Ubuntu Long Term Support Announcement Begs Security Questions
Canonical's announcement that Ubuntu long term support will span a decade must be considered in the context of hardware, the cloud and CI/CD.
March 5, 2019
One of the criteria for evaluating any kind of IT platform is support. This may be especially true when it comes to operating systems. Support over the long haul may seem like a good thing, but it could have significant security implications. Case in point: Canonical has made a move that comes with a double-edged sword of maintenance: Its Ubuntu long term support will span a decade. This is unheard of, and the implications are staggering.
Canonical's recent announcement that Ubuntu 18.04 will be supported for 10 years is a shot across the bow of operating system vendors across the planet. Canonical founder Mark Shuttleworth announced the extension--from five years to 10 years--at OpenStack Summit, and suggested that other LTS versions of Ubuntu may receive similar support extensions.
OS versioning has long had incongruities, with OS support lives that have long frustrated security, help desk support and end users alike. It seems like just when an OS release is stable, secure and full of decent software and drivers, a new release looms, sugared with fawning and teasing tidbits. This was the case with Windows XP, which became XP2, XP3 … and was moderately stable--or so it seemed.
Soon after XP’s final stability era, Windows Vista arrived. It was widely panned, and Windows 7 emerged. Windows 7 lasted a long time, only recently running to end-of-life support. In the interim came Windows 8 and 8.1. Windows 9 was skipped for marketing reasons. Then Windows 10 emerged--first free, then with successive patches that nearly amounted to new versions, but were still named Windows 10 except with build numbers and ostensibly catchy version names. Many Windows 10 versions worked, but a few of the updates were released without much regression testing, leading to mind-numbing patching, fixing and even the rare apology--along with long delays.
Since Windows XP emerged, hardware changes have come fast and furious. The computing industry changed from 32-bit memory models to 64-bit. Hardware went from small spinning disks to huge ones, and solid-state drives emerged. Raster sizes went from 640x400 to HD and even 4K densities. USB-1 went from creeping speeds through the vagaries of USB-C and beyond. GPUs became entrenched. Intel lost its grip, and ARM designs led the world as sub-PC form factor computing devices have become the norm. Networking speeds went from 10Mb/sec to 10Gb and beyond. Nothing became slower.
Microsoft has offered a moving target of Windows 10 Long Term Support Branch support offerings, but they’re not popular. And, as currently applied, they support current, not future, hardware possibilities.
OS server edition releases have been more stable, although often with periodic feature enhancements that add usability but also new feature timelines that spell upgrade headaches for admins and security personnel.
Much can change in a decade. The onus will be on Canonical and others that might follow its lead to keep up. However, if you’re a vendor seeking a unified platform that services devices from tiny IoT through to throw-away cloud constructs, the ploy might well suit you. Regression testing and new platform/CPU support will be costly for them, however, as the matrix of supported platforms and the methods of innovation aren’t slowing.
Apple will miss this boat. Although its OS offerings are free, Macs made as recently as 2012 do not support the latest OS versions. IoT and industrial devices aren’t part of Apple’s portfolio. There are no cloud instances of Apple’s macOS or iOS, no Docker fleets managed through OpenStack and Kubernetes (except on developers' laptops). Instead, there are Apple watches and Apple TV consumer devices. Nothing Apple makes controls industrial production equipment, or even driverless cars. Would these be updated for a decade?
Was the Canonical announcement made to discount the value of IBM’s acquisition of Red Hat, along with Red Hat’s highly evolved enterprise fleet of operating system attachments? Red Hat is slow to make major releases of its platform. And, as Oracle has found, lifting all supported boats isn’t simple to do. Making Red Hat perform identically across its fleet of supported platforms isn’t simple. There are organizations that seek to have a single vendor with a single methodology and a largely singular code base across a vast platform--one bit of code to write, one unchanging OS substrate for that code.
It’s a lesson in depreciation. A decade of LTS can bring simplicity, but it's also a compelling reason not to have to rewrite and reinvest in code bases across a long stretch of time. In the olden days of computing, a constant reinvestment in code was seen as an unnecessary expense. Agile and other CI/CD development methodologies are aided by a constant substrate of operating system platform constants.
Applied across the wide strata of hardware and cloud that Canonical supports via Ubuntu, a decade of support is both a welcome and daunting proposition. Will such a long-term support program take the wind out of the constant nervosa and grandstanding by other operating system developers? Will incremental buckets of fixed software, mixed with a few new dog bones tossed in, remain as our denominator of major operating systems releases? Can rigorous regression testing across a supported base of stated hardware compatibility lists be maintained for a single OS version release?
A decade from now, we’ll have Canonical’s support metric to answer these questions. How old will your installed hardware be? Will hardware differences be cut because OS instances will be largely in the cloud, where there’s less hardware permutation? Ask me in a decade.
About the Author
You May Also Like