Years ago when I was a teenager, I was subcontracted to add a "stateful packet-inspecting firewall" to some office NAT gateways. Since the gateway was Linux, I just wrote a handful of IPTables rules. But the contractor wanted to charge more money for the upgrade, so they asked me to make a splash screen and progress bar to advertise the firewall changes. The actual rules were about 8 lines, so I had to add some extra stuff and some fake status messages. In the end it looked like it was doing a lot and took about 10 seconds to finish the progress.
Funny to see Ubuntu offering "upgraded services" in the same vein.
Hilarious that this happens. Oftentimes when you do something in a traditional IT environment it takes ages to install software (ie, configuring a Windows server with AD and all the related stuff), requires multiple reboots after setting hostname etc. It truly takes ages, lots of progress bars and waiting and making coffee. Meanwhile in an OSS/Linux environment a lot of things are truly trivial and instantaneous to a point where sometimes you gotta ask yourself "was that it?"
This is mostly caused by the Windows-induced impression of what "installing" software means.
Most normal users would not describe unpacking a Zip into a directory as "installing" - yet that's exactly what it is everywhere except Windows. Sometimes the unpacking isn't even necessary...
Of course it’s available on all OSes right now, but Windows has had incredible programmability (not comparable to Linux, but superior to MacOS), and since Powershell probably has a much more powerful scripting story than any other OS.
The ability to write quick scripts in Powershell, but also tap into C#, it’s massive standard library of code, and all the many 3rd party libraries and commingle that almost seamlessly with Powershell is tremendous.
Finally, Windows had probably the best toolkits to whip up a quick and dirty UI for anything you wanted to do with WinForms (name?) which was more powerful and yet quick and easy to use relative to any other toolkit on any other platform.
Unfortunately, what Windows has gained on the command line it appears to have lost in creating GUI driven scripts.
Maybe from a purely technical perspective. Windows can be made to do just about anything, has the most tools and the most support. A power user should care most about getting work done. If they care more about how they got it done than what they got done, that's called a hobbyist.
> This confirms that our machine is receiving all updates until 2027
I believe the author is mistaken here; they are receiving updates only for "main" repository, and not for "universe". The example "ffmpeg" package belongs to "universe".
The UI seems bit confusing because it doesn't seem to show what the version available through ESM/Ubuntu Pro would be, but exploring the repository manually shows that for example for ffmpeg there is "Version: 7:4.4.2-0ubuntu0.22.04.1+esm2" available, a different version than what is available in the standard repositories.
Manually upgrading the source .deb to the (ABI compatible) ffmpeg 4.4.4 and compiling gets all the security fixes and seems to work. It looks like backporting just the security fixes was done incorrectly in Ubuntu's ESM release.
My main concern with ESM/Ubuntu Pro is that patches don't get as much community scrutiny and help as other updates. In this case it's broken a fairly major piece of software on what's supposed to be a super-stable LTS release.
After 10 years of loyal Ubuntu usage on all my servers, I have gone with NixOS and I have to say that it's not nearly as difficult as I thought it would be. Home Manager and graphical apps can be a pain, but server side stuff is much, easier IMO and this is now my go-to server distro, where it's available. Postgres, NGINX, HaPROXY, even tougher stuff like Yggdrasil Network, all really easy to configure, though I haven't done any containerisation workloads (yet).
Nix would probably be my first choice if I was going to use an "enthusiast" distro. I tried it, I liked it(Unlike everything else non-debian/Ubuntu I've tried) but it seems unnecessarily powerful.
Ubuntu provides an opinionated workflow with self contained packages, with less work and more of an ecosystem, and more or less uses only concepts familiar to apt users already.
Nix still hasn't completed the Flakes transition, and it's not immediately clear at first glance what's declarative and what's not.
Snap is a lot simpler of a model. Include almost everything, except the base snap stuff, in a single package file, like an old school video game cartridge, rather than the UNIXy idea of software as part of the OS, carefully configured as part of a unique hand maintained system instance where all the parts have to work together perfectly.
Nix would probably be my first choice if I was going to use an "enthusiast" distro. I tried it, I liked it(Unlike everything else non-debian/Ubuntu I've tried) but it seems unnecessarily powerful.
Ubuntu provides an opinionated workflow with self contained packages, with less work and more of an ecosystem, and more or less uses only concepts familiar to apt users already.
Nix still hasn't completed the Flakes transition, and it's not immediately clear at first glance what's declarative and what's not.
Snap is a lot simpler of a model. Include almost everything, except the base snap stuff, in a single package file, like an old school video game cartridge, rather than the UNIXy idea of software as part of the OS, carefully configured as part of a unique hand maintained system instance where all the parts have to work together perfectly.
NixOS has better reproducibility, because config files as well as apps are part of their declarative one file to rule them all system, but Ubuntu is easier to make changes on.
It's the first disto that doesn't feel like it's still built for the era of instances that would be maintained by a dedicated sysadmin for decades.
Ran into this the other week, the problem is vuln scan tools like nessus will flag it as a missing update but if you don't pay for ESM you don't get the patch even on LTS. I wish they didn't use security as a money making tool, this is exactly why I despise Azure.
If the only option is to pay, why pay a company that is using security to profit? Just get redhat and get it over with if you have to haggle with corporate purchasing, legal,etc... anyways.
When a package is available in any distro's maintained/mainline repo, users should expect security patches will be available as soon as humany possible for that package. If there was a premium repo, I get charging for that. But right now it is any packages and arbitrary CVE's, very upredictable.
This is a rather frustrating distinction on packages.
Canonical says: "Here, enjoy these packages in our base repositories"
Many of those packages are completely third party/somehow qualify for 'universe', and such, no longer get security updates.
Why rebuild/test only a subset for the upsell? They've taken stewardship by offering them at all, in my opinion.
On the other hand: Red Hat will support everything they offer during the lifetime of a release. They don't really pick and choose as far as I'm aware. Caveat: EPEL et al
They do have a limited lifetime release problem... but at least they support the whole release.
> On the other hand: Red Hat will support everything they offer during the lifetime of a release. They don't really pick and choose as far as I'm aware. Caveat: EPEL et al
I mean, that's the distinction; Ubuntu just includes their EPEL equivalent in the default repos. If you leave out EPEL, then RHEL has far less packages (or did last time I was in that ecosystem), because RH does their pick-and-choose at the repo level.
Once in a while I think of giving them some money. Every time I look into paying them for my home server, every time I see it's enterprisely priced and totally out of the question.
Yeah I have the free ESM enabled. Still, they could let people pay 25/year for server updates for up to 3 machines or something.
I don’t understand putting security updates behind a subscription. At least, creating a distro which is designed to be user-friendly, and then just letting devices sit on the internet unsecured seem basically unethical. It is inviting people who don’t know what they are doing to contribute to botnets and other attacks. It isn’t an expectation that a free user will be supported, just an expectation that a responsible company won’t create a cybersecurity attractive nuisance. Ubuntu is open source, they are supposed to be on the good team.
But, they could reasonably just shut the free tier machines off when they fell out of their automatic update lifespan.
> I don’t understand putting security updates behind a subscription.
This struck me too!
The author made some comments I didn't understand, giving me the impression that these were updates for proprietary Ubuntu packages or something, and therefore not a matter for concern. That doesn't seem right - if it's a security matter, and you have a patch, then you ship it.
The extended security updates that I'm talking about are available beyond the official life of the distro - i.e. after the 5 years of LTS pass, or however long LTS lasts this week.
Before that they're free. ESM is free for personal use too - conditions seem to change yearly, I think it's for up to 5 machines this week.
Most normal people will just upgrade to the next LTS before the 5 years pass :)
> Perhaps a nearly-free tier wouldn't bring in enough revenue to offset the increased expectations there.
They could have a no-support or per-incident support tier that’s only a license. IMO the reason that doesn’t happen is because everyone only wants billionaire customers where all costs get passed to the end consumer without question.
A little profit isn’t enough anymore. All these companies want massive margins and profits and won’t settle for less. I think a total collapse in tech might actually be good for the long term health of the industry.
Not so fun fact - ESM patches are picked up by stuff like Qualys scans, and then you get flagged for not having the patches...that you need to pay Ubuntu for ... Or setup infinite fake personal accounts to enable Ubuntu pro, for any VM you use.
> Ubuntu Pro is available for free for personal use, but it requires you to attach a unique license key to your Ubuntu installation, which will be tracked by Canonical.
It's nice that there is a work-around. This time. And the next time. I for one use System76' Pop!OS derivative (which is great!), but that might ultimately play out like a RHEL <-> CentOS/Rocky/Alma drama.
It will take another while, but it looks like Debian is our last hope for community linux (in apt ecosystem).
Normally when people talk about pro/enterprise/premium, what they're really talking about is long term support for a "stable" release, since that the thankless backporting work that you need to pay people to do.
And those are all rolling distros, so I don't think they're a fit for anyone with that class of enterprise needs. NixOS has supported releases, but as far as I'm aware, each one gets less than a year— 22.11 was just deprecated in favour of the current 23.05 and the upcoming 23.11.
I know that some people run Arch on servers, why they do it is complete mystery to me. At least Gentoo and especially NixOS has some legitimate reasons to exist on servers.
Your post read as if the normal Mint edition is directly based on Debian and therefore not affected by Ubuntu policies, which isn't the case.
The download for their Debian Edition is hidden away under "other editions" as "LMDE". If you click on "recommended" you will get to the main download page which doesn't even mention the Debian Edition: https://linuxmint.com/download.php
Oh, I see they have OSINT book there. Clicked to check. Wow
>An e-book version of this release is not currently available. This is due to many reasons, including rampant piracy, counterfeit prints, Kindle tracking, exclusivity requirements, and unpredictable content removal from Amazon. We believe this book is better served as a printed reference manual.
What a bullshit excuse. I don’t read printed books, as I like ebooks way more. Cannot believe anyone technological try to persuade me I want to have a real book on my desk.
The good news is theyre telling us that you dont need to pay $5 for an ebook, you can easily get it for free through pirates. Seems weird to me to take that stance because i wouldn't hesistate if buying ebook was easier tham pirating it. That being said, maybe theyre locked into a crappy publisher deal and are too embaressed to admit it.
Just checked, yep, pdf and epub on libgen, 10th (current) edition. Though the epub’s probably auto-generated from the pdf and likely sucks (did not verify).
Guess that’s your only option if the product you want is an ebook.
Yep. That's a pretty funny thing about piracy: the harder it is to get a legitimate copy of your product, the more people will just go get it from torrents or libgen.
Oh boy now you've opened the can of worms that will bring out the people complaining about CentOS...
But honestly, it depends on what you're using Ubuntu for. As a server or a VM for some work-adjacent purpose like this, Fedora's release cycle is too fast. I prefer Debian simply because there's no bullshit to it, it will always be there, its the base for most Docker images. I also consider most VMs ephemeral which gets around my annoyance with apt not having anything nearly as cool as dnf history.
I'm actually fine with modern CentOS but "I'll stick it on Debian" has been a really good default for me for the past 20 years.
As a desktop/workstation, Fedora's pretty good! Good package manager, good release cadence, strong commitment to upstreaming everything. GNOME has started to annoy me but Fedora's KDE release is great.
Those are two very different philosophies to Linux. Fedora is much more bleeding edge than Debian (by a lot) so the question really comes down to which you prefer.
I absolutely love Fedora and run it on my main desktop. That being said I also cut my teeth on CentOS so I’ve always had a soft spot for the RHEL approach to Linux. As for the bleeding edge aspect, I’ve rarely encountered issues with the latest updates. I had to do a bit of troubleshooting with pipewire and my HDMI output, and once a Gnome update caused the hertz setting on my monitor to bug out and cause a black screen.
None of it was really traumatizing though, and I have my system set to run a DNF update automatically on every login since I like to run as up to date as possible, and generally trust the packages won’t be overly buggy by the time they get pushed live.
—————————
After looking at your profile I realize you probably already are familiar with the philosophical differences of the two. Leaving the above for the potential benefit of anyone else who isn’t familiar.
Fedora has the release cycle of Ubuntu with the large development and QA team of Red Hat. It is upstream of RHEL, so they give a shit about quality and it shows. They also do things open whenever possible when Ubuntu will either keep things closed (Snap Store) or behind a CLA.
I am an independent IT contractor that games on his off time.
Recently, I switched to Linux from Windows and it has been a good experience so far. I went with POPos because of how they integrated steam and the video drivers into the distro. It works great except shit breaks like booting and other things some times when they release major updates. I actually really like way Arch is designed. I was thinking of switching to Manjaro for stability reasons and I dont want to rip my hair out trying to get gaming to work in other distros. Im really looking for release stability with the ability to keep my gaming environment working. Any suggestions?
It is such an absolute overhyped nightmare of a distro. If there were a shame corner for Linux distributions, Manjaro should be one of the biggest offenders.
I'm a fan of Fedora, but it would crash when my GPU was under high load. Since then I've switched to Arch and it's been pretty good. I've only had very minor issues, like printing support not coming preinstalled (I used the Budgie Desktop preset). If you're willing to deal with just a little bit of troubleshooting occasionally then I'd recommend Arch, it's been rock-solid.
If you've got an Nvidia card, then I have no experience with that on Arch, but here's the docs on Nvidia installation, it's easy: https://wiki.archlinux.org/title/NVIDIA
Linux Mint could also be a good alternative option. It has easy Nvidia drivers installation as well.
For a desktop, Fedora is likely a better choice for most people because it offers more up-to-date software. How many times have you found yourself struggling to install something on Ubuntu because the version of some dependency in your package manager is out of date? That is much less common on a distro like Fedora (even less so on Arch Linux).
With bleeding edge comes instability though, so it's not all up-side. Personally, I've settled on Fedora Silverblue/Kinoite, which is an immutable version of Fedora. Basically, it gives me the best of both worlds: up-to-date software and stability. Since the system is immutable, it's really difficult to break it even if you try.
Another good, non-IBM alternative to that is OpenSuse Aeon/Kalpa/MicroOS. Or just Tumbleweed/Leap if you don't care about immutability.
You mean Bookworm? Packages are frozen though, so they have completely different use cases. I dislike RH so I wish there were other community controlled Linux distro with the same cadence as Fedora.
There is perhaps room for a new player to enter the market, but I think the correct path would be to direct that effort towards improving Debian as a whole. It's truly one of the greatest open source projects in existence.
> [We] recommend Ubuntu for OSINT virtual machines [...]
> We feel that Ubuntu is being aggressively misleading with the rollout of Ubuntu Pro, and we do not recommend any OSINT users attach this service to their investigative VMs.
Or, you know, you could stop recommending Ubuntu as the preferred distro of choice. This is clearly user-hostile and there are numerous good alternatives available.
I think it’s really smart for projects like Linux Mint to keep actively maintained distros off of Ubuntu or Gnome or whatever. Give the user the option, but have a fallback.
I’m not optimistic canonical is going to just turn back from this path of Snaps and DRM.
>Linux Mint to keep actively maintained distros off of Ubuntu or Gnome
you mean Linux Mint Debian Edition, yes it is exactly the reason they keep it going; who knows what Canonical might do tomorrow. Ubuntu is no longer "Linux for Human Beings"
I’m biased because my first experience with Ubuntu was so bad that ut put me off of Linux for literally a decade.
Now, I get the impression that Ubutnu is far more important for backend than frontend. So, yea, “for humans” not so much. That is what I think Pop and Mint are doing well with.
The positive part of snaps, and I don't like snaps for myself, is that snaps keep updating on an unmaintained server. So as a default for VPS providers seeking to hand hold users Ubuntu perhaps makes sense.
At least that's what I understand.
However on a server I use Debian (stable) as I purposefully don't want to be at the 'cutting edge'. [I also use Debian on my laptop because it just works.]
1) I haven’t used it on desktop in some time, but not that far back they had Amazon ads in Gnome. Plus motd ads for Ubuntu stuff (like Pro, in fact). And now ads in apt output.
2) Spying is opt-in, to their credit, and only at install, so you just have to make sure you aren’t auto-piloting your way through the installation and enable it by accident, but that’s still another thing to worry about that may not exist in other distros. Not much of an issue in automated-deployment situations.
I prefer that to what often happens with the GUI updater on my machine, where the name given is the first line of the package's description. e.g. "small, powerful, scalable web/proxy server" rather than "nginx"
I have to click on the line to see the actual package name in the more info section.
Because Canonical is starting to smell like enshittification. Nags and ads and withholding patches trying to goad you into buying premium.
They aren't content to just make a good product, it has to be disgustingly profitable. Once a company starts down that path, it's only a matter of time until the end user experience becomes completely intolerable. We've seen it happen so many times we had to coin the word enshittification to describe it.
Apart from very specific complaints like snaps, the hate is not for Ubuntu, the hate is for Canonical the company. People obviously still like and use Ubuntu, it's one of the pillars of the Linux community. Canonical has forgotten that in their plays for more money.
Really, Canonical has been going downhill for a long time. It just hasn't been bad enough to provoke this kind of outcry until the premium ads in the apt package manager.
If Canonical continues what they're doing, they'll see a prodigious loss of free users. That won't hurt them directly, but it will begin a slow and steady decline in enterprise usage. If it's so unpleasant to use Ubuntu at home, why would you use it at work if given the option? Ubuntu will stick around for a good long while and slowly get worse and worse as Canonical becomes more and more desperate.
Canonical as a whole has some very serious problems and I really don't expect them to survive long term. I'm not sure it's possible to fix a company once they're in that state.
Oh well, at least we have ten thousand other Linux distros to choose from.
I haven't used Ubuntu desktop in a very long time. Not since they first introduced Ubuntu One or whatever it was called years ago. I also haven't ever used Debian desktop. But as a CLI-only environment like a server, I find Debian to be completely indistinguishable from Ubuntu.
Personally I've been using Arch for a long time. I prefer it in basically every way, except the pacman interface is hot garbage compared to apt. I wouldn't recommend Arch for everyone, and I don't recommend the base Arch distro for anyone. Get one of the nicer arch variants like Garuda or Cinnamon.
> I've used Debian, but the installs feel so barebones. I love that Ubuntu has many of the common packages I need, yet it doesn't feel bloated.
Then install the packages you want? If it's not in Debian repos then yeah that's compelling, but otherwise you're describing one extra apt-get command (per OS install) that you stick in your notes and reuse every few years.
I personally use OpenSUSE and Manjaro as my daily drivers after switching from Ubuntu 3 years ago, and have yet to encounter any package problems that directly stemmed from not using Ubuntu. For everything else, there's always Flatpak.
Regular Mint and POP are Ubuntu based so if Canonical goes away tomorrow or more realistically bought by some big hostile company, what could you use? From the big distros run by foundations only Debian is truly community driven and OpenSUSE is independent but backed by a company. Fedora is owned by RH and can start doing the same bullshit as Ubuntu any day if they wish so. Arch and NixOS are community distros but both are kinda niche.
>so if Canonical goes away tomorrow or more realistically bought by some big hostile company, what could you use?
These are hypothetical scenarios and irrelevant to the context of this thread, which is about asking for Ubuntu alternatives now. The alternative doesn't have to be 100% community driven or completely detached from Ubuntu. It just needs to be usable without the nonsense of Ubuntu Pro or Snap.
> I was surprised at how nice the installer has gotten.
It’s pretty good, but adding two ESP devices gives the impression you’re getting boot redundancy and you’re not. Only one of them will end up with GRUB. Then, once you fix that, only the primary device will have an entry in fstab and SystemD will have a nervous breakdown if you try to boot off the secondary with the primary missing. Good luck supplying the root password for emergency mode because you probably don’t have one.
> It’s pretty good, but adding two ESP devices gives the impression you’re getting boot redundancy and you’re not. Only one of them will end up with GRUB. Then, once you fix that, only the primary device will have an entry in fstab and SystemD will have a nervous breakdown if you try to boot off the secondary with the primary missing.
How do you do that? The only way I know of is to use mdadm to RAID1 the partitions[0], but I wouldn't expect that to break the way you've described.
[0] This is also a bit fiddly; IME you have to pick a specific configuration so the firmware will read the result.
I left Ubuntu when they sent data to Amazon by default. Lately I'm pissed about how they push Snaps to the point of forbidding Ubuntu derivatives from using Flatpaks instead. It's one thing to promote your own solution, another to actively try to destroy the competition, that's Microsoft and Apple level bullshit.
But I thank them, they helped me move to Debian and I haven't looked back.
Funny to see Ubuntu offering "upgraded services" in the same vein.