Episode 116: As Seen in Apt
23:54 Share

Hello and welcome to another episode of Linux Lads. This is episode 116. This is Conor and I'm joined by Mike and Amleth. Mike, apparently Ubuntu Pro is advertising in its package manager. So that itself is not new. That's been there for a long time. I've just, you know, when I was doing research what to do for this episode, we kind of go through the news for the last few years.

You know, through the last few pages on some sites, and I saw this article on OMG Ubuntu. According to this article, people get annoyed when they run that GUI updater in 2204 in DLTS and see packages that are suggested as updates, but they can't install them unless they sign up for Ubuntu Pro. Right.

I tried to reproduce it both with 22.04 and with 23.10 in a virtual machine. I couldn't get it. It didn't show up for me. It's possible that it detects a virtual machine or I don't know, maybe I did something wrong or maybe you have to wait a little bit after install. I'm not sure. What I do know is that when you run it in a server, you get these, what do they call the ESM message, basically. It just tells you...

if you sign up for Ubuntu Pro, you can get these extra packages. Now, us in the know, who've heard about this for a long time, so the Ubuntu Pro, what it does, basically, you know, you have different repos for Ubuntu. You have the main repo where there is, like, Ubuntu-maintained open-source software. You have restricted, where you get

non-open source software that ships with Ubuntu and then you get universe and multiverse universe is community supported open source software for which Canonical say they do best effort for what you call for security updates but if you get Ubuntu Pro they will give you the maintenance for I think up to 10 years right so you get 10 years of security updates even for the universe packages

Which, and you don't have to, you know, if you just have like five PCs, you don't actually have to pay for it. It's for free. But it does confuse people because people who don't know about this, they see that they have some pending security updates and they are unable to install them. And they don't necessarily know what Ubuntu Pro is. So...

The question is, what do you guys think about this? I also put another example of, in the show notes, there's a picture basically just a screen grab from what you do when you get a

NPM package installed. And it will also tell you that there are packages that are looking for funding and also account vulnerabilities, kind of a slightly different approach, but it's still using the package manager to maybe ask for something, to doing some maybe advertising, marketing, announcement, something that is outside of the scope of what you would necessarily think that a package manager should do.

Now, like, is it okay? Because Windows had us all desensitized, or desensitized, whatever, I can't say that word. So Windows basically made everybody so numb to it with all those adverts that, like, you know, who cares about a little, you know, a little much more subtle advertising? Or is it still a problem because this is exactly why we like Linux, that it doesn't do this kind of stuff? Or somewhere between.

For me, I believe before now it was for extended support. So they're like, you have an LTS. An LTS means that you're going to get four years of package support, which was the traditional model. If you want to support beyond that, guess what? We have a new LTS and you just upgrade to that and then...

continue on like that. But for whatever reason, due to hardware requirements or peripheral that you've plugged into that the drivers have been built on your LTS and you don't want to go through the hassle of rewriting the driver or whatever, they're like, oh, you can just keep paying us and we'll just continue the package updates for that. That I can understand. But it seems to be that they're going with a slightly different model with this and...

Or maybe it's just subtly different. But the way it encroaches upon the user, I do not... Yeah, it's a strange one for me. It comes across as confusing. So for me, as from an end user's perspective, if I saw something like this and they see these messages coming up and they're like, oh, does this mean that I have to pay for...

all upgrades from now on going forth or something like that. To me, the way they phrased it is not necessarily that clear. I guess where they're coming from, but I do not think it's that clear. I think the way they present and word the message needs improvement because it's not very understandable for normal non-technical people who might come across that dialogue.

But at the end of the day, Canonical is a for-profit private company, private for now, at least. And Ubuntu is their product, so they're perfectly within their rights to do this and much worse.

for all I care, they can make the desktop background a big advertisement for Ubuntu Pro. I wouldn't like that, but I don't use Ubuntu. Or they could start advertising for Amazon. Oh, too soon. I also, I'm not super happy

happy. Again, I don't use Ubuntu. I don't have a stake in this, but I think the way they've implemented Ubuntu Pro, the model of how it works is not great. I think it was Phelan from Late Night Linux who mentioned it, but it might have been one of the other hosts. There's a company called Freesian, maybe? F-R-E-E-X-I-A-N. It's a company that specializes in Debian support, and

I think it was created by Raphael Herzog. That might be how you pronounce it. He's the person who wrote the Debian Administrator's Handbook. It's a great resource. But the way their extended support model works, if I remember correctly, is there are some packages that need to have security fixes backported to previous versions of Debian. So they say, okay,

There's this thing we need to do. It's going to take probably about this long, so we need this much money to make it happen. They don't care who pays them that money. They don't care how much individuals contribute to that pot. But once that pot is full, they'll do the work and then release those backported fixes to everyone. They'll just make it available to anyone who has paid, who has not paid.

doesn't matter. All they care about is that they have the money to do the work. And I think Ubuntu Pro would be much better if they adopted that model. But at the same time, I do also understand that they probably end up making more in the long run through this monthly subscription model rather than one-off sprints, sort of. Mike, any closing thoughts?

Not really. I'm kind of, yeah, I'm undecided on this. Like, there is somebody in, the OMG Ubuntu article quoted somebody from Canonical and they were saying, well, if you are running WordPress from our universe repos, wouldn't you want to know that there is a vulnerability and that there is a pathway for you to get it fixed?

You know, wouldn't you want to know? Because if you switch that off, what you get is a set of packages that are going to get updated, and you might notice that your universe package is not getting any updates, or you might not. If you run the updater and you see that it suggests packages that would be getting updates if you had that service enabled, that might be beneficial for you. Now, yeah, I don't know. I'm not decided what to think about that.

I mean, the enterprise support model, which is sort of what you're describing there, is long established. It's nothing new. And I have no objections to it whatsoever. It's because I'm not in that position. I'm not in charge of a corporate IT department or even a small, like you described, let's say, a public library or something where they're deploying capabilities.

computers for the community for people to use an internal WordPress site or something like that. Once you get to a certain level of scale, it would make sense. They're like, okay, if you want support, then pay for the support. But...

my objection to this would be again I'm using this as an example which Michael you've objected to me in the past but imagine a very non-technical user somebody's granny who literally just clicks on Chrome and goes oh I get to see my son's photographs that's fine that's all I use my computer for what is this message that is coming up that's asking me for money for software updates

it's in that sense it's not very clear it's what i'm what i'm saying that's the problem right so i don't i i flew in uh wordpress as the example i was quoted in the article but necessarily it's not wordpress it can be anything like there's so much stuff in that in those repos and it can be something that you use on your personal computer it doesn't have to be you know you don't have to be running a service for anybody else you might just be using your computer as a gaming desktop and there might be a package from universe that you pull now it

the example of the grandma that looks at it, that person, so basically to me, that person probably shouldn't be having anything from universe installed. If I understand how the idea of Ubuntu kind of is, is that if you were using a computer for something so basic, like running Chrome and

and emailing your kids, then probably you should have everything just from the main and maybe the restricted repos, but you shouldn't have anything from universe. Okay, yeah, yeah. In which case, it's a good idea, it would be good to know if you would still see the adverts in it. Because, you know, on one hand, yeah, you are absolutely right, there shouldn't be anything in something as important as a package manager to confuse

especially people who are not sure what they are doing. Somebody did quote it there, saying that their dad was running Ubuntu and called them because they got confused. Like, how is it possible that I can't select these important updates? So,

It could be definitely managed, but I think it could be managed in a way that people who don't have any of these packages don't see this advertisement. But yeah, I don't know. It's still a tough call. I would definitely want to know that a package that I have...

has a security update and that I'm not getting it. I would like it to know definitely, like, that's 100%. How you explain it to people without making them more confused is a different matter, right? I would like to be given the choice to make an informed choice whether I want to sign up for Ubuntu Pro, which is not necessarily...

you know, a question of money. It's free for some amount of computers, I guess. Yeah, they say free for up to five machines. So, you know, without making it sound like too much like a human advertisement, but like, I think it's the messaging that's the problem. Like, firstly, a lot of Linux users are going to be annoyed if they see any announcement in the package manager. Like,

To people who are used to checking vulnerability databases, checking advisory notices, checking what the updates are actually about, and to people who are used to looking after their packages, after what's installed on their system, this is a superfluous shit that shouldn't be there. On the other hand, the people who could benefit from it are anecdotally getting confused and angered.

I think the messaging is definitely mismanaged there. I think. I'm not sure. Again, I wasn't able to reproduce it. I saw it in the welcome screen. But anyway, I didn't see it in the package manager and I only saw it in the command line one and...

I guess that's there I don't know but then you know I know what it's about so it's it's kind of different yeah I'm while you're just speaking there I was just looking at the screenshot which you included in the notes and it says upgrade this machine to Ubuntu Pro for security updates on a much wider range of packages until 2032 and it goes into more technical detail which uh

and then free for up to five devices. The two options are enable Ubuntu Pro, skip for now. Skipped for now just from a user interface point of view just seems like kicking the can down the road. It's like, yeah, yeah, yeah, fine, stop annoying me. If it is the case of if you come to a point where it's like, okay, you're using this LTS, this LTS has finished its four years of support,

uh sign up for ubuntu pro to continue updates on this on this uh version of ubuntu or however they want to phrase it and one of the options is or upgrade to the new lts and you can continue on for another four years for free that would be a valid option i would think i think it's five years but yeah your point is yeah yeah uh

Yeah, it's more... Even within the first five years, there are packages that you might not be getting security updates for, I guess. It's all too complicated. Even I had to look up what the actual different repos are in Ubuntu. Yeah, it's a bit... The messaging, what I put in the show notes is...

It's like the welcome screen after you install LTS Ubuntu. This is the first screen that you get. Or one of the, you know, the welcome window and it's maybe number two, number three, I don't know, right? I would say upgrade this machine to Ubuntu Pro security updates on a much wider range. You know, that kind of thing. It doesn't...

It's a marketing thing. And I think that when it comes to security updates, we should tone the marketing down and just be very extremely clear and straight. And, you know, but then that's not how capitalism works. So, you know, that's not how anything works. So that's a problem.

In other news, I've been poking and prodding, I won't say using exclusively, but I've been using it a decent amount. There is a new, well I don't know how new it is, but it's new to me, Firefox fork called

I want to say. It appears to be developed by a Japanese company. And it's kind of Firefox, but I don't know if it's subconscious, but it seems to be faster than Firefox for some reason to me. It has some nice things, like it has its own...

theme and you can also apply previous Firefox themes. So if you didn't like the UI direction or the teaming direction that Firefox has gone in lately, there's options in the Florp teaming to just go back to the way it was before. So for people who like that, that's good. Unlike things, and they do say that they have

like sensible extensions enabled by default and it's secure by default and everything like that. But unlike LibreWolf is like we're a Firefox fork, but we're more secure. Unlike that, it actually supports Firefoxing

Have you guys any exposure with Florp, or have you tried it out? I'd never heard of it until just now. I've only seen it when you put it in the notes, yeah. Well, I mean, for a habitual distro hopper such as yourself, having a

BrowserSync is kind of essential. Yes. I don't have DistroHop all that much, but I've been having to install a bunch of virtual machines. And yeah, no, I can't imagine not using FirefoxSync. Yeah. And this is...

but I'm not so... I like Firefox, but I approve it pretty much the way it is. I have one or two major issues with it, but yeah, no. This looks a bit like somebody looked at Vivaldi and thought, maybe I want something that is Firefox, but a bit more like Vivaldi, which is not a bad thing. I like Vivaldi. Yeah, totally.

That could also be subconsciously why it was speaking to me as well, because I also do like Vivaldi. It looks like they took inspiration from some of Vivaldi's features. Yeah. I like the sidebar and the vertical tabs. They look nice. And the stacked tabs in the top bar is interesting. I don't know that I would like it or use it, but it's interesting.

Yeah, it's definitely good that people are experimenting with and inventing new elements in a browser UI and UX because that is the most used application, at least for me, is the browser. And that definitely can do with continuous improvements.

The article does call out something. It says, quote, The article... The way that's worded...

that it's a feature specific to FLORP, but it's not. It's at the very least present in version 1.23, but that is something from upstream Firefox that it already has. Firefox view open tabs from other devices and stuff like that. Yeah, I

I'm running the distribution version of Firefox, which is 122.0 on Linux, and that has it. Also, yeah, that completely makes sense from the wording of it, because they say you can use this floor feature that speaks to your Mozilla account. I'm like, why would it be an exclusive floor feature if it's using the Mozilla account? Yeah, yeah.

I've also been checking out Thorium as well. So that's the Chromium-based browser that I have open. I will briefly say I've been messing with Hyperland. It's a featureful, eye-candy-full Weyland compositor.

and it's been a super wonderful experience. I love the animations. It has touchpad gestures like macOS for swiping between workspaces. That's something I've always wanted ever since using it on macOS, and Hyperland has it, and it's been great. Finding Wayland equivalents to X software has been annoying a little bit,

It's been fine for the most part. There are good equivalents for the most part. But like screen capture tools, I haven't found anything as good as Flameshot. Flameshot is supposed to support Wayland, but I haven't gotten that working yet. Maybe it's on my end. I don't know. The other screenshot tools I found have not been great. Yeah, I've also experienced that as well, that Flameshot works in X and kind of sort of works in Wayland, but not quite.

when I was on Wayland and Gnome, Flameshot would just hand off to the default inbuilt one in Gnome, which I believe is Gnome Snapshot. That's by default. Anything in Gnome will do that because Gnome developers decided that that is the way. Of course, that does not surprise me at all. Yeah,

As far as I know, any screen capture tool in GNOME is, at least for now, going to be a two-step thing. Unless it's Snapshot, and probably then it's a one-stop. If it's the one that's built in GNOME, then yeah. For me, I just...

I'm now using Spectacle because that just is built into KDE and has all of the features that I want. Mainly was using in Flameshot as well. Flameshot has very good annotation features and Spectacle has not quite the same amount but still has pretty decent annotation features as well.

Also, with Spectacle, I can set up a custom keyboard shortcut for drawing a snip rather than capturing the full screen. So I just use the keyboard shortcut, draw the snip, and it copies it to my clipboard and... Shift-Command-5, yes. I have... Yeah, Flameshot, it installs and everything, but unfortunately, because I have fractional scaling on my laptop, it basically... You make a screenshot...

And the actual whole screen turns up to be like, I don't know, a fraction of the screen basically. It's weird. I don't know if that's something I can fix or if it's just waiting for more dev work. Not sure. Now, I have not tried gaming on Wayland. I don't have super high hopes for it, but I just wanted Hyperland to be like a pleasant place to work.

So not being able to game is a good thing. Not even trying to game is a good thing too. I'm just going to leave that for X for now. And I've also heard that the Hyperland community is pretty crap. I've also heard that the creator of Hyperland is pretty crap. I don't remember all of the details. Some of the context is probably forgotten, but from what I remember, something happened with...

maybe the creator changing the name and pronouns of one of their, one of the community members without their consent. I guess they go dead named and, uh,

One second. You know what I'm going to do? There was a Drew DeVault, Drew DeVault looked into it and he has a thing on his blogs from last September. So I'm just going to link to his article for the show notes to give context. There's a lot of text here. So I think there was a bit of a back and forth between him and the lead dev of Hyperland.

And the whole thing was about, well, I don't want to moderate, because I don't want to create a code of conduct and do the whole thing. You should, and so on. Yeah, so just be aware that the community is probably something that should be avoided. But I have not interacted with the community at all. I haven't needed to. Their documentation's been pretty good.

probably a good time to uh wrap things up so this has been another episode of LinuxLads um as always if you want to get in touch with us we're show at linuxlads.com we are on Macedon linuxlads at foscedon.org uh we do have a fairly active telegram group um if you want to get in touch with us there um

If you would like to support the podcast, you can do so. Details of which is on lillingslads.com. So until next time, say goodbye, guys. Bye. Goodbye, guys. Namaste.