Ubuntu ‘Bionic Beaver’ 18.04 LTS has landed

The release of Ubuntu 'Bionic Beaver' 18.04 is important. Not only is it the LTS – with five years’ worth of support – that will see millions of users installing Ubuntu for the first time with GNOME firmly nestled in the desktop environment slot, but it could be the release that sees Canonical, the company behind Ubuntu, through IPO. We spoke to Will Cooke, Canonical's desktop director and David Bitton, engineering manager of Ubuntu Server, about the overall goals for Ubuntu 18.04 LTS and future plans.

WILL COOKE: So we’re at another LTS release, which comes with five years’ worth of support. And that’s important to our typical user base, because they don’t want to be having to… well, they want to be safe in the knowledge that the platform that they’re working on, and that they rely on, is going to be secure and up to date, and is going to be kept running for a long time.

Typically, we find that most of our users like to install it once, and then leave it alone, and know that it’ll be looked after itself. That’s more important in the cloud environment than it is on the desktop, perhaps. But the joy of Ubuntu is that the packages that you run on your desktop – let’s say that you’re a web developer, and you want to run an Apache instance and a MySQL instance, and you want to have your developer tools on there. You can do all of that development on your machine, and then deploy it to the cloud, running the same version of Ubuntu, and be safe in the knowledge that the packages that are installed on your desktop are exactly the same as the ones that are in your enterprise installation.

And having those supported for five years means that you don’t have to keep upgrading your machines. And when you’ve got thousands of machines deployed in the cloud in some way, the last thing you want to be doing is maintaining those every single year and upgrading it, and dealing with all the fallout that happens there.

So the overarching theme for Ubuntu in 18.04 is this ability to develop locally and deploy to – either the public cloud, to your private cloud, whatever you want to do – your servers. But also edge devices, as well.

So we’ve made lots of advances in our Ubuntu Core products, which is a really small, cut-down version of Ubuntu, which shifts with just the bare minimum that you need to bring a device up and get it on the network.

And so, the packages that you can deploy to your service, to your Desktop, can also be deployed to the IoT devices, to the edge devices, to your network switches – you know, across the board. And that gives you a really unparalleled ability and reliability to know that the stuff you’re working on can be packaged up, pushed out to these other devices, and it will continue to work in the same way that it works on your Desktop as it does on all of these other devices.

And a key player in that story is the snap packages that we’ve been working on. These are self-contained binaries that work not only on Ubuntu, but also on Fedora or CentOS or Arch.

So as an application developer, for example, […] you can bundle up all of those dependencies into a self-continued package, and then push that out to your various devices. And you know that it will work, whether they run Ubuntu or not.

That’s a really powerful message to developers: do your work on Ubuntu; package it up; and push it out to whatever device that is running Linux, and you can be reliant on it and continuing to work for the next five years.

Ubuntu 18.04 has a strong focus on snaps. This is a new package format, which enables app developers to bundle their software, with all dependencies included, into a secure, sandboxed container that runs on Ubuntu Linux (and other support Linux distributions, such as Solus). This has prompted many high-profile but proprietary software products, including Slack and Skype, to appear in the Snap Store in time for the new release. 

What is the common problem that developers have with DEBs and RPMs that’s led to the development of the snaps format?

WC: There are a few. Packaging DEBs – or RPMs, for that matter – are a bit of a black art. There’s a certain amount of magic involved in that. And the learning process to go through it, to understand how to correctly package something as a DEB or RPM – the barrier to entry is pretty high, there. So snaps simplify a lot of that.

Again, part of the fact, really, is this ability to bundle all the dependencies with it. If you package your application and you say, “OK, I depend on this version of this library for this architecture,” then the dependency resolution might take care of that for you. It probably would do.

But as soon as your underlying OS changes that library, for example, then your package breaks. And you can never be quite sure where that package is going to be deployed, and what version of what operating system it’s going to end up on.

So by bundling all of that into a snap, then you are absolutely certain that all of your dependencies are shipped along with your application. So when it gets to the other end, it will open and run correctly.

The other key feature, in my mind, of snaps, is the security confinement aspect. X.Org, for example, is a bit long in the tooth now. It was never really designed with secure computing in mind. So it’s fairly easy— well, not necessarily X.Org actually, but the whole OS; if something is running as a root, or it’s running as your user, then it has the permissions of that user that’s running it.

So you can install an application where the dev, for example, could go into your home directory, go into your SSH keys directory, make a copy of those, and email them off somewhere. It will do that with the same permissions as the user that’s running it. And yeah, that’s a real concern.

With snaps and confinements, you can say, “This application, this snap, is not allowed access to those things.” It physically won’t be able to read those files off the disk. They don’t exist as far as it’s concerned.

So from a user’s perspective, you can download this new application because you heard about it on the internet. You don’t know what it is, you don’t know where it comes from, but you can install it and you can run it, safe in the knowledge that it’s not going to be able to just walk over your disk and have a look through all these files that you don’t necessarily want it to have access to.

So that, in my mind, are the two key stories. The write once run anywhere side of things, and then the confinement security aspect as well.

Apps and Themes

In terms of the features for 18.04, and I guess 17.10, how much of an impact has the Ubuntu Desktop Survey that you did had on your road map?

WC: Well, yes, pretty good. We’ve ticked off a lot of those. The interesting thing from my view was the kind of approval about what it is that we’re doing. If you can remember the results and the graphs that went out, by and large the choices that people were making about their preferred desktop environment, their preferred default applications, their preferred browsers, and that kind of thing, was entirely in line with what it is that we’re already doing.

So it was kind of vindication for the technical choices that we’ve made over the years, to say that, “Yes, this is what people are looking for. This is the sort of thing that people want.” There was one outlier there, I think, which was VLC, which we are not shipping by default at the moment. That’s available as a snap package. So it’s dead easy for people to go and grab that if they want to install it.

So have they got htop?

WC: Yeah, I think they have now. David, you’ll know better than me. Did that make it in?

David Britton: Yeah. Actually, we have news there. Htop will be on the default server install. So if you have a server anywhere, you can run htop. I know that’s a huge request in the community!

We gather one person requested eMacs for everything.

DB: That, unfortunately, won’t be in the default server. [laughs]

Apart from VLC, were there any other surprising results that made you step back and reconsider or assess a different route for both Desktop and Server editions?

WC: Yeah. There was one thing that stood out for me, which I was very surprised by, and that was how many people are using LibreOffice still. I use Google Docs for Work, and I tend to use it if I’m writing a document from home or managing finances and that kind of thing at home. So I kind of assumed that everyone else did as well. And people that I speak to tend to use Google Docs.

But going out to the community and asking for their feedback, they made it very, very clear that people still rely on, and use heavily, LibreOffice and all of its components. So that was something I thought, “Maybe we don’t need LibreOffice by default.” But that was made very clear that we do.

The proposed community theme isn’t in 18.04 but you can try an early snap using the following in the terminal: snap install communitheme. Alternatively, you can wait for 18.10.

That is quite interesting. In our workplace, we have a combination of the two. We have LibreOffice and the company also uses Google Docs as well. It’s interesting, a lot of people are using SaaS (Software as a Service) products now.

WC: Yeah, and I think that that trend of more and more people using software as a service is only going to increase. I do wonder if in the future, there’ll be some catastrophe, like AWS will go down, and suddenly everyone will wish their servers were back on premises again. But I think that Amazon have probably got a handle on keeping things running.

But what it does mean is that a lot of the computer power that goes into your day-to-day computing is being moved into the cloud. So perhaps […] you could be looking at running thin clients more and more, that literally just run a browser.

An Ubuntu Desktop is really well-suited to that job. Dell has recently bought Wyse, the thin client, and those guys are running Ubuntu on there. The most important thing on your SaaS end-point is the browser. We’ve got Chromium and Firefox and Chrome and Brave. […] with the exception of Internet Explorer, we’ve got all of the major browsers there, bang up to date.

Mozilla have recently repackaged Firefox as a snap now, so you can get the definitive version of Firefox direct from Mozilla. That’s what Mozilla want, really. They don’t want lots of different, slightly tweaked versions of Firefox out there. They want you to know that when you download and install Firefox, you’re getting the one that they want.

So again, snap packages suit those guys, because they can publish it themselves. They can push it out to their own users directly. And part of the flexibility of snaps is the ability to have tracks and channels. So you can have a stable track, which the LTS users would sit on, and they would continue to have the supportive browser.

And for those guys that want something a bit more cutting edge, or if you’re a web developer and you want to try the new versions, that’s available as well. It’s dead-easy to just switch between those two versions. So for a developer’s perspective, just for trying out new versions of software before they’re released, snaps make that very easy.

Going on to talk about aesthetics a little, I wondered how the new Ubuntu community theme (Communitheme) was progressing?

WC: It’s going well, yeah. So it’s not quite good enough for 18.04. There’s still quite a few bugs that need fixing, specifically around GTK+ 2 applications. GTK+ 3, I’d say, is pretty much done now, theme wise. GTK+ 2 applications – there’s only a few of them, but there are some bugs that need fixing there.

But yes, it’s looking really good. It looks fresh, it looks very professional. […] So we’ll be looking to ship that in 18.10. But in the meantime, we’re also working on getting it packaged up as a snap, as you wouldn’t be surprised to hear, for 18.04 users to install. So if you want to try the new theme, you can snap install it, log into a new session which will give you that theme. […] and that snap will be refreshed pretty much every single night. […] In the next cycle, he 18.10 cycle, we should see it on there by default, which is very exciting.

Wayland and new technologies

The switch to X.Org from Wayland as the default, I wondered if you could explain the reasoning for doing that?

WC: Yeah. So when we started with GNOME Shell in 17.10, Wayland was looming large, and we thought, “This is our opportunity now to switch to Wayland.” The benefits of Wayland come back to the security story. For example, applications can’t snoop on other applications. They can’t steal keyboard input events from other applications. You can’t pop up an invisible window over the top of another application and steal things that way.

So security-wise, Wayland is definitely much better than X.Org. So if we were intending to ship Wayland in 18.04 and then support it for five years, we had to be sure that it met not only our quality requirements, but the use cases for our users.

So we shipped it in 17.10 as the default, and then if there were problems with it, you could quite easily switch to X.Org […]. The feedback we got from our users was: it’s not quite stable enough, and that’s a combination of bugs in Wayland, bugs in display drivers, strange hardware that’s out there […]. And the other one was screen sharing, and that was a really critical request. Lots more people do screen sharing than I thought. Again, […] people are sharing their screens all the time to do presentations and that kind of thing. So Wayland, at the moment, doesn’t allow that. It’s in the works, and it will come in time, but it wasn’t there today.

There are other weird edge cases, like certain applications that need to run as root, you have to jump through a few hoops in order to get them to open up on your Wayland session on your desktop. It hasn’t worked that way for the past 10 years. So suddenly, it does, and we were getting a lot of bug reports saying a particular application is broken. But it’s not – you just need to learn a new way of working. We thought the LTS release was not the time to be making these changes on top of all the other things that we’ve changed.

Ubuntu 18.04 includes GNOME 3.28, with tweaks and customisations designed to improve familiarity for long-term-support users used to the Unity desktop environment

There are a couple of technologies that seem to be in the pipeline (sorry) as well, in regard to that: Pipewire for screen sharing – can you tell us more about that and also when the GNOME Shell 4 is going to pop up?

WC: So Pipewire’s been described as PulseAudio for video. That’s quite a tidy explanation. But the problem with that is, in the early days of PulseAudio, it didn’t have a stellar reputation. I think that they are quite keen to avoid drawing those similarities between the two projects.

But it will give us a pipeline video bus, if you like, where you can plug different bits in at different places – as you can with audio. You could have audio coming out of your speakers. You could have it coming out of remote speakers. It could be streamed over the network. It could be written to disk. All of these things you can do with audio, you’ll be able to do with video.

Part of that API is that it’s a natural fit for screen sharing, for there to be another thing for you to dump video into that can then be picked up by other applications, and processed and streamed and all the other kind of things.

That needs those applications to support the API, and they won’t do that until it’s finished and is stable. So it’s still relatively early in the development cycle of Pipewire. It will probably make an appearance in 18.10 – certainly 19.04.

And then hopefully, the browsers, for example, will pick up on it, and integrate support for it into their packages, and then we’ll be in a good place to leverage it.

So yeah, it’s coming soon. And what was the other question?

It sounded like GNOME shell 4 was going to solve quite a lot of problems.

WC: Yeah, definitely. The GNOME shell 4 shell is a bit of a strange topic. GNOME tell me they have never said there is going to be a GNOME shell 4. There will be a GNOME 4 – you know, a new version of all the libraries and all the applications and all that kind of thing. But they haven’t actually committed to doing a whole new shell or changing the way that it works.

I think that that will change. It may already have changed. But one of the changes that they were making there was the overall architecture. So if the display server crashes, it doesn’t take out the underlying shell and all of the applications with it. 

At the moment, if the compositor mutter in the GNOME stack crashes in Wayland, it crashes Wayland and it crashes your entire session. So you’re thrown back to the login screen, and all of the applications that you’re running get killed and you’re back in the position of just switching your machine on.

So if you’re in the middle of a LibreOffice document, there’s a chance that it’s been auto-saved, but there’s also equally a chance that it hasn’t, and you’ve lost all of that work. And that was happening too frequently. I mean, it happening at all is too frequent, really, but this was happening once a day to some people, and more frequently to others.

So yeah, this was acknowledged as being a considerable problem. One of the considerations for GNOME 4 was for them to change this architecture to be more like X.Org, where if the display server crashes or a component in that stack crashes, it doesn’t take your whole session with it – that the display serve can restart and the shell can restart, and all of the applications will continue running in the background. So that when it does all restart, you’re back where you left off. And if it happens quick enough, you might not even notice that there was a problem.

So yes, that’s something that’s certainly been talked for GNOME 4. I think we will see that sooner rather than later.

On the GPU side of things, you’ve been working with NVIDIA and AMD to improve the support. I’m curious to understand, though, how things are going to improve? From what I gather, NVIDIA doesn’t support some of the APIs that are required for the Wayland compositors. I’m wondering if that means that Wayland’s ever going to reach a level of stability that’s acceptable for an LTS?

WC: Yes, it will do, I’m pretty sure of that. There were some changes in the APIs which meant there was some incompatibility there. But they’re being addressed. There were known issues, known bugs, and they will be fixed, no doubt about that.

Right, so there’s no question that NVIDIA is just not interested in Wayland and don’t want to incorporate—

WC: No, no, they definitely care about that. But also, we’ve got a really good reputation with NVIDIA through their deep-learning AI side of things as well. The deep-learning stack that comes from NVIDIA, it’s all built on Ubuntu. So we have a really good relationship with those guys already. […] And these sorts of issues, not only the massive parallel processing compute side of things, but also the graphical side of things is being discussed directly with those graphics card vendors on a regular basis.

So yeah, I have no doubt that we’re in a good position to be able to get those bugs fixed. And they do care. They absolutely do care.

Ubuntu Server enhancements and experiments

You’ve been also been experimenting with Zstandard compression, how’s that going?

DB: I can talk about that. […] I think the version that went into Xenial was an older version experiment in 16.04. That gives you an idea of how new the library is. We did some work, this cycle, to bring back the latest supported version of Zstandard back to Xenial. And then there’s also been some talk on the APT compression front, offering Zstandard as the alternative to GZIP and XZ compression and the other compression types that are there.

And then possibly changing that in the 18.10, maybe 19.04 timeframe, for the default, for APT compression. We were looking at it for 18.04, but it’s just a bit too early to make that kind of a change.

Is it quite a significant improvement that it supplies?

DB: Like all compression libraries, it’s dependent on the thing that you’re compressing. And also, there’s a compute and memory trade-off that’s always involved. So the numbers that were posted, and that we’ve tried so far, are just not representative enough of a large enough sample for us to be confident that it’ll be an improvement in all cases. That’s one of the reasons that we’re not there yet for 18.04. It looks very promising, but it looks more like an 18.10 timeframe where we’ll have that data.

David, could you give us an overview of the Ubuntu Server?

DB: So, as Will said, as Will’s hinting at in multiple answers, Ubuntu Server is used in the CD that you download off of the web page. But the usage is just so much broader than that.

So there’s enterprise usage that gets installed with MaaS. MAAS is our ‘Metal as a Service’ product where you can deploy large-scale servers in your data center with an image. Also, we have usage in Docker, Kubernetes, Vagrant, all the way up to the clouds.

So all of those things kind of use a version of Ubuntu Server. So the breadth of the mechanisms that people install on a bunch of servers is very large. So one of the big things that we’re announcing with 18.04 is what we called the Ubuntu-Minimal Project. I don’t know if you’ve read about that.

Is that the minimal installation?

DB: There are two things called Minimal […]. There’s one that’s the Minimal Desktop as well. But this one is the Ubuntu-Minimal Server. It is a reduced-sized Ubuntu that is really targeted at environments where there is not going to be a human interacting with the server.

So just like in a Desktop, the Ubuntu Server is focused on making the experience very, very nice and comfortable for a human to interact with. Even though it’s just a command line, we want that to be a very nice, first-class experience.

Ubuntu-Minimal strips out those creature comforts, and it really brings the installation down to a bare minimum that is necessary for you to be able to log into the machine. So there’s SSH running, and apt get install anything that you need to facilitate your application. So it’s meant to be running in a headless environment entirely, and ideally nobody will ever interact with it – only if there’s a problem that comes up, and they need to debug something.

So this is great in the Docker and Kubernetes cloud instances of the world, where you spin up thousands of them, and they’re all configured exactly the same way, and you want it to go as fast as possible and be as lightweight as possible.

The Subiquity installer brings much needed improvements to the ease and speed of server installations

What sort of size are we talking for Ubuntu-Minimal now?

DB: Yeah, the nice thing about that is, it’s improving all the time. So the last numbers I have are from a few weeks ago. I don’t know what they’re at right now. But a few weeks ago, it was in the ‘40% smaller than Ubuntu’ range. Again, those things are just stripping out stuff like editors, documentation – because a human reads documentation, and a machine doesn’t read it. Things like that. Things that people interact with. Some command lines utilities get installed but just don’t need to be there.

Like the desktop, you also ran a survey for the server side of things. What responses did you get from that?

DB: Yeah. In fact, Ubuntu-Minimal came out of one of those feedback requests that we did. A couple of the other headline items that I have to talk about are related to feedback.

Another way to get Ubuntu installed that we’re changing in 18.04, is going back to that first time that I mentioned, downloading the CD image, or the DVD image, off of the website. That was a bit of feedback that we received from the community, that the old Debian installer – that was the name of the tool that’s used to create that old installer for Ubuntu Server – was just clunky and hard to navigate. So we spent time over the past couple of cycles making a new server installer, based on that feedback.

The server installer name is called Subiquity. So the Desktop installer is Ubiquity, but the Server would be Ubiquity with an ‘S’ in front of it. So Subiquity. That is a new image-based installer that goes significantly faster than the old package-based installer. And also, it asks you far fewer questions. So the idea is that it asks you how to configure the network, how you want to configure your disks, and then install. So that nice ‘just press Enter workflow’ through the program takes just a few minutes to get through, and you’re done. So we’re really looking forward to feedback on that bit of effort that we’ve put into 18.04.

Moving on to other things that we got feedback on; one that’s coming up is: networking has always been difficult to configure on Ubuntu. It is something that is called etc/network/interfaces or ENI, for short. That is a legacy system that spans multiple generations of Unix in different forms.

In the modern world, there are two ways to configure networking. One is a network manager that is used mostly on desktops and IoT devices. The other one is system.network, which is a systemd module for configure networking. Which we are targeting for the server environment.

Since there’s these two different ways to configure it, they have their own little quirks. Ubuntu is launching, in 18.04, a tool called netplan.io, which, if you go to that website, you can see how they use netplan. It’s just a configuration generator. So you type in a very simple YAML format – how you want your network to look. It can be as simple as three lines. It will render the correct backend networking data for either the network manager or systemd-networkd – whichever system you happen to be on. It kind of simplifies the way that you can view networking.

Magic and bare metal

It seems like YAML transformed a lot of the configuration side of maintaining lots of servers.

DB: Yeah, I think it’s a very simple configuration format. It also has some compatibility with JSON. It really gets out of the way. There was a move to standardise on something like XML, which was nice for computers to read and produce and store data, but it was very poor for humans to read. So YAML’s kind of taken the other approach of making it very easy to parse with your eyes, and to view and edit as a human. I think even though it has a few quirks with presentation, it still is a much nicer unified format for editing.

Again, it came from feedback. One you’ve already hinted at, which is a small thing, but people clamour for it – htop. Anywhere that Ubuntu Server is installer, htop will now be available and supported by Canonical. That is a big one. Sysadmins have been asking for it for a while.

The last one that I kind of wanted to bullet point was LXD 3.0, which is Canonical’s supported container solution […] and the big feature with LXD 3.0 is clustering. So you will now be able to cluster together multiple LXD servers into just a lightweight development cloud where you can make requests of it, and spin up containers and delete them. A team of people can operate on that little LXD cluster.

Does that come with a dashboard model setup?

DB: No. It’s targeted at a team of developers, not something that you’d spin up to replace OpenStack or anything like that. It’s just a nice way for people to centralise their LXD workloads that they’re already running on their developer workstations – if they need to.

Livepatch, part of Canonical’s Ubuntu Advantage program, is being promoted heavily again. This installs hot patches for the Linux kernel, so it’s always up to date with any major CVEs (vulnerabilities) that are discovered. It’s also free to use for up to three machines.

Do you get involved with Conjure-up [a front-end that uses JuJu] and how that’s been received as well, from people who use it?

DB: Yeah. Conjure-up is, again, available as a snap. If you want a snap, install conjure-up and try it out. That is our way to demonstrate and try out some of the big software technologies that we have. I think the two main ones that I want to call attention to are OpenStack, which as you know, in a production setup requires tens and dozens of servers. So just spinning that up locally already lets you ‘proof of concept’ something that will be very difficult to acquire than a number of compute resources that you need to try it out.

Then the second thing that we install via conjure-up is what we call the Canonical distribution of Kubernetes, which is the newer way to try out Kubernetes. It’s a one-button experience to get Kubernetes running on a series of LXD containers, and see exactly how it functions, and how you interact with it before you go and deploy it onto your bare metal somewhere.

So conjure-up, I think the experience of 18.04 has just been refined. We don’t have a tonne of improvements from 17.10, except for bug fixes and stability, and just making that experience nice and smooth and polished. That’s what our focus has been on in 18.04.

Could you explain the benefits of Metal as a Service (MaaS), and give us a clearer understanding of that?

DB: MAAS has quite an elastic goal. It’s to model your data center. So, it really transforms the way that you manage machines and physical hardware in your data centre. So it has the ability to model your networking that you have in your data centre, and to say which VLAN connects to where… you know, which machines can see which VLAN.

It also has just the concept that these machines all fit into the same rack. They all share kind of an availability zone in the cloud. If these ones go down, you know, they’re all connected in the same kind of fault domain.

So it has some of those data center concepts in it. But once you get it installed and once you’re using it, it is a tool that’s used to just launch operating systems on machines. Instead of having a machine that is long-running and can never change and takes a dedicated administrator to do software updates on it.

You can treat your physical hardware, just like it were in a cloud. And you can launch it with a cloud in its script. You can use other deployments and technologies like Juju and Ansible to launch other Ubuntu instances. And then they come up fresh, and they’re ready to go. You can leave them long-running, or you can just say, “I’m done with it. I’ve released it back into the pool. I’ve other available machines to use.”

It’s really about transforming your data centre into something that resembles the new cloud world that we live in.

At what scale does that become really beneficial?

DB: The nice thing about MaaS is, I have a MaaS running at my house with six machines that I use with six little NUCs for doing testing. If I need to know what Ubuntu looks like and how it’s functioning on a physical machine, and I need to tie those physical machines together in a VM… and, you know, I’m kind of at the limit of the VMs I can launch, I can just use MaaS to spin that up in my own little test lab that I have. Which, again, is just six NUCs that I have. 

So you can go down to whatever the smallest workload size that you want for a test lab. It can also scale up to the thousands of nodes that are in the data centre. It has the concept of a rack controller, and the region controller. So a rack controller, instead of the top of each rack in a data centre, you’ll be able to host images and handle the network traffic that’s necessary.

But then your region will be your entire data centre. That is all handled in the architecture of MaaS. It really is nice in that way. It scales down to the test lab, and up to the production environment.

If you do operating system testing at all, it’s a fantastic tool.

I did want to mention one other thing, since we’re talking 18.04. The Ubuntu Advantage product that we have – I know that that’s not always the most interesting to end developers and to single users of Ubuntu. But as Ubuntu is used in just so many large-scale applications, we do have a product that we’re continuing for 18.04 called Livepatch.

In 18.04, we’re definitely carrying that forward. The cool thing about Livepatch is it installs hot patches for your kernel, so that you’re always up to date and secure with any of the major CVEs or vulnerabilities that come out. 

But it is also available as a free service for up to three computers for anybody that signs up for it with Canonical. It’s not just something that you need to come to Canonical and set up an account and pay for on a monthly basis. That’s really what we’re targeting large-scale users of Livepatch. But just for the people that are running their own workstation at home or their own little test lab that they have like I do, they can go and get Livepatch; and next year, any machine that’s long-running can be up to date with kernel hotfixes that come out.

Proprietary creep and encryption changes

Will, did you notice from the desktop survey whether you had any feedback about what apps people felt were missing generally in the Linux world?

WC: It’s tricky to say. Because the people who responded to that survey are obviously already Linux users, and so have already come to terms with the fact that there is no Microsoft Office, and there is no Photoshop, and there is no whatever music packages – you know, those kinds of things that people are used to using on Macs and Windows.

So I don’t think it’s really a fair reflection on what applications might be missing from the Linux ecosystem, because people have already made that decision to get in bed with Linux and accept some of the drawbacks in order to benefit from a lot of the advantages.

The common request is always around Microsoft Office. LibreOffice does provide good compatibility with that. So I think that’s more of an educational problem than it is a technical one. But by and large, there are always free and open alternatives to the proprietary applications. I think it’s just about getting the word out there, and letting people know that these applications exist.

I think the snap store is a good way of doing that, because it gives you a centralised place to go looking for applications, rather than searching around on Google and finding something by accident. We can promote the applications, and indeed, we do that through our snap advocacy team. They regularly go through the new applications to test them out. They find the new and exciting one, and they post about them on the Facebook channels and Twitter. We put it on the front page of GNOME software. So we’re able to expose a much wider variety of software to our users than they have been able to access in the past.

So the missing applications? There are alternatives, and we just need to be able to get the word out.

With the official release, a number of community ‘flavours’ will be available, including Ubuntu MATE 18.04. This uses the traditional desktop metaphor, familiar to Windows users, but with a contemporary and enhanced desktop experience.

It’s an interesting situation that you’ve got, because snaps is a format that obviously allows proprietary products to come to Linux much more easily. Do you not feel that there’s a danger that it creates no inclination to open [source] up those products? 

WC: At the end of the day, it’s the users that are going to choose which application they want. We’ve seen a lot of interest in Spotify, for example. It was there, anyway. We’re just making it a lot easier for people to get their hands on it, and indeed they do want to get their hands on it.

From a pragmatic point of view and from a user-friendliness point of view as much as anything, given that all of the other tools that you might need – if you’re a web developer, there are dozens of IDEs. And as we’ve already said, you’ve got the browsers, and you’ve got the back-end database. If what’s stopping you from using Linux is because you can’t listen to Spotify or you can’t use Skype or something like that, because you have to for work, then absolutely, let’s solve those user cases and open it up to more and more people.

The one that I wasn’t sure about – isn't there a filesystem encryption change?  What's the reason for changing to fscrypt? 

WC: Yeah, this is eCrypt. I think that’s the one that was, or is, demoted to Universe from Main. So this was the ability to encrypt your home directory from within the installer. […] The problem with eCrypt – well, rather, the problem with home drive encryption was that we had full disk encryption and home drive, home directory encryption. And those two things were a bit confusing to people. Like: why would I want to do one over the other?

And obviously, encrypting your whole disk is more secure than just encrypting your home drive. So home drive-only encryption was less preferable, or is less preferable. And the eCryptfs application modules themselves are, as far as I know, either not maintained upstream anymore, or are not attracting as much investment now than they were in the past.

So I think the general quality of those packages has decreased. So the security team were of the opinion that it’s not good enough to keep in main anymore. And so if it’s not in Main, it goes into Universe. And then you’re not able to include it by default in the ISO image, because it’s not deemed to be of sufficient quality.

So the knock-on effect is that we then can’t do this home directory encryption from the installer.

UPDATE: “It would be unfair on our users to keep ecryptfs in main for 18.04,” Cooke confirmed later in an email. “If we cannot be 100% certain that it will be supportable for the duration of the LTS life. Whole disk encryption provided by, for example, ext4’s native encryption [LUKS], provides a more secure, lower overhead solution which we think is a better option for users.” 

Ubuntu’s position is that full disk encryption using Linux Unified Key Setup-on-disk-format (LUKS) is the preferred method and eCryptfs has been moved from the main repo to universe, if you still want to use it. Currently, Canonical has confirmed that fscrypt is not considered mature enough to feature in 18.04 but will be a target for 20.04.

Ubuntu ‘Bionic Beaver’ 18.04 LTS has landed

The release of Ubuntu 'Bionic Beaver' 18.04 is important. Not only is it the LTS – with five years’ worth of support – that will see millions of users installing Ubuntu for the first time with GNOME firmly nestled in the desktop environment slot, but it could be the release that sees Canonical, the company behind Ubuntu, through IPO. We spoke to Will Cooke, Canonical's desktop director and David Bitton, engineering manager of Ubuntu Server, about the overall goals for Ubuntu 18.04 LTS and future plans.

WILL COOKE: So we’re at another LTS release, which comes with five years’ worth of support. And that’s important to our typical user base, because they don’t want to be having to… well, they want to be safe in the knowledge that the platform that they’re working on, and that they rely on, is going to be secure and up to date, and is going to be kept running for a long time.

Typically, we find that most of our users like to install it once, and then leave it alone, and know that it’ll be looked after itself. That’s more important in the cloud environment than it is on the desktop, perhaps. But the joy of Ubuntu is that the packages that you run on your desktop – let’s say that you’re a web developer, and you want to run an Apache instance and a MySQL instance, and you want to have your developer tools on there. You can do all of that development on your machine, and then deploy it to the cloud, running the same version of Ubuntu, and be safe in the knowledge that the packages that are installed on your desktop are exactly the same as the ones that are in your enterprise installation.

And having those supported for five years means that you don’t have to keep upgrading your machines. And when you’ve got thousands of machines deployed in the cloud in some way, the last thing you want to be doing is maintaining those every single year and upgrading it, and dealing with all the fallout that happens there.

So the overarching theme for Ubuntu in 18.04 is this ability to develop locally and deploy to – either the public cloud, to your private cloud, whatever you want to do – your servers. But also edge devices, as well.

So we’ve made lots of advances in our Ubuntu Core products, which is a really small, cut-down version of Ubuntu, which shifts with just the bare minimum that you need to bring a device up and get it on the network.

And so, the packages that you can deploy to your service, to your Desktop, can also be deployed to the IoT devices, to the edge devices, to your network switches – you know, across the board. And that gives you a really unparalleled ability and reliability to know that the stuff you’re working on can be packaged up, pushed out to these other devices, and it will continue to work in the same way that it works on your Desktop as it does on all of these other devices.

And a key player in that story is the snap packages that we’ve been working on. These are self-contained binaries that work not only on Ubuntu, but also on Fedora or CentOS or Arch.

So as an application developer, for example, […] you can bundle up all of those dependencies into a self-continued package, and then push that out to your various devices. And you know that it will work, whether they run Ubuntu or not.

That’s a really powerful message to developers: do your work on Ubuntu; package it up; and push it out to whatever device that is running Linux, and you can be reliant on it and continuing to work for the next five years.

Ubuntu 18.04 has a strong focus on snaps. This is a new package format, which enables app developers to bundle their software, with all dependencies included, into a secure, sandboxed container that runs on Ubuntu Linux (and other support Linux distributions, such as Solus). This has prompted many high-profile but proprietary software products, including Slack and Skype, to appear in the Snap Store in time for the new release. 

What is the common problem that developers have with DEBs and RPMs that’s led to the development of the snaps format?

WC: There are a few. Packaging DEBs – or RPMs, for that matter – are a bit of a black art. There’s a certain amount of magic involved in that. And the learning process to go through it, to understand how to correctly package something as a DEB or RPM – the barrier to entry is pretty high, there. So snaps simplify a lot of that.

Again, part of the fact, really, is this ability to bundle all the dependencies with it. If you package your application and you say, “OK, I depend on this version of this library for this architecture,” then the dependency resolution might take care of that for you. It probably would do.

But as soon as your underlying OS changes that library, for example, then your package breaks. And you can never be quite sure where that package is going to be deployed, and what version of what operating system it’s going to end up on.

So by bundling all of that into a snap, then you are absolutely certain that all of your dependencies are shipped along with your application. So when it gets to the other end, it will open and run correctly.

The other key feature, in my mind, of snaps, is the security confinement aspect. X.Org, for example, is a bit long in the tooth now. It was never really designed with secure computing in mind. So it’s fairly easy— well, not necessarily X.Org actually, but the whole OS; if something is running as a root, or it’s running as your user, then it has the permissions of that user that’s running it.

So you can install an application where the dev, for example, could go into your home directory, go into your SSH keys directory, make a copy of those, and email them off somewhere. It will do that with the same permissions as the user that’s running it. And yeah, that’s a real concern.

With snaps and confinements, you can say, “This application, this snap, is not allowed access to those things.” It physically won’t be able to read those files off the disk. They don’t exist as far as it’s concerned.

So from a user’s perspective, you can download this new application because you heard about it on the internet. You don’t know what it is, you don’t know where it comes from, but you can install it and you can run it, safe in the knowledge that it’s not going to be able to just walk over your disk and have a look through all these files that you don’t necessarily want it to have access to.

So that, in my mind, are the two key stories. The write once run anywhere side of things, and then the confinement security aspect as well.

Apps and Themes

In terms of the features for 18.04, and I guess 17.10, how much of an impact has the Ubuntu Desktop Survey that you did had on your road map?

WC: Well, yes, pretty good. We’ve ticked off a lot of those. The interesting thing from my view was the kind of approval about what it is that we’re doing. If you can remember the results and the graphs that went out, by and large the choices that people were making about their preferred desktop environment, their preferred default applications, their preferred browsers, and that kind of thing, was entirely in line with what it is that we’re already doing.

So it was kind of vindication for the technical choices that we’ve made over the years, to say that, “Yes, this is what people are looking for. This is the sort of thing that people want.” There was one outlier there, I think, which was VLC, which we are not shipping by default at the moment. That’s available as a snap package. So it’s dead easy for people to go and grab that if they want to install it.

So have they got htop?

WC: Yeah, I think they have now. David, you’ll know better than me. Did that make it in?

David Britton: Yeah. Actually, we have news there. Htop will be on the default server install. So if you have a server anywhere, you can run htop. I know that’s a huge request in the community!

We gather one person requested eMacs for everything.

DB: That, unfortunately, won’t be in the default server. [laughs]

Apart from VLC, were there any other surprising results that made you step back and reconsider or assess a different route for both Desktop and Server editions?

WC: Yeah. There was one thing that stood out for me, which I was very surprised by, and that was how many people are using LibreOffice still. I use Google Docs for Work, and I tend to use it if I’m writing a document from home or managing finances and that kind of thing at home. So I kind of assumed that everyone else did as well. And people that I speak to tend to use Google Docs.

But going out to the community and asking for their feedback, they made it very, very clear that people still rely on, and use heavily, LibreOffice and all of its components. So that was something I thought, “Maybe we don’t need LibreOffice by default.” But that was made very clear that we do.

The proposed community theme isn’t in 18.04 but you can try an early snap using the following in the terminal: snap install communitheme. Alternatively, you can wait for 18.10.

That is quite interesting. In our workplace, we have a combination of the two. We have LibreOffice and the company also uses Google Docs as well. It’s interesting, a lot of people are using SaaS (Software as a Service) products now.

WC: Yeah, and I think that that trend of more and more people using software as a service is only going to increase. I do wonder if in the future, there’ll be some catastrophe, like AWS will go down, and suddenly everyone will wish their servers were back on premises again. But I think that Amazon have probably got a handle on keeping things running.

But what it does mean is that a lot of the computer power that goes into your day-to-day computing is being moved into the cloud. So perhaps […] you could be looking at running thin clients more and more, that literally just run a browser.

An Ubuntu Desktop is really well-suited to that job. Dell has recently bought Wyse, the thin client, and those guys are running Ubuntu on there. The most important thing on your SaaS end-point is the browser. We’ve got Chromium and Firefox and Chrome and Brave. […] with the exception of Internet Explorer, we’ve got all of the major browsers there, bang up to date.

Mozilla have recently repackaged Firefox as a snap now, so you can get the definitive version of Firefox direct from Mozilla. That’s what Mozilla want, really. They don’t want lots of different, slightly tweaked versions of Firefox out there. They want you to know that when you download and install Firefox, you’re getting the one that they want.

So again, snap packages suit those guys, because they can publish it themselves. They can push it out to their own users directly. And part of the flexibility of snaps is the ability to have tracks and channels. So you can have a stable track, which the LTS users would sit on, and they would continue to have the supportive browser.

And for those guys that want something a bit more cutting edge, or if you’re a web developer and you want to try the new versions, that’s available as well. It’s dead-easy to just switch between those two versions. So for a developer’s perspective, just for trying out new versions of software before they’re released, snaps make that very easy.

Going on to talk about aesthetics a little, I wondered how the new Ubuntu community theme (Communitheme) was progressing?

WC: It’s going well, yeah. So it’s not quite good enough for 18.04. There’s still quite a few bugs that need fixing, specifically around GTK+ 2 applications. GTK+ 3, I’d say, is pretty much done now, theme wise. GTK+ 2 applications – there’s only a few of them, but there are some bugs that need fixing there.

But yes, it’s looking really good. It looks fresh, it looks very professional. […] So we’ll be looking to ship that in 18.10. But in the meantime, we’re also working on getting it packaged up as a snap, as you wouldn’t be surprised to hear, for 18.04 users to install. So if you want to try the new theme, you can snap install it, log into a new session which will give you that theme. […] and that snap will be refreshed pretty much every single night. […] In the next cycle, he 18.10 cycle, we should see it on there by default, which is very exciting.

Wayland and new technologies

The switch to X.Org from Wayland as the default, I wondered if you could explain the reasoning for doing that?

WC: Yeah. So when we started with GNOME Shell in 17.10, Wayland was looming large, and we thought, “This is our opportunity now to switch to Wayland.” The benefits of Wayland come back to the security story. For example, applications can’t snoop on other applications. They can’t steal keyboard input events from other applications. You can’t pop up an invisible window over the top of another application and steal things that way.

So security-wise, Wayland is definitely much better than X.Org. So if we were intending to ship Wayland in 18.04 and then support it for five years, we had to be sure that it met not only our quality requirements, but the use cases for our users.

So we shipped it in 17.10 as the default, and then if there were problems with it, you could quite easily switch to X.Org […]. The feedback we got from our users was: it’s not quite stable enough, and that’s a combination of bugs in Wayland, bugs in display drivers, strange hardware that’s out there […]. And the other one was screen sharing, and that was a really critical request. Lots more people do screen sharing than I thought. Again, […] people are sharing their screens all the time to do presentations and that kind of thing. So Wayland, at the moment, doesn’t allow that. It’s in the works, and it will come in time, but it wasn’t there today.

There are other weird edge cases, like certain applications that need to run as root, you have to jump through a few hoops in order to get them to open up on your Wayland session on your desktop. It hasn’t worked that way for the past 10 years. So suddenly, it does, and we were getting a lot of bug reports saying a particular application is broken. But it’s not – you just need to learn a new way of working. We thought the LTS release was not the time to be making these changes on top of all the other things that we’ve changed.

Ubuntu 18.04 includes GNOME 3.28, with tweaks and customisations designed to improve familiarity for long-term-support users used to the Unity desktop environment

There are a couple of technologies that seem to be in the pipeline (sorry) as well, in regard to that: Pipewire for screen sharing – can you tell us more about that and also when the GNOME Shell 4 is going to pop up?

WC: So Pipewire’s been described as PulseAudio for video. That’s quite a tidy explanation. But the problem with that is, in the early days of PulseAudio, it didn’t have a stellar reputation. I think that they are quite keen to avoid drawing those similarities between the two projects.

But it will give us a pipeline video bus, if you like, where you can plug different bits in at different places – as you can with audio. You could have audio coming out of your speakers. You could have it coming out of remote speakers. It could be streamed over the network. It could be written to disk. All of these things you can do with audio, you’ll be able to do with video.

Part of that API is that it’s a natural fit for screen sharing, for there to be another thing for you to dump video into that can then be picked up by other applications, and processed and streamed and all the other kind of things.

That needs those applications to support the API, and they won’t do that until it’s finished and is stable. So it’s still relatively early in the development cycle of Pipewire. It will probably make an appearance in 18.10 – certainly 19.04.

And then hopefully, the browsers, for example, will pick up on it, and integrate support for it into their packages, and then we’ll be in a good place to leverage it.

So yeah, it’s coming soon. And what was the other question?

It sounded like GNOME shell 4 was going to solve quite a lot of problems.

WC: Yeah, definitely. The GNOME shell 4 shell is a bit of a strange topic. GNOME tell me they have never said there is going to be a GNOME shell 4. There will be a GNOME 4 – you know, a new version of all the libraries and all the applications and all that kind of thing. But they haven’t actually committed to doing a whole new shell or changing the way that it works.

I think that that will change. It may already have changed. But one of the changes that they were making there was the overall architecture. So if the display server crashes, it doesn’t take out the underlying shell and all of the applications with it. 

At the moment, if the compositor mutter in the GNOME stack crashes in Wayland, it crashes Wayland and it crashes your entire session. So you’re thrown back to the login screen, and all of the applications that you’re running get killed and you’re back in the position of just switching your machine on.

So if you’re in the middle of a LibreOffice document, there’s a chance that it’s been auto-saved, but there’s also equally a chance that it hasn’t, and you’ve lost all of that work. And that was happening too frequently. I mean, it happening at all is too frequent, really, but this was happening once a day to some people, and more frequently to others.

So yeah, this was acknowledged as being a considerable problem. One of the considerations for GNOME 4 was for them to change this architecture to be more like X.Org, where if the display server crashes or a component in that stack crashes, it doesn’t take your whole session with it – that the display serve can restart and the shell can restart, and all of the applications will continue running in the background. So that when it does all restart, you’re back where you left off. And if it happens quick enough, you might not even notice that there was a problem.

So yes, that’s something that’s certainly been talked for GNOME 4. I think we will see that sooner rather than later.

On the GPU side of things, you’ve been working with NVIDIA and AMD to improve the support. I’m curious to understand, though, how things are going to improve? From what I gather, NVIDIA doesn’t support some of the APIs that are required for the Wayland compositors. I’m wondering if that means that Wayland’s ever going to reach a level of stability that’s acceptable for an LTS?

WC: Yes, it will do, I’m pretty sure of that. There were some changes in the APIs which meant there was some incompatibility there. But they’re being addressed. There were known issues, known bugs, and they will be fixed, no doubt about that.

Right, so there’s no question that NVIDIA is just not interested in Wayland and don’t want to incorporate—

WC: No, no, they definitely care about that. But also, we’ve got a really good reputation with NVIDIA through their deep-learning AI side of things as well. The deep-learning stack that comes from NVIDIA, it’s all built on Ubuntu. So we have a really good relationship with those guys already. […] And these sorts of issues, not only the massive parallel processing compute side of things, but also the graphical side of things is being discussed directly with those graphics card vendors on a regular basis.

So yeah, I have no doubt that we’re in a good position to be able to get those bugs fixed. And they do care. They absolutely do care.

Ubuntu Server enhancements and experiments

You’ve been also been experimenting with Zstandard compression, how’s that going?

DB: I can talk about that. […] I think the version that went into Xenial was an older version experiment in 16.04. That gives you an idea of how new the library is. We did some work, this cycle, to bring back the latest supported version of Zstandard back to Xenial. And then there’s also been some talk on the APT compression front, offering Zstandard as the alternative to GZIP and XZ compression and the other compression types that are there.

And then possibly changing that in the 18.10, maybe 19.04 timeframe, for the default, for APT compression. We were looking at it for 18.04, but it’s just a bit too early to make that kind of a change.

Is it quite a significant improvement that it supplies?

DB: Like all compression libraries, it’s dependent on the thing that you’re compressing. And also, there’s a compute and memory trade-off that’s always involved. So the numbers that were posted, and that we’ve tried so far, are just not representative enough of a large enough sample for us to be confident that it’ll be an improvement in all cases. That’s one of the reasons that we’re not there yet for 18.04. It looks very promising, but it looks more like an 18.10 timeframe where we’ll have that data.

David, could you give us an overview of the Ubuntu Server?

DB: So, as Will said, as Will’s hinting at in multiple answers, Ubuntu Server is used in the CD that you download off of the web page. But the usage is just so much broader than that.

So there’s enterprise usage that gets installed with MaaS. MAAS is our ‘Metal as a Service’ product where you can deploy large-scale servers in your data center with an image. Also, we have usage in Docker, Kubernetes, Vagrant, all the way up to the clouds.

So all of those things kind of use a version of Ubuntu Server. So the breadth of the mechanisms that people install on a bunch of servers is very large. So one of the big things that we’re announcing with 18.04 is what we called the Ubuntu-Minimal Project. I don’t know if you’ve read about that.

Is that the minimal installation?

DB: There are two things called Minimal […]. There’s one that’s the Minimal Desktop as well. But this one is the Ubuntu-Minimal Server. It is a reduced-sized Ubuntu that is really targeted at environments where there is not going to be a human interacting with the server.

So just like in a Desktop, the Ubuntu Server is focused on making the experience very, very nice and comfortable for a human to interact with. Even though it’s just a command line, we want that to be a very nice, first-class experience.

Ubuntu-Minimal strips out those creature comforts, and it really brings the installation down to a bare minimum that is necessary for you to be able to log into the machine. So there’s SSH running, and apt get install anything that you need to facilitate your application. So it’s meant to be running in a headless environment entirely, and ideally nobody will ever interact with it – only if there’s a problem that comes up, and they need to debug something.

So this is great in the Docker and Kubernetes cloud instances of the world, where you spin up thousands of them, and they’re all configured exactly the same way, and you want it to go as fast as possible and be as lightweight as possible.

The Subiquity installer brings much needed improvements to the ease and speed of server installations

What sort of size are we talking for Ubuntu-Minimal now?

DB: Yeah, the nice thing about that is, it’s improving all the time. So the last numbers I have are from a few weeks ago. I don’t know what they’re at right now. But a few weeks ago, it was in the ‘40% smaller than Ubuntu’ range. Again, those things are just stripping out stuff like editors, documentation – because a human reads documentation, and a machine doesn’t read it. Things like that. Things that people interact with. Some command lines utilities get installed but just don’t need to be there.

Like the desktop, you also ran a survey for the server side of things. What responses did you get from that?

DB: Yeah. In fact, Ubuntu-Minimal came out of one of those feedback requests that we did. A couple of the other headline items that I have to talk about are related to feedback.

Another way to get Ubuntu installed that we’re changing in 18.04, is going back to that first time that I mentioned, downloading the CD image, or the DVD image, off of the website. That was a bit of feedback that we received from the community, that the old Debian installer – that was the name of the tool that’s used to create that old installer for Ubuntu Server – was just clunky and hard to navigate. So we spent time over the past couple of cycles making a new server installer, based on that feedback.

The server installer name is called Subiquity. So the Desktop installer is Ubiquity, but the Server would be Ubiquity with an ‘S’ in front of it. So Subiquity. That is a new image-based installer that goes significantly faster than the old package-based installer. And also, it asks you far fewer questions. So the idea is that it asks you how to configure the network, how you want to configure your disks, and then install. So that nice ‘just press Enter workflow’ through the program takes just a few minutes to get through, and you’re done. So we’re really looking forward to feedback on that bit of effort that we’ve put into 18.04.

Moving on to other things that we got feedback on; one that’s coming up is: networking has always been difficult to configure on Ubuntu. It is something that is called etc/network/interfaces or ENI, for short. That is a legacy system that spans multiple generations of Unix in different forms.

In the modern world, there are two ways to configure networking. One is a network manager that is used mostly on desktops and IoT devices. The other one is system.network, which is a systemd module for configure networking. Which we are targeting for the server environment.

Since there’s these two different ways to configure it, they have their own little quirks. Ubuntu is launching, in 18.04, a tool called netplan.io, which, if you go to that website, you can see how they use netplan. It’s just a configuration generator. So you type in a very simple YAML format – how you want your network to look. It can be as simple as three lines. It will render the correct backend networking data for either the network manager or systemd-networkd – whichever system you happen to be on. It kind of simplifies the way that you can view networking.

Magic and bare metal

It seems like YAML transformed a lot of the configuration side of maintaining lots of servers.

DB: Yeah, I think it’s a very simple configuration format. It also has some compatibility with JSON. It really gets out of the way. There was a move to standardise on something like XML, which was nice for computers to read and produce and store data, but it was very poor for humans to read. So YAML’s kind of taken the other approach of making it very easy to parse with your eyes, and to view and edit as a human. I think even though it has a few quirks with presentation, it still is a much nicer unified format for editing.

Again, it came from feedback. One you’ve already hinted at, which is a small thing, but people clamour for it – htop. Anywhere that Ubuntu Server is installer, htop will now be available and supported by Canonical. That is a big one. Sysadmins have been asking for it for a while.

The last one that I kind of wanted to bullet point was LXD 3.0, which is Canonical’s supported container solution […] and the big feature with LXD 3.0 is clustering. So you will now be able to cluster together multiple LXD servers into just a lightweight development cloud where you can make requests of it, and spin up containers and delete them. A team of people can operate on that little LXD cluster.

Does that come with a dashboard model setup?

DB: No. It’s targeted at a team of developers, not something that you’d spin up to replace OpenStack or anything like that. It’s just a nice way for people to centralise their LXD workloads that they’re already running on their developer workstations – if they need to.

Livepatch, part of Canonical’s Ubuntu Advantage program, is being promoted heavily again. This installs hot patches for the Linux kernel, so it’s always up to date with any major CVEs (vulnerabilities) that are discovered. It’s also free to use for up to three machines.

Do you get involved with Conjure-up [a front-end that uses JuJu] and how that’s been received as well, from people who use it?

DB: Yeah. Conjure-up is, again, available as a snap. If you want a snap, install conjure-up and try it out. That is our way to demonstrate and try out some of the big software technologies that we have. I think the two main ones that I want to call attention to are OpenStack, which as you know, in a production setup requires tens and dozens of servers. So just spinning that up locally already lets you ‘proof of concept’ something that will be very difficult to acquire than a number of compute resources that you need to try it out.

Then the second thing that we install via conjure-up is what we call the Canonical distribution of Kubernetes, which is the newer way to try out Kubernetes. It’s a one-button experience to get Kubernetes running on a series of LXD containers, and see exactly how it functions, and how you interact with it before you go and deploy it onto your bare metal somewhere.

So conjure-up, I think the experience of 18.04 has just been refined. We don’t have a tonne of improvements from 17.10, except for bug fixes and stability, and just making that experience nice and smooth and polished. That’s what our focus has been on in 18.04.

Could you explain the benefits of Metal as a Service (MaaS), and give us a clearer understanding of that?

DB: MAAS has quite an elastic goal. It’s to model your data center. So, it really transforms the way that you manage machines and physical hardware in your data centre. So it has the ability to model your networking that you have in your data centre, and to say which VLAN connects to where… you know, which machines can see which VLAN.

It also has just the concept that these machines all fit into the same rack. They all share kind of an availability zone in the cloud. If these ones go down, you know, they’re all connected in the same kind of fault domain.

So it has some of those data center concepts in it. But once you get it installed and once you’re using it, it is a tool that’s used to just launch operating systems on machines. Instead of having a machine that is long-running and can never change and takes a dedicated administrator to do software updates on it.

You can treat your physical hardware, just like it were in a cloud. And you can launch it with a cloud in its script. You can use other deployments and technologies like Juju and Ansible to launch other Ubuntu instances. And then they come up fresh, and they’re ready to go. You can leave them long-running, or you can just say, “I’m done with it. I’ve released it back into the pool. I’ve other available machines to use.”

It’s really about transforming your data centre into something that resembles the new cloud world that we live in.

At what scale does that become really beneficial?

DB: The nice thing about MaaS is, I have a MaaS running at my house with six machines that I use with six little NUCs for doing testing. If I need to know what Ubuntu looks like and how it’s functioning on a physical machine, and I need to tie those physical machines together in a VM… and, you know, I’m kind of at the limit of the VMs I can launch, I can just use MaaS to spin that up in my own little test lab that I have. Which, again, is just six NUCs that I have. 

So you can go down to whatever the smallest workload size that you want for a test lab. It can also scale up to the thousands of nodes that are in the data centre. It has the concept of a rack controller, and the region controller. So a rack controller, instead of the top of each rack in a data centre, you’ll be able to host images and handle the network traffic that’s necessary.

But then your region will be your entire data centre. That is all handled in the architecture of MaaS. It really is nice in that way. It scales down to the test lab, and up to the production environment.

If you do operating system testing at all, it’s a fantastic tool.

I did want to mention one other thing, since we’re talking 18.04. The Ubuntu Advantage product that we have – I know that that’s not always the most interesting to end developers and to single users of Ubuntu. But as Ubuntu is used in just so many large-scale applications, we do have a product that we’re continuing for 18.04 called Livepatch.

In 18.04, we’re definitely carrying that forward. The cool thing about Livepatch is it installs hot patches for your kernel, so that you’re always up to date and secure with any of the major CVEs or vulnerabilities that come out. 

But it is also available as a free service for up to three computers for anybody that signs up for it with Canonical. It’s not just something that you need to come to Canonical and set up an account and pay for on a monthly basis. That’s really what we’re targeting large-scale users of Livepatch. But just for the people that are running their own workstation at home or their own little test lab that they have like I do, they can go and get Livepatch; and next year, any machine that’s long-running can be up to date with kernel hotfixes that come out.

Proprietary creep and encryption changes

Will, did you notice from the desktop survey whether you had any feedback about what apps people felt were missing generally in the Linux world?

WC: It’s tricky to say. Because the people who responded to that survey are obviously already Linux users, and so have already come to terms with the fact that there is no Microsoft Office, and there is no Photoshop, and there is no whatever music packages – you know, those kinds of things that people are used to using on Macs and Windows.

So I don’t think it’s really a fair reflection on what applications might be missing from the Linux ecosystem, because people have already made that decision to get in bed with Linux and accept some of the drawbacks in order to benefit from a lot of the advantages.

The common request is always around Microsoft Office. LibreOffice does provide good compatibility with that. So I think that’s more of an educational problem than it is a technical one. But by and large, there are always free and open alternatives to the proprietary applications. I think it’s just about getting the word out there, and letting people know that these applications exist.

I think the snap store is a good way of doing that, because it gives you a centralised place to go looking for applications, rather than searching around on Google and finding something by accident. We can promote the applications, and indeed, we do that through our snap advocacy team. They regularly go through the new applications to test them out. They find the new and exciting one, and they post about them on the Facebook channels and Twitter. We put it on the front page of GNOME software. So we’re able to expose a much wider variety of software to our users than they have been able to access in the past.

So the missing applications? There are alternatives, and we just need to be able to get the word out.

With the official release, a number of community ‘flavours’ will be available, including Ubuntu MATE 18.04. This uses the traditional desktop metaphor, familiar to Windows users, but with a contemporary and enhanced desktop experience.

It’s an interesting situation that you’ve got, because snaps is a format that obviously allows proprietary products to come to Linux much more easily. Do you not feel that there’s a danger that it creates no inclination to open [source] up those products? 

WC: At the end of the day, it’s the users that are going to choose which application they want. We’ve seen a lot of interest in Spotify, for example. It was there, anyway. We’re just making it a lot easier for people to get their hands on it, and indeed they do want to get their hands on it.

From a pragmatic point of view and from a user-friendliness point of view as much as anything, given that all of the other tools that you might need – if you’re a web developer, there are dozens of IDEs. And as we’ve already said, you’ve got the browsers, and you’ve got the back-end database. If what’s stopping you from using Linux is because you can’t listen to Spotify or you can’t use Skype or something like that, because you have to for work, then absolutely, let’s solve those user cases and open it up to more and more people.

The one that I wasn’t sure about – isn't there a filesystem encryption change?  What's the reason for changing to fscrypt? 

WC: Yeah, this is eCrypt. I think that’s the one that was, or is, demoted to Universe from Main. So this was the ability to encrypt your home directory from within the installer. […] The problem with eCrypt – well, rather, the problem with home drive encryption was that we had full disk encryption and home drive, home directory encryption. And those two things were a bit confusing to people. Like: why would I want to do one over the other?

And obviously, encrypting your whole disk is more secure than just encrypting your home drive. So home drive-only encryption was less preferable, or is less preferable. And the eCryptfs application modules themselves are, as far as I know, either not maintained upstream anymore, or are not attracting as much investment now than they were in the past.

So I think the general quality of those packages has decreased. So the security team were of the opinion that it’s not good enough to keep in main anymore. And so if it’s not in Main, it goes into Universe. And then you’re not able to include it by default in the ISO image, because it’s not deemed to be of sufficient quality.

So the knock-on effect is that we then can’t do this home directory encryption from the installer.

UPDATE: “It would be unfair on our users to keep ecryptfs in main for 18.04,” Cooke confirmed later in an email. “If we cannot be 100% certain that it will be supportable for the duration of the LTS life. Whole disk encryption provided by, for example, ext4’s native encryption [LUKS], provides a more secure, lower overhead solution which we think is a better option for users.” 

Ubuntu’s position is that full disk encryption using Linux Unified Key Setup-on-disk-format (LUKS) is the preferred method and eCryptfs has been moved from the main repo to universe, if you still want to use it. Currently, Canonical has confirmed that fscrypt is not considered mature enough to feature in 18.04 but will be a target for 20.04.