This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.
If you have comments on this blog posting, please email me .
The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.
Click here to see the whole Opinion Blog.
To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").
Posted on 14th November 2015
|Show only this post|
Show all posts in this thread.
In many ways, I am a huge fan of Linux. My servers run Ubuntu Linux, as does one of my laptops. I like that fact that you never get an update of any software without first agreeing to it (unlike Windows). I also like the fact that you have complete control of the configuration, that much of the software that you need is free and most can be customised because it is open-source.
Canonical, the company that provides Ubuntu Linux, generally seems professional. Ubuntu Linux is free, with free updates for the LTS (Long-Term Support) versions for 5 years. Canonical make their money from paid support for commercial users. I like this business model.
Having said that, I am very unhappy about the latest Ubuntu upgrade, to version 14.04, which I applied to my main server on Thursday (12/11/2015). Certainly, the latest operating system, and the updated applications that came with it, are better (bugs are fixed, the GUI is faster and more responsive). There are, however, a number of related issues regarding firewalling.
For various sound reasons, I have a fairly complicated network topology at home, both my real physical network, and virtual (soft) networking within my main server. This means that my firewall configuration is also complex. Until now I had managed this complexity using a firewall configuration GUI program called Firestarter, one of a number of such tools that were available for Ubuntu Linux (the other popular tool was called Shorewall). Firewall functionality is included in Linux (in "ip-tables"), but configuring it via the command-line is complex and error-prone, even for simple network topologies, which is why I used Firestarter.
I admit that I made a mistake when upgrading. I was prompted to choose whether to delete obsolete packages, and clicked "yes" without properly checking the list of 200 packages. Firestarter was one of those which is now obsolete, and not available for re-installation. This would not have been a problem, if Canonical had also remembered to migrate the configuration in ip-tables (in the same way that they need to migrate user-accounts, group accounts, printer set-up, file-system set-up and exports, etc.) to the new operating system. Instead, I found myself with a server running the default firewall configuration, which is fine for a workstation or laptop, but utterly useless for a server. My web-site was down, and all my local services (file sharing, printing, etc.) were not accessible.
When I checked the available software packages, I discovered that there are no longer any firewall configuration GUI programs available for Ubuntu 14.04: they have all become obsolete. I found myself with two choices: either configure ip-tables directly from the command-line, or use a program call 'ufw' (Unix FireWall - also a command line program). Of course, neither option is supported by adequate documentation. It took me hours of trial and error work to get everything working as it was before the upgrade. All of that time and effort because the company couldn't be bothered, or forgot, to migrate a set of configuration tables. It also calls into question exactly how much testing is done on new operating system versions.
When you do an Ubuntu upgrade (from one operating system version to another), you also usually get new versions of applications and utilities: updates which were not released for the older operating system). So far I have run afoul of two of these. The first was a change in how services are started/stopped/restarted: previously there were two ways to do this; I had an automation script using the method which has now been disabled, which rather interfered with my testing of my new firewall configuration. The second was a bug in the program that I am using to write this: Bluefish (an advanced context sensitive editor). Bluefish had a bug which caused it to crash immediately after starting it; this bug was fixed quite a while ago, but the fixed version wasn't added to the online software repositories (so not possible to easily download and install it) until this morning.
I do hope that I have now found all of the bugs added with this version of Ubuntu. I also hope that Canonical listen to the complaints, and up their game for future releases.