type annotation, which combined with mypy allow us to detect bugs and safely refactor code in larger projects; the pathlib library that makes file paths manipulations a breeze, the built-in mock library that makes unittesting much easier, the improved subprocess library, just to name a few.
Python 3.11 is bringing solid speed improvement, and further improvements
Re: (Score:2)
Re: (Score:3)
Python 2 will die when programs written for it fall out of use. Until then it's a core part of a system that absolutely needs security updates and support. Regardless of what you think of it, just saying "fuck off" is the worst of all possible options.
Re: (Score:2)
having spent its corporate life stealing work from Debian
For someone criticising someone else on knowledge of what Linux is and isn't you certainly seem to have zero clue how open source works.
Re:Python 2?! (Score:4, Insightful)
Fuck off.
Why would you say that? There are lots of programs out there which still depend on Python 2. Python 2 didn't magically stop working when 3 came out. Why would you say "fuck off" to someone providing essential security updates for long term service releases?
Not everything needs the latest new shiny.
Re: (Score:2)
Fuck off.
Why would you say that? There are lots of programs out there which still depend on Python 2. Python 2 didn't magically stop working when 3 came out. Why would you say "fuck off" to someone providing essential security updates for long term service releases?
Not everything needs the latest new shiny.
I doubt the ability of Canonical to make a sieve waterproof.
Re: (Score:2)
I doubt the ability of Canonical to make a sieve waterproof.
No one cares if the sieve is waterproof. A person cares if there's an active exploit running on one of the holes in the sieve, and whether that hole is still open or not is fundamental to that person.
Canonical isn't doing anything here other than maintaining patching and support for older Python libraries. They aren't the ones trying to make the sieve waterproof, they are just distributing the vendor provided duct-tape.
Will soon require Ubuntu accounts to log in (Score:2)
Re: (Score:2)
Re:Will soon require Ubuntu accounts to log in (Score:4, Informative)
Re: (Score:2, Informative)
So, ubuntu's apt plugin to handle distribution upgrades has an ad for their longer-long term support stuff, and that means "ads in the command line"
Re:Will soon require Ubuntu accounts to log in (Score:4, Insightful)
Not the parent, but I agree with them.
You agree with them what?
That Ubuntu will replace local accounts with Ubuntu pro accounts Windows 11 style?
Or that they put ads on the command line".
Because both are pretty funny claims.
I mean on 1, are we proposing that Ubuntu is going to ship a GNU userspace with PAM entirely locked down, only allowing authentication via "Ubuntu Pro"?
On 2, we're now defining a free service promoted via an update command on a free operating system as "advertising?"
This is advertising and this kind of bullshit has no place in a Linux distro.
Says who? Do you speak for "Linux distros"?
Riddle me this, AC.
When that same command outputs "Ubuntu 22.10 is out! Type [blah] to upgrade!", are you equally infuriated?
Does that belong on Linux distros, by your wise reckoning?
Re: (Score:2)
They clearly put ads into sudo.
I do not want to be advertised to at all by my OS, let alone in the command line where I'm doing important shit and don't need distractions.
You're normalizing abuse. It's shit behavior. This is my surprised face.
Re: (Score:3)
They clearly put ads into sudo.
No, they did not.
I do not want to be advertised to at all by my OS, let alone in the command line where I'm doing important shit and don't need distractions.
The don't pay for another OS.
It is a free OS advertising a free service. It happens in precisely the same apt plugin that lets you know there is a new dist-upgrade available, and can be disabled in exactly the same way.
You're normalizing abuse. It's shit behavior. This is my surprised face.
You're normalizing reacting from a position of ignorance. This is my surprised face.
Re: (Score:2)
It is a free OS advertising a free service.
Which is itself an advertisement for a commercial service. There is no level on which it is not an advertisement.
It happens in precisely the same apt plugin that lets you know there is a new dist-upgrade available, and can be disabled in exactly the same way.
That's slightly less offensive, but still bullshit.
Re: (Score:2)
Which is itself an advertisement for a commercial service. There is no level on which it is not an advertisement.
The free version is an advertisement for a commercial service?
Somehow I doubt there's a lot of overlap for people who will be utilizing the free ESM and people who will be paying for it.
That's slightly less offensive, but still bullshit.
So advertising for ESM (previously called Ubuntu Advantage, IIRC- an additional 5 years of support for the release you're on) is bad, but advertising for the next release is ok?
Re:Will soon require Ubuntu accounts to log in (Score:5, Informative)
# This service only runs on GCP to enable auto-attaching to Ubuntu Advantage
# services when an Ubuntu Pro license is added to a GCP machine.
# If you are uninterested in the (free for personal use) Ubuntu Advantage
# services, including security updates after standard EOL and kernel patching
# without rebooting, then you can safely stop and disable this service:
# sudo systemctl stop ubuntu-advantage.service
# sudo systemctl disable ubuntu-advantage.service
If you happen to find yourself using a GCP image and running into this affront to all that is good in the world, this is how you stop it from pulling in new messages.
To delete the existing messages, you'll want to clear out
Let me know if you need additional help disabling the motd, which has had Kubernetes advertising in it for what seems like forever.
Re: (Score:2)
Re: (Score:2)
Technically yes, it does, but whether anyone should care is another issue. There's a world of difference between the ads people generally find irritating and a burden to endure, and a two liner making system administrators aware of a vendor provided service they may find useful.
No, it doesn't.
No more than ads in the motd mean that, which have been there for ages.
This is linux, let's not misuse "the command line" to mean any command run on a tty.
Re: (Score:3)
I think it's position is more to do with the fact that it is thermonuclear flamebait than anything else. That image is lovecraftian-tier cursed. I would not be massively bothered by that "ad", it is not a commercial offering at that level. I view it more as a PSA.
Re: (Score:2)
2 operating systems that have actual ads in them.
Mind fucking blown.
I see it no different than the same text that pops up telling you the next LTS is available.
Re: (Score:2)
It reminds me of old craigslist ads that have reflections of the very naked, very obese photographer in the photo of the product up for sale. I can only hope that image was created in the same spirit.
G0dd@mmit (Score:1)
But... it's PRO (Score:2)
Does PRO mean "for idiots"? Asking for a friend.
Re: (Score:2)
They already deliver Python 2 with Ubuntu, or at least it's in the repo. But they only offer library support for 3, so if you want support for stuff like GTK you have to build it yourself.
TANSTAAFL (Score:3)
Their ain't no such thing as a free lunch. I trust Canonical about as much as I trust Google or MSFT, so there's got to be something in it for them, whether it's nagging people to upsell them, locking them in to Canonical's infrastructure, or collecting surveillance data. I'll stick to stock Debian, thanks.
Re: (Score:2)
I trust Canonical about as much as I trust Google or MSFT
So good enough to run critical infrastructure for megacorporations and governments the world over? Man I trust Canonical far less than that.
Re: (Score:2)
This only covers "main" (Score:3)
To me, it looks like Canonical is getting jealous of the Debian ELTS thingy, and is trying to apply a commercial model. Future will say if it's a good idea, or a major failure.
Repository (Score:2)
Is this ubuntu-PRO in fact an extra software repo with software updates that can be installed using apt-get?
Does anybody know the name of the repo, so I can install the repo without an extra ubuntu account?
And why not just update the complete ubuntu instead of this ubuntu-PRO ??