Canonical on Ubuntu 'Bionic Beaver' 18.04 LTS and its controversial changes
With ongoing plans to take Canonical to IPO, we spoke to the company behind Ubuntu about the latest release
Proprietary creep and encryption changes
Will, did you notice from the desktop survey whether you had any feedback about what apps people felt were missing generally in the Linux world?
WC: It’s tricky to say. Because the people who responded to that survey are obviously already Linux users, and so have already come to terms with the fact that there is no Microsoft Office, and there is no Photoshop, and there is no whatever music packages – you know, those kinds of things that people are used to using on Macs and Windows.
So I don’t think it’s really a fair reflection on what applications might be missing from the Linux ecosystem, because people have already made that decision to get in bed with Linux and accept some of the drawbacks in order to benefit from a lot of the advantages.
The common request is always around Microsoft Office. LibreOffice does provide good compatibility with that. So I think that’s more of an educational problem than it is a technical one. But by and large, there are always free and open alternatives to the proprietary applications. I think it’s just about getting the word out there, and letting people know that these applications exist.
I think the snap store is a good way of doing that, because it gives you a centralised place to go looking for applications, rather than searching around on Google and finding something by accident. We can promote the applications, and indeed, we do that through our snap advocacy team. They regularly go through the new applications to test them out. They find the new and exciting one, and they post about them on the Facebook channels and Twitter. We put it on the front page of GNOME software. So we’re able to expose a much wider variety of software to our users than they have been able to access in the past.
So the missing applications? There are alternatives, and we just need to be able to get the word out.
It’s an interesting situation that you’ve got, because snaps is a format that obviously allows proprietary products to come to Linux much more easily. Do you not feel that there’s a danger that it creates no inclination to open [source] up those products?
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
WC: At the end of the day, it’s the users that are going to choose which application they want. We’ve seen a lot of interest in Spotify, for example. It was there, anyway. We’re just making it a lot easier for people to get their hands on it, and indeed they do want to get their hands on it.
From a pragmatic point of view and from a user-friendliness point of view as much as anything, given that all of the other tools that you might need – if you’re a web developer, there are dozens of IDEs. And as we’ve already said, you’ve got the browsers, and you’ve got the back-end database. If what’s stopping you from using Linux is because you can’t listen to Spotify or you can’t use Skype or something like that, because you have to for work, then absolutely, let’s solve those user cases and open it up to more and more people.
The one that I wasn’t sure about – isn't there a filesystem encryption change? What's the reason for changing to fscrypt?
WC: Yeah, this is eCrypt. I think that’s the one that was, or is, demoted to Universe from Main. So this was the ability to encrypt your home directory from within the installer. [...] The problem with eCrypt – well, rather, the problem with home drive encryption was that we had full disk encryption and home drive, home directory encryption. And those two things were a bit confusing to people. Like: why would I want to do one over the other?
And obviously, encrypting your whole disk is more secure than just encrypting your home drive. So home drive-only encryption was less preferable, or is less preferable. And the eCryptfs application modules themselves are, as far as I know, either not maintained upstream anymore, or are not attracting as much investment now than they were in the past.
So I think the general quality of those packages has decreased. So the security team were of the opinion that it’s not good enough to keep in main anymore. And so if it’s not in Main, it goes into Universe. And then you’re not able to include it by default in the ISO image, because it’s not deemed to be of sufficient quality.
So the knock-on effect is that we then can’t do this home directory encryption from the installer.
UPDATE: “It would be unfair on our users to keep ecryptfs in main for 18.04,” Cooke confirmed later in an email. “If we cannot be 100% certain that it will be supportable for the duration of the LTS life. Whole disk encryption provided by, for example, ext4’s native encryption [LUKS], provides a more secure, lower overhead solution which we think is a better option for users.”
Ubuntu’s position is that full disk encryption using Linux Unified Key Setup-on-disk-format (LUKS) is the preferred method and eCryptfs has been moved from the main repo to universe, if you still want to use it. Currently, Canonical has confirmed that fscrypt is not considered mature enough to feature in 18.04 but will be a target for 20.04.
Chris Thornett is the Technology Content Manager at onebite, editor, writer and freelance tech journalist covering Linux and open source. Former editor of Linux User and Developer magazine.