Computer Security: Just One of the Reasons I Prefer Fedora to Ubuntu

This is a whiny review of Ubuntu 11.04. You have been warned.

With the recent release of Ubuntu 11.04 and the Unity desktop environment, I quickly realized it was time to get my CD-Rs ready! As a Fedora user, I’m definitely a fan of new things. Aside from that, it’s always good to keep an eye on what’s happening in the rest of the Linux world.

The first thing I noticed is that Ubuntu has now taken to product placement, with name-brand computers on their homepage. Okay, fine–you have to make money somehow. But the first thing that really stuck out was how difficult it is to find the CHECKSUM for the download. And nowhere do they even suggest that it’s a good idea to verify your download. Granted, Fedora stopped suggesting it as strongly as they once did, but at least there’s a (small) “Verify Download” button on the main download page. I’d like to see all the distributions recommend verification as part of the download process; it’s usually unnecessary, but it’s usually also easy. A damaged ISO file has the potential to cause great headaches, and it might just turn off a potential user if the installer doesn’t work for some reason they can’t figure out.

Then I decided to give 11.04 a try in a virtual machine, just running the “live CD.” I have to admit that I like the interface. It’s a little confusing at first, but it’s nice after you realize what they’re trying to accomplish (as I read it: a clean, easy-to-use interface for portable and desktop computers alike). As a side-note… the KDE user in me has to take note of the feature-removal that went on here, even from GNOME 2 to Unity, but that was more or less expected.

The next two strikes for 11.04 came as I tried to install it: I couldn’t find the buttons to setup LVM or LUKS (advanced hard drive management and hard drive encryption software). After some searching, I discovered that–lo and behold–I downloaded the wrong ISO image. If you want support for LVM or LUKS in Ubuntu 11.04, you have to download and use the text-based “alternate installer!” While Fedora switches everybody to LVM by default, with LUKS and software-based RAID just some button-clicks away, Ubuntu removes them from the primary installation ISO, and from any graphical installer. Maybe those options were never available through a graphical installation, but this is the kind of feature removal with which I cannot sympathize. When installing Fedora, you have to click buttons and choose to put yourself into a situation where you might run into the troublesome confusion of dealing directly with LVM. Why wouldn’t Ubuntu do the same? After all, they also let you go to the trouble of setting up your own partitions! Maybe it’s a space-on-the-CD issue…

But 11.04 does add a new and interesting feature to the installation application: it’s multi-tasking! I thought the pre-installation configuration was going too quickly; all I did was set up the partitions, and it began to install. But I was misled–the rest of the configuration was simply saved until after the installation began, so that, while I was inputting information about time zones, keyboards, and users, my computer was already busy installing my new OS. A nice step forward!

To round out my whining, and to return to computer security, there’s SELinux. Fedora ships it by default, but Ubuntu doesn’t. Sure, Fedora’s SELinux setup may not be as strong as it could be by default, but it’s more secure than nothing (I mean… AppArmour), and it can be easily ramped up.

I once read a quote that goes something like, “What can the average desktop computer user do to help secure their information in the age of the Internet? Nothing, they’re screwed.” That might be true for most cases, but SELinux is a step in the right direction, and only Fedora (and Fedora-based distributions) use it by default. Plus… have you ever tried to enable SELinux in Ubuntu (or openSUSE, or Debian?) I have, and it’s a pain unless you know what you’re doing–and I don’t.

Many of these things aren’t new to Ubuntu 11.04, but this version has pushed me to wonder why it’s the case. Surely Ubuntu isn’t “selling out” just so they can solve their fake Bug #1 at any cost? So what is going on here? Hmm…

Advertisements

9 Comments

  1. The Ubuntu graphical installer has never had support for LVM or RAID , nothing new with 11.04.

    SELinux has also never been installed/enabled by default. They’ve decided to go with AppArmor from the start.

    As for the checksums, they’ve also never been present on the website AFAIK, but always there on http://releases.ubuntu.com

    I do not know what you mean by “selling out” to be honest :|

    They are trying to attract Windows/Mac users to the free software world.
    I was introduced to it via Ubuntu as have several others.
    Some move on to other distros ( eg: me, I am on Debian now)

    Is it a bad thing if they try to appeal to new users ?

    • > how difficult it is to find the CHECKSUM for the download.

      Just do the md5sum, then copy-paste the alpha-numeric result to google.com from Konsole…for ANY distro, I’ve found this easier than manually navigating to look for their “checksum webpage”.

      > And nowhere do they even suggest that it’s a good idea to verify your download.

      WRONG, Ubuntu does, but only on one of the download pages, but I agree it’s confusing that that their website lets you use 2 different webpages to make the same type of downloads (with both webpages having choices such as 32 or 64-bit, etc).

      > the KDE user in me has to take note of the feature-removal that went on here, even from GNOME 2 to Unity

      So grab Kubuntu to get the KDE desktop (duh) as ya already know that’s what you prefer.

      > The next two strikes for 11.04 came as I tried to install it: I couldn’t find the buttons to setup LVM or LUKS

      …and your irrational review already has THREE strikes against it in my book, so I stopped reading your nonsensical muck-raking which is befitting of an old yenta who has lost half her mind. ;-P

      The Ubuntu website’s download section clearly states in numerous places that you need the ALTERNATE CD FOR LVM etc, so don’t blame them b/c you didn’t Read Their F’in Manual which is a n00b fucktard move.

      Forgive me, but I can write a “whiney” review too (whining about your admittedly “whiney” review haha).

      BTW, you’re still downloading CD’s instead of using a live-USB haha ROFL??? What a n00bian. (or at least burn a DVD, which will have the live-desktop AND LVM/LUKS/mdadm and now costs just a few CENTS more for DVD-R than CD-R)

      Live-USB is so much faster than using live CD/DVD, is editable, harder to destroy than a CD/DVD, and WOULD HAVE AVOIDED YOUR NEED TO WHINE ABOUT THE FACT THAT — since *buntu (and all distros) CANNOT pack each type of CD with more than 700MB of the most popular packages (duh)– THEY “MADE” YOU WASTE TIME WITH THE WRONG LIVE-CD (time is money, worth the cost of an extra USB-stick)…

      What, you live in Africa & can’t afford a $10 8GB USB-flash-drive?? Or you just don’t know how to create a live-USB despite that UNetBootin makes it as easy as making coffee now (and UNetBootin makes it UNIVERSAL for nearly every distro, too)? You’d have avoided this last problem that you bitched about with a simple USB-stick, FFS, by downloading the DVD-image to USB, which has MORE than what fits on the alternate-CD AND live-CD combined (the live-CD has many things that aren’t on the Fedora, SuSE, etc live-CD’s: duh, that’s why they felt a need to move the LVM/LUKS/RAID –which few of us use– to a different CD)
      …and as software gets ever more complex, FOR EVERY DISTRO you’ll eventually need to either DL >700MB to a USB or DVD, or an empty HDD/SSD partition, or rely on the internet to transfer the packages you want which weren’t popular enough to fit onto any flavours of the 700MB installation-CD’s.

      Well, if you write “whiney” reviews, then it’s no surprise that most of us here have been responding in kind.

  2. What kind of additional security does SELinux add for a desktop user?
    Also wasn’t it written by the NSA which now recommends MS Windows are a secure OS to people?

    What made you think Ubuntu is selling out *now? People have been saying Ubuntu is not Linux since 2004/5. Guess what they were and still are right. If they actually want to “solve” Bug#1 they will have to take control of everything (or at least as many software as possible) they distribute. Like Mac OSX does.
    Do you honestly think there is another way?

  3. SELinux doesn’t really fit with the whole ‘really easy to use’ philosophy though. SELinux denials, diagnosing them and figuring out whether some packager’s mucked something up or if you’re trying to use a configuration that requires a change in your security policy is not exactly something for a novice to do. I’ve recently started to appreciate its value, so narrowly avoided turning it off completely, but it’s still a pain sometimes.

  4. “But 11.04 does add a new and interesting feature to the installation application: it’s multi-tasking! I thought the pre-installation configuration was going too quickly; all I did was set up the partitions, and it began to install. But I was misled–the rest of the configuration was simply saved until after the installation began, so that, while I was inputting information about time zones, keyboards, and users, my computer was already busy installing my new OS. A nice step forward!”

    I’ve always thought it was strange that no-body did this before. I mean; it’s an obvious place to improve install time.

  5. As has been noted (even in my original post), most of these things aren’t new to Ubuntu 11.04. I don’t mean to suggest that Ubuntu is fundamentally changing their strategy, or even to place a value judgement on that strategy.

    The question I’m really trying to work through is why Ubuntu isn’t more forthcoming when it comes to implementing simple-but-effective security techniques. After all, the lack of malware and virusses for Linux must be a significant factor when it comes to attracting Windows users… even just as a marketing gag, wouldn’t it be great to say that “our distribution uses the same security techniques developed by the NSA?”

    And that brings me to what really bugs me about this situation: the success of Apple’s products more directly reflects their marketing strategy than the quality of their software.

    I think I’m getting closer to understanding, but I’m still not there yet.

  6. “What kind of additional security does SELinux add for a desktop user?
    Also wasn’t it written by the NSA which now recommends MS Windows are a secure OS to people?”

    SELinux policies in Fedora cover desktop components including D-Bus and Udev so it is not server specific and also it is never true that NSA recommends windows as a secure OS. I am pretty sure you read some misleading story that twisted a NSA recommendation for existing windows users into something else.

  7. All valid points, but sort of missing the point entirely. It’s like a race car enthusiast reviewing a Prius, or vice-versa. Or like me reviewing a dinner at a vegan restaurant (I’m a steak & potatoes guy). Or like a metal fan listening to an opera and saying “well, the drums are good and loud, but everything else is wrong.” Valid in saying that “this isn’t for me,” but then – it’s not designed for or aimed at you.

    You’re looking at Ubuntu from a perspective of someone who thinks SELinux is something that is good and desirable – and that you want to tinker with LVM. That’s great – but totally, 100% missing the point when it comes to Ubuntu, which is so very not designed for your use case.

    So you’re 100% right, but also – other than chest-thumping about your favorite features in Fedora – completely missing the point. If you review Ubuntu again in six months or a year, it’ll probably be *even further* from what you look for (assuming your preferences stay the same) so why expend the energy dissing it?

  8. Why does an ordinary user need LVM? LVM definitely complicates custom partitioning. I don’t believe that LUKS is much better for the average user than home directory encryption which Ubuntu offers during install & has for years.

    The SELinux error messages are still horrifying for non-techie users on Fedora 15 although thankfully the errors didn’t seem to pop up too often in my testing.

Comments are closed.