Why I Plan to Ditch Ubuntu

Throughout the years I’ve used Slackware, Debian, Red Hat, Debian again, Ubuntu, Linux Mint and Ubuntu again. Except for that brief stint with Linux Mint, Ubuntu has been my distribution of choice since Feisty Fawn but lately I’ve been thinking about ditching it. Canonical has made a number of terrible decisions that have damaged Ubuntu’s value. In this post, I’m going to go over the issues I have with Ubuntu.

I actually first thought about ditching Ubuntu in early 2012. I had installed and worked with Ubuntu 11.10 for a bit but Unity proved so terrible at that time that I decided to give Linux Mint a try. I went back to Ubuntu when 12.04 was released because I felt that the costs of running Mint were greater than the benefits. (I plan to talk about Mint in an upcoming post.) So why am I again now considering ditching Ubuntu?

First, Canonical has diverted their resources to projects that are not desirable. Unity has proved to be a terrible waste of resources. I’ve come to this conclusion after having given it a very fair shot. I’ve used it for months as my desktop environment, but this past summer I ran out of patience. There are multiple ongoing problems with Unity, problems that have been reported on Launchpad months ago, problems for which there is still no fix in sight. A couple of prominent examples: menu bars that do not show up on the screen unless I tab back and forth between applications until somehow the bar manages to appear again, and window controls (close, maximize, minimize) that are not updated when new windows are displayed. The second problem has caused me more than once to close the wrong window. I click on the button to close a window, thinking I’m closing the window on top, which is maximized to take the whole screen, but in fact I’m closing the window under it, which is not visible! So I said “screw this” and switched to Gnome Shell. I’ve been with the Gnome Shell for a few months now. It is no paradise but with the right tweaks and extensions, it can be made to behave in an intelligent manner. On the other hand, the problems I encountered in Unity were bugs pure and simple. It is impossible to tweak around them. I have no plan to ever go back to Unity. Mir is another example of a Canonical project that should have never seen the light of day. There are plenty of problems with it, which I am not going to rehash here. Follow the links for all the gory details.

[This paragraph was edited to address Colin Watson’s concerns.] Second, while Canonical spends resources on ill-conceived projects, the rest of Ubuntu suffers. Take this security issue present in Ubuntu 12.04, which is a LTS release. This issue was fixed for Ubuntu 13.10 (Saucy). The Ubuntu Archive Auto-Sync brought version 1.9.13-3 into Saucy, and later a Canonical employee released 1.9.13-4build1. I’m not saying that the auto-sync or the employee were ever engaged in fixing the specific problem I reported but they released to saucy versions that in effect fix the security issue. Howeverthe response I get is that I have to contact “upstream” to get this bug fixed. Perhaps if Canonical employees were not busy scratching Shuttleworth’s NIH itches, they’d find the time to check their own records or talk to their colleagues. Why is it necessary for me to talk to upstream to get this fixed when there are already versions in Ubuntu’s repositories that fix the problem? These versions were put there first by their own synchronization software, and later by one of Canonical’s own employees? What external source can be more authoritative than these two? From where I stand, there’s an easier solution: dump Ubuntu and the extra layer of passing-the-buck that comes with it and install Debian.

The third problem is how Canonical has pushed onto users changes to Ubuntu that violate the user’s privacy. Yes, I’ve read the explanations from the apologists about how what it is doing is not a privacy violation. Canonical is free to redefine “red” as “blue” and “up” as “down” if that suits it. I’m still going to call a cat a cat. What Canonical is doing is violating the privacy of users. No amount of semantic figure-skating or sugar-coating is going to change this. In addition, Shuttleworth’s response “Erm, we have root” is the crassest thing I’ve ever had to misfortune to read. Mark, if you actually have root on any of my machines, what you are effectively saying is that you are actively engaged in breaking into my systems, that is, you are engaged in a criminal activity.

There are even more problems that I could mention. It is worth reading Micah F. Lee’s own reasons on his blog. I find myself agreeing with him.

7 thoughts on “Why I Plan to Ditch Ubuntu

  1. Colin Watson

    My no-source-change rebuild of uwsgi had nothing to do with fixing the security issue you mention, “effectively” or otherwise; it was part of a mass rebuild for PHP 5.5, as the changelog suggests. I had no particularly deep involvement with this package as a result of doing this – we’re talking here about tens of uploads prepared mechanically to update dependencies, nothing more. Any security fix here happened strictly before I came along to rebuild the package.

    Given that you’ve misunderstood the history here, perhaps you could edit your article to leave my name out of it, or at least correct the factual record?

    Reply
      1. Colin Watson

        Sure, I did. But before I did so, saucy (well, saucy-proposed at least) had 1.9.13-4, and before that it had 1.9.13-3, both auto-synced from Debian (https://launchpad.net/ubuntu/+source/uwsgi/+publishinghistory). I didn’t start with 1.2.3 and take a decision to upgrade it to 1.9.13. As I said, the security fix was already in our archive before I came along, and I wasn’t doing anything that would have made me aware of it. Here’s the total diff introduced by the script I was running at the time: http://launchpadlibrarian.net/145050322/uwsgi_1.9.13-4_1.9.13-4build1.diff.gz

        If you want to complain about universe not getting security updates in a timely fashion, that’s up to you of course (though it’s curious that http://people.canonical.com/~ubuntu-security/cve/pkg/uwsgi.html lists nothing, which is one of the usual ways to track this kind of thing – was there never a CVE assigned for this?), but you’re claiming that this was something that I was aware of and could have communicated to somebody else if only I weren’t doing something else. This simply isn’t true and I want to correct the public record on that. Rebuilds to correct dependencies are entirely unrelated to security work, and when I’m doing this kind of rebuild work it’s in bulk and it’s not realistic to go off and look for other bugs that might be fixable in the same package in some other release at the same time.

        Regarding “Shuttleworth’s NIH itches”, well, blow off steam by all means, but this kind of complaint tends to be rooted in a belief that developer effort is freely interchangeable: if only we weren’t working on a new display server or something we might be working on server security fixes instead. That’s not how it works. Quite apart from the fact that the work I was doing for the health of the development release isn’t remotely one of Mark’s NIH itches, even if I hadn’t been doing it I wouldn’t have been doing security work anyway since that isn’t my speciality.

        Finally, I was doing this work on my own time anyway! I’m certainly not paid to be working after 1am as that changelog entry shows. And I do not appreciate being hauled up for work I was doing on my own time as an unpaid contribution to free software because you have some general complaints about Canonical and feel that I would make a good scapegoat for them or think that I should be doing something else with my free time. Kindly leave me out of it.

        Reply
        1. Louis-Dominique Post author

          Sure, I did. But before I did so, saucy (well, saucy-proposed at least) had 1.9.13-4, and before that it had 1.9.13-3, both auto-synced from Debian (https://launchpad.net/ubuntu/+source/uwsgi/+publishinghistory).

          You’re right. I’m basically saying that you’ve done the upgrade when you did not. I’ll set that straight.

          but you’re claiming that this was something that I was aware of and could have communicated to somebody else if only I weren’t doing something else.

          No, I’m not claiming what you say here. It is the person who responded to the security issue who should have taken the minute necessary to check whether there was already a version packaged for Ubuntu.

          Reply
          1. Colin Watson

            Thanks for the corrections.

            I do think you’ve misread what Jamie was asking for in that bug, though. Security updates don’t typically consist of simply copying new upstream versions wholesale; many of our users would object rather vigorously if we did that, since lots of other things would change along with security updates. What Jamie is asking in that bug is not for somebody to locate the existing fix in the Ubuntu archive, but for somebody to prepare a *targeted* fix for stable releases that fixes just the security vulnerability and nothing else. Does that help to clarify why it wasn’t just a matter of the security team checking their records?

            Reply
            1. Louis-Dominique Post author

              I’ve trashed my earlier reply.

              Here’s the thing. Upgrading to the version in Saucy fixes the bug I’ve reported. The question is “is this going to be disruptive to the users?” If the security team needs to talk to upstream to ascertain this, it makes no sense to have any such discussion have to transit through someone who’s a bystander in all this (me). I can’t talk for upstream and I can’t talk for the Ubuntu folks. My experience was that I upgraded to the latest version and the bug was gone.

              I note that Quantal went from shipping uwsgi 1.0.3 to 1.2.3 during its lifetime. Presumably, someone decided that such upgrade was not going to be a problem.

              Reply
          2. Colin Watson

            … and, for what it’s worth, Debian has the same policy for security updates to stable releases, in general. Indeed the approach we use in Ubuntu was inherited directly from there.

            Reply

Leave a Reply

Your email address will not be published. Required fields are marked *