Computer Security: Just One of the Reasons I Prefer Fedora to Ubuntu

This is a whiny review of Ubuntu 11.04. You have been warned.

With the recent release of Ubuntu 11.04 and the Unity desktop environment, I quickly realized it was time to get my CD-Rs ready! As a Fedora user, I’m definitely a fan of new things. Aside from that, it’s always good to keep an eye on what’s happening in the rest of the Linux world.

The first thing I noticed is that Ubuntu has now taken to product placement, with name-brand computers on their homepage. Okay, fine–you have to make money somehow. But the first thing that really stuck out was how difficult it is to find the CHECKSUM for the download. And nowhere do they even suggest that it’s a good idea to verify your download. Granted, Fedora stopped suggesting it as strongly as they once did, but at least there’s a (small) “Verify Download” button on the main download page. I’d like to see all the distributions recommend verification as part of the download process; it’s usually unnecessary, but it’s usually also easy. A damaged ISO file has the potential to cause great headaches, and it might just turn off a potential user if the installer doesn’t work for some reason they can’t figure out.

Then I decided to give 11.04 a try in a virtual machine, just running the “live CD.” I have to admit that I like the interface. It’s a little confusing at first, but it’s nice after you realize what they’re trying to accomplish (as I read it: a clean, easy-to-use interface for portable and desktop computers alike). As a side-note… the KDE user in me has to take note of the feature-removal that went on here, even from GNOME 2 to Unity, but that was more or less expected.

The next two strikes for 11.04 came as I tried to install it: I couldn’t find the buttons to setup LVM or LUKS (advanced hard drive management and hard drive encryption software). After some searching, I discovered that–lo and behold–I downloaded the wrong ISO image. If you want support for LVM or LUKS in Ubuntu 11.04, you have to download and use the text-based “alternate installer!” While Fedora switches everybody to LVM by default, with LUKS and software-based RAID just some button-clicks away, Ubuntu removes them from the primary installation ISO, and from any graphical installer. Maybe those options were never available through a graphical installation, but this is the kind of feature removal with which I cannot sympathize. When installing Fedora, you have to click buttons and choose to put yourself into a situation where you might run into the troublesome confusion of dealing directly with LVM. Why wouldn’t Ubuntu do the same? After all, they also let you go to the trouble of setting up your own partitions! Maybe it’s a space-on-the-CD issue…

But 11.04 does add a new and interesting feature to the installation application: it’s multi-tasking! I thought the pre-installation configuration was going too quickly; all I did was set up the partitions, and it began to install. But I was misled–the rest of the configuration was simply saved until after the installation began, so that, while I was inputting information about time zones, keyboards, and users, my computer was already busy installing my new OS. A nice step forward!

To round out my whining, and to return to computer security, there’s SELinux. Fedora ships it by default, but Ubuntu doesn’t. Sure, Fedora’s SELinux setup may not be as strong as it could be by default, but it’s more secure than nothing (I mean… AppArmour), and it can be easily ramped up.

I once read a quote that goes something like, “What can the average desktop computer user do to help secure their information in the age of the Internet? Nothing, they’re screwed.” That might be true for most cases, but SELinux is a step in the right direction, and only Fedora (and Fedora-based distributions) use it by default. Plus… have you ever tried to enable SELinux in Ubuntu (or openSUSE, or Debian?) I have, and it’s a pain unless you know what you’re doing–and I don’t.

Many of these things aren’t new to Ubuntu 11.04, but this version has pushed me to wonder why it’s the case. Surely Ubuntu isn’t “selling out” just so they can solve their fake Bug #1 at any cost? So what is going on here? Hmm…