All LTS releases get 5 years of updates. Ubuntu pro (which is free for non-commercial users FYI) extends the LTS support window to 10 years, which is 5 years more than any other Linux distribution I know of
Sorry, I meant „Additional security updates“. its not very useful for normal users and canonical is targeting enterprises with it but looking at it every day without a non hacky way to disable it just wore on me.
And constant non-optional pop-ups nagging you to upgrade to Ubuntu Pro during those five years. I’d actually be kinda okay with it if it were only after, an if just as a reminder that, hey, the LTS period is over, you need to switch to the next LTS release now.
This is on Ubuntu 22.04.3 LTS, so well within the 5 year window. I’m complaining because I kept getting frantic calls from people using that who didn’t know what was going on.
Depends a lot on what kind of user. I specified “non-technical” with a reason. I have, in the past, recommended Ubuntu to a small number of friends and family members. These are people who aren’t particularly comfortable using computers in the best of times. They very much don’t need the newest, best and most shiny versions of everything. They need to do billing, taxes, correspondance, email and various other tasks related to their small business, they need that to work reliably, and if at all possible, to work exactly the same way as it did the last five years. And if there is any pop-up they don’t immediately understand (for example because it’s in English instead of their native language, yes that still happens in Ubuntu quite a bit), they will call me on the phone.
I don’t know if you’ve ever had to support non-technical end-users, but for some of them, even something as seemingly trivial as a menubar that has moved from the top to the side can be issue that needs explaining and training. For that kind of user, I really do want to postpone all updates beyond pure bug and security fixes for as long as reasonably possible. Five years sounds reasonable. Six months does not.
Ubuntu is not Arch Linux. The 6 month release doesn’t give you the “the newest, best and most shiny versions of everything” in the first place.
If they don’t like change so much as to not being able to handle some minor UI updates, then their better off using a Chromebook lol.
You’d just be making it harder for them move from the outdated software in the long run, because literally everything changes between moving LTS from the 5y EOL period instead of gradually over each major normal 6 month releases.
They do, including those that are in Debian, but they also have an additional source of faster security updates developed in house, which they hold back from the free path in favor of the pro package.
Personally, I feel a bit torn about this. On the one hand, this should be, officially at least, purely an additional service on top of what’s available in the baseline distro, and isn’t taking anything away from that.
On the other hand, I strongly disagree with holding back security fixes from anyone, ever, for any reason. Also, the claim that it will never take away anything from the free base distro is at least a little bit suspect. I would not be surprised if the existence of the pro path were to gradually erode the quality and timelyness of the base security upgrade path over time. Also, Ubuntu is now very annoying about nagging you to upgrade to pro, and the way to disable that is fairly involved and very much non-official. The whole thing goes against what I expect from a F/OSS operating system. I don’t quite understand why this topic hasn’t been a much bigger issue in Linux circles yet. It certainly doesn’t sit right with me…
Not that I’m a fan of Ubuntu here (I generally don’t run it when I can run anything else), but I do want to say I think you’ve missed the point of the Pro tier.
Ubuntu releases two stable versions a year which are supported for 2 years or so. This is like a slow rolling distribution, and makes the newest software’s available. It receives regular security updates from upstream, from Canonical, and from backports, again for up to about 2 years. Most users install this version.
Ubuntu LTS editions are similar to the above, but receive all the same security updates for 5 years instead of 2. These distributions are generally targeted for Enterprise users who value stability over having the newest software, and for whom upgrading comes with significant time, expense and risk. The 5 year window is customary among other distros, and is largely supported by and throughout the Dev community.
Ubuntu LTS Pro editions extend the LTS support editions for an additional 5 years, meaning a Pro distro enjoys 10 years of security updates from upstream, backports, and from Canonical where needed. Canonical might even open source their fixes back into upstream for other maintainers and distros to use, depending on the situation. However, since Canonical is providing the work, they charge subscription fees to cover their costs for it from their target audience: Enterprises who can’t or REALLY don’t want to upgrade
Why an Enterprise might not want to upgrade has to do with risk and compliance. Corporate IT security is a different world, where every bit of software may need to be reviewed, assessed, tested and signed-off upon. Major software upgrades would need to be recertified to mitigate risk and ensure compliance, which takes significant time and expense to complete in good faith. Not having to do it every 2 or 5 years is money in the bank, especially when the environment doesn’t introduce new requirements very often.
Canonical is meeting a market demand with their Pro tier by allowing these customers to spend a fraction of their recertification costs on a software subscription. It’s overall good for the ecosystem because you have what amounts to corporate sponsors pumping money into keeping older packages maintained for longer. This let’s them keep using the same software distro all the rest of us can use for free.
I’m not shy about calling bullshit on ANY distro that operates in bad faith, and they all get into some BS from time to time. Nevertheless, Canonical are acting in good faith on this, and are merely collecting money for their time and skill to provide maintenance on FOSS packages that might otherwise go unmaintained.
tl;dr: Pro tier is for Enterprise customers who need extra-long term support and are willing to pay for it. Canonical is meeting a market demand so they can remain competitive for use in those environments, which is good for everyone. It’s benign. Keep the pitchforks sharp and the torches dry for another day.
Pro tier is for Enterprise customers who need extra-long term support and are willing to pay for it. Canonical is meeting a market demand so they can remain competitive for use in those environments, which is good for everyone. It’s benign
Then please show me the button (and I mean button, not command-line exclusive settings or config file entries in /etc, and certainly not unofficial trickery like third party repositories that replace Ubuntu advantage packages with an empty decoy) that says “Thank you, I don’t need Ubuntu Pro, please stop nagging me about it”.
Oh, I never said they weren’t absolute prats about invading user space with advertising their bullshit. The Lens fiasco, Snaps, the popup warnings in apt breaking scripts, and the lack of UI toggles to easily disable those nag messages are all reasons I run other distros. There’s a big Mint colored button to turn on the Ubuntu experience without the nagging.
You have other choices that do no not shove that bullshit in your face. Canonical is gonna canonical. Nobody said you have to play their game.
My point was they are not withholding anything community-based from anyone. They are entitled to charge for their original work, even they are pushy about it. They even abide by the license and distribute it the changes when complete, but they’re not gonna just do it for giggles.
The additional Ubuntu Pro security updates are also open source, which means open source maintainers are free to adopt them for the regular security updates (and some do).
If Canonical didn’t charge for those additional security updates they wouldn’t be able to pay for developing them, which would result in only core packages getting patched again. Also it’s possible to make an account and get them for free on a few devices, so it’s really not so bad. This way of doing things is better than what RedHat is doing with RHEL.
If Canonical restricted maintainer from applying Canonicals patches, I’d change my opinion. For me I don’t need security updates that badly, so I’m fine with Debian, NixOS (or Ubuntu non-Pro).
I know very little about contributing to open source but appreciated reading this. Seems like often the interpersonal element is the biggest challenge and the author handled it well.
I don’t have any previous knowledge of this at all, but from reading the docs, nothing you’re describing sounds wrong.
A u32 selector will match 4 bytes (u32 meaning unsigned 32bit presumably, which is 4 bytes).
It makes sense that you’d only be able to configure the matches on 4 byte intervals, because keeping them aligned may make the implementation simpler and more efficient. You can still match any set of bits this way.
Perhaps you could describe what you’re trying to match exactly and the selectors you tried.
I really appreciate this, thank you. I think I had confused myself by playing with ‘u16’ and ‘u8’ and somehow coming to the conclusion that they were matching the right side of a 32-bit string. (Which may still be true, but, I’m just masking u32s now).
This is what I ended up with, which is working the way I’d expect:
<span style="color:#323232;">tc filter add dev wlan0 protocol ip parent 1: prio 1 u32
</span><span style="color:#323232;"> match u32 0x30d6 0x0000ffff at -16
</span><span style="color:#323232;"> match u32 0xc92d1905 0xffffffff at -12 flowid 1:20
</span>
This sends Ethernet frames destined for 30:d6:c9:2d:19:05 to flow 1:20, and it doesn’t seem to match a second device I tested. So, all good! Thank you again.
Well if there’s an application that the developer only releases a flatpak for, do I have a choice in being one of those million if there’s no easy way to compile it myself? What if I’m a newbie linuxer and cannot get all the dev tools installed?
what’s your point? if flatpak makes it easier for developers to package their software and easier for users to install it, there’s nothing wrong with it being famous
What do you currently do if a developer doesn’t package their software for other distros? Maybe they only provide an AUR package or a .deb, so someone else has to package it.
With flatpak the only difference is that a distro independent package exists, that anyone can install. It being possible to do cross-distro apps with a single package doesn’t make it any harder for distros to also package it.
Thanks, I think I understand now what you mean. I still disagree on the notion that people are forced to use flatpak and that the number is meaningless because of that. People choose to use flatpak because it solves their problem.
I’d say it’s similar to many people who use Ubuntu because of its big user base and software support. It’s still an achievement to be recognized.
Anyway, I do agree that the number itself isn’t really relevant. I’m pretty tired and maybe I’m a bit pedantic, so good night (or have a nice day, depending on your timezone).
do I have a choice in being one of those million if there’s no easy way to compile it myself?
You always have a choice. Just yesterday, I had an app’s documentation say “install brew so you can download our application and themes”. I noped right out of there and found a different application altogether.
I don’t think there’s any business entity artificially forcing the users to use it (like Firefox on Ubuntu 😉) if that’s you’re asking.
Otherwise, the only case where the user is “forced” to use flatpak would be when the software they’re looking for is not available under their distro’s repo, which happens a lot especially in point release distros.
I only dabble in C# these days, mostly because Microsoft doesn’t bother porting .NET Forms to Linux, but my most recent GUI framework experiments were with Avalonia and that felt quite good. Not everything works as well on Linux (no Fluent design background blur, though I believe it does work on Windows and macOS) but functionality-wise, it’s pretty complete.
My IDE of choice is Rider, and the Avalonia plugin has some nice previewing features and a good chunk of XML/C# binding autocomplete.
There’s a paid option for Avalonia that will take your WPF application and instantly turn it into a cross-platform app, but that’s clearly focused on enterprise users (starting cost: $5k per app per platform for startups, four times that for “enterprises”, lol). I can’t blame them, though, because porting WPF to macOS + Linux + iOS + Android + web browsers + Tizen + (eventually) VisionOS by simply swapping out the SDK is pretty amazing tech.
It doesn’t seem to have any outrageously complicated dependencies to work, just C++, Boost and a few other recognizable names, at least at a glance. They also seemingly have an ArchLinux package, which means it’s likely to at least be buildable on latest everything. Mint will fall in between, so the odds it’ll compile are pretty good.
I don’t have much to comment on native installs that hasn’t already been said, but if you go with a VM, please don’t use VirtualBox. It’s a pile of hot garbage that pales in comparison to the already existing, kernel-level virtualization offered by KVM/QEMU. Use a package like virt-manager for KVM/QEMU based VMs and your experience and performance will be infinitely better. The Linux kernel has KVM built in for a reason, so take advantage of that.
Otherwise, Distrobox is a great recommendation, as are many of the other install methods listed in these comments.
For maximum performance you probably want to skip virt-manager, virt-viewer has a hardcoded FPS cap.
If you use QEMU directly and use virtio-gpu paired with the sdl or gtk display, and OpenGL enabled, you can run Ubuntu at 4K144Hz no problem. The VM is near imperceptible, and it works out of the box, that’s not even touching the crazy VFIO stuff.
Perhaps I was a bit vague with the word “performance”, but given that this user only seems to be interested in running ROS, there is absolutely no reason they need anything above the FPS cap (hence my recommendation of virt-manager, as it is quite user friendly). The “performance” aspect of it boils down to CPU utilization and efficiency more than anything.
Ah, I didn’t know more modern versions of the VST standard specified a Linux interface. I thought, they were still just basically EXEs with some metadata attached.
VST is native and actually better for the CPU in the SurgeXT case. I also use it in LV2, and now I’ve all my projects that needs a conversion from that, maybe I could compile the 1.2 version from source; I don’t know but it’s annoying ¢_¢
There’s also a CLAP version available, if you use a daw that supports CLAP (like REAPER (which you should totally use btw (it’s like the emacs of daws if emacs actually ran faster than everything else)))
“Systemd provides a lot of network functionality in systemd-networkd, journald, timesyncd, etc. that is remote attack surface. All the systemd “cloud of daemons” is tightly coupled by dbus interfaces that enable an attacker to move from one exploited system service to the next. Even if the attacker doesn’t manage to find an exploit in another system service, DoS is easily possible because the DBUS interfaces are quite fragile. Even as a benevolent admin it is easily possible to get the system into a state where e.g. clean shutdown is no longer possible because systemctl doesn’t want to talk to systemd any longer and you cannot fix that. systemd-udevd also has raceconditions galore, so sending any message to it in the wrong order relative to another one will kill the system, maybe even open exploit vectors. At the very least I would, for hardening, recommend not using any network-facing systemd functionality.
And lines of code are not ridiculous, they are the best first-order estimate available. Of course an actual inspection of the code is better for a comparison, but that is a huge task. sloccount is quick and easy.”
err, why would a forum post single-handed prove that the entire linux enterprise world are being stupid, and how you can prove that he is even correct?, he is alone, against the entire world, red hat sell that shit, if it wasn’t secure companies wouldn’t buy it
I am not saying this proves single-handedly that systemd has vulnerabilities but it is one of probably many out there. I am not saying enterprise is stupid but I could definitely see some sacrifice being possibly made to spend less time setting up utilities on every systemd machine for enterprise work.
I could definitely see some sacrifice being possibly made to spend less time setting up utilities on every systemd machine for enterprise work.
I’m not sure how much time do you think anyone spends setting up systemd utilities… but as a home admin systemd has saved me a ton of time over the ragtag collection of shell scripts we had in the past. And a lot of that is because of its vastly improved logging.
I suppose if you consider logs to be “bloat” you won’t understand though. I consider them to be essential services.
I was saying that you do spend less time cause it is already there. Also you can have logs on other init systems, what I said on the post is that if later I wanted logs I could just setup instead of being already there (and the other utilities, not just the logs of course).
s6/66 simplifies dependency of running/starting, automatically enables an s6-log for each service/daemon/bundle it is much faster and smaller than systemd (by a factor of 10 maybe), and once it is up and running it is virtually impossible to bring down without its own routine. Servers have run consistenly for a decade with s6, including skarnet.org
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.