321 comments

[ 0.76 ms ] story [ 275 ms ] thread
Are you suggesting that debian.org links or should link to Ubuntu's release announcement?
I'm suggesting that anyone using Ubuntu would be better served by using debian :-) Thanks for asking :-)
Azure Active Directory support is pretty significant, means any company that uses Microsoft MDM can now support engineers who prefer linux machines.
Note this support appears to specifically describe an on-premise Active Directory server, with group policy. Azure AD tends not to support GPOs, though you can get basically Azure-hosted AD servers that do.
I don't think it supports AAD, just AD. You got me way too exited for a minute.
It's kind of odd that they are advertising this now just as Microsoft is trying to get everyone to ditch on-prem AD. Is it just them saying "we ship SSSD in the default install now, so you can buy support from us!", or what?

Some way of signing into Ubuntu with a custom SAML provider would be very cool. Windows supports it via their "credential provider"[0] framework and Google uses that to provide sign-in for Windows with your GSuite credentials.

[0]: https://docs.microsoft.com/en-us/windows/win32/secauthn/cred...

I certainly hope ms will drop the need for ad (in favour of azure ad) - but it's still needed for eg azure virtual desktop (you need a vm running ad - or "azure ad ds"[1] in azure parlance).

A bit frustrating, as you can otherwise join a windows 10 desktop (or vm) to just azure ad for sso etc.

[1] https://docs.microsoft.com/en-us/azure/active-directory-doma...

That's still the most bizarre product decision Microsoft has made (to me) in the past 5 years. They are trying to get everyone to Azure and Azure AD, then they launch a product that is basically Citrix but 50% of the cost, with the catch that you need to still have on-prem AD to use it. What?
> 50% of the cost

well that depends, the higher subscriptions include it for free.

I should of been more specific. The higher subscriptions include the licensing, so you just have to pay for compute, vs Citrix where you have to pay for Citrix Licensing, Windows Licensing, and compute.
To be honest I'm not a fan of this. Linux was one of the few ways to stay free of the behemoth of corporate, invasive crapware that is forced upon employees. By evolving towards a full enterprise managed OS (with stuff like AD) this freedom will more and more be corrupted.
Well, at companies that actually care about 100% rollout of "corporate, invasive crapware" on computers that _they own_ and that are used to process _company data_ and access _company resources_, the alternative is usually just to ban Linux workstations altogether.

I see this as a strict improvement for adoption of Linux workstations in the corporate world

I'm not aware of ubuntu now supporting "rollout of corporate crapware" via this AD support.

MSIs still dont work on Ubuntu. GPOs are still very limited-- mostly just HBAC type stuff.

The stuff that works is the important stuff, but if people want to roll out software to Linux they aren't doing it with AD. They're doing it with a CM tool like puppet or ansible.

This or everything in web apps in a browser, pick your poison.
Also AD support is small potatoes compared to products like CarbonBlack which are already deployed on Linux. Having "Puppet but controlled by GPO" isn't really new.
Linux had AD integrations 15 years ago. You just had to configure Kerberos yourself (oh, how often have I googled "Linux AD interoperability"...)
Kind of. You could do domain logins, but pushing policy down from the AD was at best partially implemented.

Also, it's kind of buggy. I have some Ubuntu 20 machines set to do AD logins here and more often than not it just stalls until it times out on login with no useful diagnostic messages emitted. Very frustrating.

The AD support has been there for a while, sans the GPO desktop stuff. You could do dynamic DNS, full kerberos (including SSH SSO via Kerberos ticket), access control / HBAC (via GPOs), sudoers via LDAP, even centrally tie SSH keys to LDAP users.

Some environments mandate this stuff, and there's frankly no excuse for NOT supporting Kerberos / LDAP / centralized auth. The choice wasnt whether to support "stuff like this", but whether the support would be first class or second rate.

Holy crud, I can just straight up join this to my domain? This is world-changing.

There is a GPO template. I think I'm in love.

You always could! sssd’s ad integration has been really solid for years and if you have a huge number of machines you can stand up FreeIPA establish a trust between them.

The thing that’s changing with this release is the ability to support some GPOs with adsys. sssd has/had some basic gpo support as it relates to auth but not really for system config.

FWIW, GPO templates are what I consider the minimum to call something manageable, which is most of why I want things on Active Directory.

This definitely moves this into "I might introduce this to our environment" level.

I would say the same but for authentication.

We have linux servers on our domain, specifically becaeuse there are certain things they do better than windows, and im a tool for a trade kinda guy.

But authentication and management of creds is a hard requirement.

The rest i can work with. We setup Ansible to handle much of the day to day config things. GPO"s might be nice.

At one and for years i was using PBIS, and whatever it was called before it was bought out, forked and named PBIS - https://github.com/BeyondTrust/pbis-open

I liked it because it kept GID/UID's consistent across the domain. But it was flaky for samba shares specifically ad group enumeration. There are paid add-ons that leverage GPO but never went that route.

More recently we are just leveraging SSSD/Chrony/Smb/Nmb to do the same, there are a few tweaks, but its solid. Its actually more stable now.

Some GPO's would be nice I supposed.

The problem is that GPOs are really a terrible way to do configuration, and people (like myself) who grew up on them simply were Stockholm'd into accepting them.

The moment you learn about things like Ansible, and then ask "wait, what if I want to programatically make GPOs"-- and try to do so-- you realize just how horrendously bad they are.

Their permissions inheritance is terrible, so trying to do least-privelege / granular rights for admins is awful.

Their supercedence structure is confusing, overly complex, and naturally inclines people towards abusing "enforce" and "block" in the worst possible ways.

Un-screwing GPO inheritance messes is essentially impossible, so in production the answer is generally "create a new GPO" rather than "clean up the old mess".

And the settings structure itself is a terrible organizational mess; things "sort of" have a logical structure, except for the thousand odd exceptions. You can't set preferences on items that may not exist (such as disabling insecure services from old OSes) without generating a bunch of logged errors. You can't really target your GPO without some rather expensive client-side queries.

Logging what is actually happening (e.g. why did that printer mapping fail) is awful, which I have generally seen solved by writing one's own drive and printer mapping scripts.

The whole thing is a relic of the 90s that never quite got finished, polished, or maintained and mostly exists because it was "good enough" and there were no real alternatives. There still aren't, really, unless you want a third-party solution which is inevitably almost as big of a maintenance burden as GPO-- and GPO being free and mostly reliable makes it easy to just accept its awfulness.

"GPOs is the worst form of policy management, except for all the others."

I've yet to see something as comprehensive, navigable, and flexible. Sure, it can be horrendously complicated, especially if you chose not to clean up the old mess, but it's still... basically better than everything else.

In the Windows world — SCCM!

Setting up SCCM is an exercise in hating your life but once you have the servers up it’s stupidly powerful.

In the Linux world — Ansible if you want push, Puppet if you want pull.

I've never worked somewhere with SCCM money, that crud's expensive. I've used some more affordable third party tools which I find quite serviceable. And WSUS. Which is beautiful in it's simplicity, yet horrifying once you stray from the narrow path.
Novell had it 20 years ago. Zenworks!
I'm not real familiar with this stuff but I could've sworn that linux has been able to join Active Directory domains via samba for a long time.
I know you can, in a very basic sense, such that one can log in, after both setting up the OS, and then configuring the domain join after installing additional components. But there's two key things here:

> Ubuntu machines can join an Active Directory (AD) domain at installation for central configuration.

This means it's now a ready-to-go functionality of the OS, and can be done simply without going to read a blog article on how to do it, post-setup.

> Ubuntu 21.04 adds the ability to configure system settings from an AD domain controller. Using a Group Policy Client, system administrators can specify security policies on all connected clients

And this means one can deploy Ubuntu machines on an Active Directory network at scale. Rather than hand-crafting one Ubuntu server that connects to your AD, ability to set policies with GPOs is the baseline to be able to say, deploy Ubuntu desktops to an entire department. Group Policy is the "pets vs cattle" difference in a Windows-based network.

> This means it's now a ready-to-go functionality of the OS,

Fedora did this few releases ago, as a part of the new-at-the time OOB wizard (you could use AD or FreeIPA, autodetected). Good to see that Ubuntu does similarly.

> can be done simply without going to read a blog article on how to do it, post-setup.

I never had a problem with setting up AD membership after-the-fact, except for three things that bothered me:

1) you still needed a local (root or sudoer) account in Ubuntu (but not in Fedora),

2) the setup didn't set up domain admins (or other group) neither as sudoers, nor as PolicyKit admins (these GUI prompts for admin password that you get from Gnome Software or Disks, or other privileged apps). These had to be done manually,

3) Files doesn't use AD Kerberos ticket when accessing file shares. It will just asks the user again; kind of defeats the point of Kerberos.

I'm really interested whether these are fixed.

> I know you can, in a very basic sense, such that one can log in.

Log in, get group and netgroup membership, apply GPO based access control, access ssh keys, apply sudo rules.

> after both setting up the OS, and then configuring the domain join

    realmd join ad.example.com
Just the same as joining the domain on a Windows machine.

    Add-Computer -Domain ad.example.com
> Rather than hand-crafting one Ubuntu server that connects to your AD... And this means one can deploy Ubuntu machines on an Active Directory network at scale

Huh?!? Are you manually joining every machine to the domain and manually configuring every machine by hand? Even if you don't want to bother with config management like Chef/Puppet/Ansible for post-install config you at very least could have leveraged preseed files to automate the install, domain join, and applying your configs.

Like it's great that Ubuntu is supporting a subset of GPO but just like in the Windows world you can't configure everything with it and still need SCCM and Linux has solutions abound for that functionality.

> preseed files to automate the install, domain join,

Genuine question, wouldn't that require a kerberos ticket to work? Or at least some high privilege password that you might not want to keep around your preseed files? Bootstrapping trust is a tricky problem. Most that I've seen tend to go with some custom solution.

Yes, but you can really tighten that privilege in practice. Yes having the ability to create computers in AD is potentially dangerous but in our deployments all the "AD Join Account" can do is create, delete, and reset computer passwords in one specific OU that new computers are moved out of once provisioned.

We don't broadcast the join password and rotate it every so often but we also don't really care if it gets out.

Hmm, I ran into the same issue too whereby I had a manual step to join the computer to the domain. I only had one computer to join, so I couldn't use anything like a real secrets solution, but I also didn't want the password to be in the Ansible files.

Having an OU that computers are provisioned in, and then moved out of later on would have help me a lot.

with azure ad (even hybrid) you can let your oem make a oem autopilot domain join, thus it will be registered even bevore you have the device.
For a very long time the process on Linux has basically been making sure SSSD / SSSD-AD / realmd were installed, and then running,

    realm join mydomain.fqdn
Some distros defaulted to SMB (though which, I dont know), and occasionally the default configs of sssd.conf are not sufficient for your organization (such as if you want to use SSH keys via ldap, sudoers, dynamic dns, etc).

But generally you were seeing a bunch of guides because they were referring to truly ancient distros.

Fantastic! This brings Ubuntu in front of macOS.

Does anyone know why I can find the admx and get going or is it reading the standard windows policies? Can't seem to find any articles/documentation.

Looks like their download page has not yet been updated to offer 21.04?

https://ubuntu.com/download/desktop

These are all beta images.
If you install the beta from a week or two ago and then do a 'apt update' followed by 'apt dist-upgrade', it'll download maybe a few hundred MB of stuff, need to reboot once, and will be the same as the release.
Or you could wait a couple of hours for Ubuntu to update their website. What's the rush?
It's not LTS, so you need to scroll down a bit.
Released, but can't find the download link..
(comment deleted)
It's interesting to see Wayland enabled by default.

I'm curious to know what state Wayland is in nowadays, especially regarding how well it works with Nvidia cards. The last time I tried it out was around 2017ish when Fedora enabled it by default. It was 100% not ready then as it wouldn't even boot into the desktop with my nvidia card.

Is it actually ready now? Does it work with nvidia cards? Does GPU acceleration work with nvidia cards? Are apps launching via xwayland gpu accelerated / working as expected? It sounds like OBS and some screenshot programs work now which is nice.

I've learned not to hold my breath on Ubuntu + Nvidia cards ever working out of the box. I've been using Pop_OS as a daily driver (distro over Ubuntu) and it works 95% of the time.
Thanks for the tip. Just tried it. Looks nice but suffers from the same problem as Ubuntu 21.04: laggy with fractional scaling.

But fractional scaling with Nvidia did not work at all before 21.04 so I guess there is progress.

What level of scaling are you using? I tried turning on "large text" in Accessibility settings, which functions like 1.25
I tried 125% and 150%, both modes are too slow for me
I have it at 125% for one of my 4k screens, and I have no lag. Then again I have an AMD card.
Yep, the problem is specific to Nvidia cards
XWayland support on NVIDIA should be coming later this year: https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-G...

Additionally, NVIDIA seems to be putting a lot of effort into overall Wayland support (yay!): https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-4...

Hopefully, by next year, Wayland on NVIDIA should be "fully" supported. It's slow progress, but it is moving forward.

So it sounds like folks with Nvidia cards should hold off on this version of Ubuntu?
No, I guess Ubuntu will just boot to X11 on a system that Wayland is unsupported.
No, you can always switch back to Xorg on the login screen (at the bottom right).

Wayland support is getting really good these days, I'd recommend giving it a try before going back to Xorg if needed.

This release is no different than any previous one for NVIDIA users

> Wayland support is getting really good these days

Depends on your needs and hardware. I have an Nvidia desktop and Intel Laptop both running Arch + GNOME 40. Intel is definitely less buggy, but I still find myself switching back to X11. For example, when I needed screen sharing for work video conferencing, it only works under X11(PipeWire support was buggy at the time). Wayland/GNOME also still have issues with mouse lag with high CPU.

It's getting better every day, but still rough around the edges.

Have you tried PipeWire recently? Seems like there's a lot of recent development, and that screensharing now works under Wayland with newer versions.

I'm still on Xorg myself, but planning on switching to Wayland later this year once XWayland support is merged (also using NVIDIA card)

Edit: I've switched to PipeWire for Xorg with pipewire-pulse with zero issues so far.

If he's on Arch I'm sure he has a pretty recent pipewire install.
I'm also on Arch, but I mean the newer 0.3.x releases, as development has been pretty quick. I believe things have changed in past few months
As a user, why would I want to switch to Wayland in the first place?

Years ago I remember dreading firing up XFree86 on a machine with only 4MB, opting to use svgalib apps instead. But I've been using XFree86/Xorg for two decades now. I like new technology (I love my Toyota hybrid, for example, even though it lacks a clutch pedal). What tangible benefit does Wayland offer me?

- Better DPI scaling, especially with multiple screens at multiple DPI

- Reduced tearing

- Simpler architecture, better security

In theory, Wayland does provide few user-facing change (I think)

Nope. Wayland is replaced with XOrg, if NVidia drivers are active. You don't even notice it.

I can switch from Intel only to Nvidia PRIME profile and after restart it just switches to XOrg.

Depends a lot on the compositor. I've been running on Sway for about half a year. It's 99% perfect — the only thing I'm missing is smooth high-DPI scaling for XWayland windows. Note, smooth high-DPI scaling is good for Wayland programs – I'm just talking about that one piece of software that I use that still needs X (Emacs).

Before christmas I played around with Plasma on Wayland. It mostly works, but there were some weird quirky behavior. I didn't look much into it, since I'm so happy with Sway.

I hear people say Gnome is fine on Wayland.

As for Nvidia: can't help you with that, sorry.

>still needs X (Emacs)

With luck, this problem will soon be solved from the opposite direction:

https://lwn.net/Articles/843896/

    > Looking forward
    > Now that there is a pure GTK3 port of Emacs, GTK4 has naturally been released.
Oh FFS...
Nice and slow.
(comment deleted)
Yes! I've been using Sway for years and it's amazing! Very underrated.
From what I understand after briefly looking into this earlier this month the issue seems to be basically NVIDIA want to push their own buffer API (EGLStreams) rather than use the buffer API developers are actually using (GBM).

If you use one of the "big" compositors like GNOME or KDE I believe they have sort of added EGLStreams support so you can use it on NVIDIA but it's not perfect. If you use a more niche one, e.g sway, then it won't work on the NVIDIA proprietary drivers because they don't support GBM.

There is some news recently that NVIDIA may be coming around and are in the progress of implementing GBM support in their drivers, but it's not confirmed.

You can also use the nouveau nvidia drivers but from what I understand the performance is trash in 3d applications using modern cards, it seems more orientated to supporting older nvidia cards.

There's also the External memory extensions for Vulkan and OpenGL. All the vendors support the Vulkan api. https://vulkan.gpuinfo.org/listdevicescoverage.php?extension...

But not sure about the OpenGL (I think Nvidia do).

These apis let you export a FD for sharing. Pretty sure you can import (scanout compatible) objects into DRI/DRM/KMS. Which is what libgbm does for Mesa drivers.

Although most compositors (including wl_roots based ones) still use libgbm as they might also need to support embedded hardware. (eg: Tizen).

(In the original release of Vulkan intel has a weird "unofficial" extension that let you export a FD. and khr had a VK_cube demo that could directly use KMS with Vulkan using this "extension". This was removed as it was only there to test Vulkan before any window manager integration was implemented)

NVIDIA tends to be good (in an evil way) at proprietary lock-in, but they also tend to be good (in a genuine way) at making better thought-out and more advanced APIs. What's the balance of these two qualities in EGLStreams (as compared to GBM)?
I've looked into this myself before, because I was curious and had the same thought as you. I don't feel comfortable making any detailed claims about GBM vs EGLStreams and which is better, but I will say there are absolutely some tradeoffs between the two and neither is entirely without merit.

The thing that is worth noting is how this situation came to be. That is, there was at one point a conference where the community invited AMD, Intel, and NVidia to discuss the future of this API and Nvidia was a no show for some reason. Those who showed ended up producing GBM, Nvidia pulled EGLStreams out of a hat, and the rest is history.

Who knows, maybe it was something as simple as scheduling and the people at Nvidia that needed to be there couldn't make it? Maybe in another timeline this mess could have been avoided entirely.

linux development is one of those areas where physical absence is not required in order to participate in discussion and to collaborate with other participants, so it sounds to me more like excuse rather than proper explanation why nvidia decided to go another route :)
Yes, but there is an argument to be had that sole ownership and lack of design-by-committee is exactly why NVIDIA can put out better APIs.

Money and proximity to hardware development would be the competing factors, and normally I'd like to pin the attribution on them, but there's just one small problem: I've been on a bunch of committees and they have pushed my estimation of typical committee dysfunction to extraordinary levels.

I've been using Wayland for over a year now without any big problems. I even use fractional scaling (which causes XWayland screens to be blurry) but most of my applications run natively anyway, so it's not a big deal.
I've been using it with an AMD RX580 driving a 32" 4K monitor for a couple of years now and it just about works perfectly for my needs, including playing a few games through Steam. The only issue I have is that for some reason I occasionally cant alt-tab to the keepassxc window under gnome after I start it up. If you use Linux on the desktop and don't otherwise require an nvidia card (cuda, etc) it is worth while to switch to an AMD card or to spec one for a new build.
There will be no new builds. There is no hardware :)
Fortunately that's not entirely true.

In my neck of the woods (Central Europe, so not a place with cheap and abundant hardware like North America or Asia) you can find plenty of decently priced hardware in stock if you're an educated consumer and willing to look around.

Sure, you won't find any discrete GPUs anywhere at MSRP thanks to mining and scalpers, BUT, you can find golden nuggets like the Zen2 based 6-core 4650 Pro Ryzen APUs for 220 Euros which is a cracking CPU with good integrated graphics, or you can buy a gaming laptop with the latest gen 8 core Ryzen 5800H and an RTX 3060, 16Gb RAM and 512Gb SSD for about 1200 Euros or even less which IMHO is insane value for this level of performance considering the current apocaliptic market.

I tried it on my laptop (Lenovo ThinkPad X1 Extreme) and it was horrible. Firefox would freeze. Kubuntu themes don’t work properly. Resizing apps would cause freezing. Switching back to x11 and it all works totally fine.

This was 2 weeks ago on kubuntu 21.04 beta.

But I’m on manjaro now and for some reason I have less issues on my laptop than I had with ubuntu 20.04.

Is the Wayland thing related to yesterday's announcement of WSL now supporting GUI aps?
Still broken with Nvidia cards. Works fine with Nouveau drivers. If you want wayland with good performance from your cards it's best to look for AMD graphic cards/gpus . That said I use it just fine on a laptop with nvidia video that is ancient (2014 build date) and Ubuntu 21.04 works great on it. I updated from LTS to give the new pipewire and wayland stuff a shot and it's fine. Makes a good little multimedia server with VLC, unified remote on my phone, and some custom lists
My biggest problem trying Wayland in Ubuntu 20.04 was not actually with graphics, that worked well for me with my Radeon card. My issue was with my Logitech T650 trackpad, since Wayland also handles pointer events and scrolling and such. I can't remember exactly what was bugging me about it, but it was annoying enough that I switched back. (Xorg still isn't great with this trackpad, but it's usable.) And my apologies to the community, but I also didn't have the energy to figure out the details enough to file a bug report, as switching back to Xorg solved my problem. I will try to revisit this and see if it's still an issue in 21.04.
I've been out of the loop, but what is the interest in Wayland exactly? It's a display server; what is the interest in it over X11? Outdated?
Is it actually ready now?

Considering I probably have to fool with X every six months or so, a lot will depend on what you mean by "ready."

Personally, I'm not ready for Wayland. It doesn't solve any problem I have. And might create problems I don't have. If I was in the market for new problems I'd probably try Arch again ;)

I’ve tried using waylaid on 20.04 and it completely broke Firefox on snap (though it worked if I downloaded it from mozilla’s). So, I know it can be a bit painful to change these things. But I think the bottom line is: wayland is the future. It needs to become the default at some point. There will certainly be some kinks to be ironed out for a while, but we’ll get there.
I’ve been away from Linux for a while. So Microsoft is involved here, and Google’s Dart/Flutter is also a key foundational component? Am I understanding that right?
With any open project, you can lean in favor of only working with other free things, or focusing on usable scenarios even with non-free software. My impression has always been that Ubuntu leans to the latter, trying to provide a working solution out of the box.

This is why you can get PCs from enterprise PC vendors like Dell and HP shipped with Ubuntu.

Yeah, I think it's the right call as well for any distro that wants adoption. I'd love to use Debian, but even the "non-free" installer doesn't include drivers for my intel wifi card, and I don't think it's worth my time to try and do it all by hand. I still donate money to Debian though, because I know it's indirectly supporting Ubuntu.
Yeah, I work on a tool for Sandstorm.io called vagrant-spk, which uses Debian inside VMs, and that is pretty pleasant. But every time I've flirted with using a Debian distro for my dev machine under it, I've never gotten to the "installed working machine" stage. For what it's worth, my dev machines are usually random older consumer desktop PCs, solely intended to run Windows, but Ubuntu works fine out of the box on all of them.
Have they sold the company to Microsoft?

"Microsoft SQL Server on Ubuntu delivers an optimised, cost-effective database platform"

Of course not, it's not free so it's not cost effective compared to the best database, which is PostgreSQL.

Integration with Active Directory group policy seems also a really bad idea since it allows insecure proprietary software to control your Linux machines.

Any good central policy management is better than none. If you have a Windows-based network, Linux machines represent a serious security risk, because they're less managed. The more managed Ubuntu can be in a Windows environment, the more feasible it is to start switching workloads to run on Linux without compromising security.

And plenty of business apps straight up require Microsoft SQL Server. You should be thrilled those now no longer need a Windows license, just the SQL Server license.

SQL Server and Active Directory are important for enterprise customers, and their true cost comes from the support contracts, not the purchase price (like all software at the enterprise level, FOSS or not).

This is a smart move by Canonical to court enterprise customers, especially with the Red Hat change of ownership chaos and churn.

Maybe cost-effective compared to running SQL Server on Windows?
And also compared to, for example, Oracle on RedHat.
And a "sanity-effective" alternative to Windows - I've found that running their officially-supported container has been a much better experience.
Marketing speech ;) .. but money definitely has been changed hands.

Active Directory has its own share of problems, but the benefit of having a central location for policies which enforce them on the connected machines is a security plus despite the addition of attack surface by itself.

While I first thought that AD integration regards group policy looks like a hard architecture mismatch, it is interestingly not. Take the Windows Registry with millions of keys vs. the thousands of etc files and their thousand sub settings.

From a quick look into the policy files, they map the GPO settings into Gnome dconf keys.
Have you ever been on the ops team for a company larger than 20 people?
Having used both Postgres and SQL server, I have a high amount of respect for both of them. Both are full featured, solid databases.

I still miss some of the tool ecosystem (like schema/data diffing tools from RedGate) from my SQL Server days.

Clearly you're not the audience for these features.

Also proprietary software is not insecure just be being proprietary.

And if that's the extent of your understanding of what the software does, then you aren't really qualified to give an opinion on its security.

> Firefox, OBS Studio and many applications built with Electron and Flutter take advantage of Wayland automatically, for smoother graphics and better fractional scaling.

I think it's great that Firefox is bundled with Ubuntu, but I have to manually update Firefox each time a new release comes out because the version that's installed is a canonical-controlled version that stays 'stuck' on a old version and doesn't have an auto-update mechanism.

Other than that, I love the OS. I use it as my daily driver since it has a good community around it, and if you're having trouble, there is a good community-powered Q&A site for it.

I'm running Ubuntu 20.04 LTS and Firefox (from the default Ubuntu repo) is updated frequently. It might lag behind the official release by a few days, but I can live with that. Currently at 87 [0], so I expect 88 (which Mozilla released a few days ago) any day now.

[0] https://packages.ubuntu.com/focal/firefox

> I have to manually update Firefox each time a new release comes out because the version that's installed is a canonical-controlled version that stays 'stuck' on a old version and doesn't have an auto-update mechanism.

Doesn't Snap solve this?

Yes, but only if you submit your code to Snapcraft. There's no way to host your own repository.
In fact, Bret Barker has published an open source (Apache License) SNAP store on GitHub. We’re already looking at how to flesh out his proof-of-concept and bring it into snapcore itself.

https://github.com/noise/snapstore/

"snapstore was a minimalist example of a "store" for snaps, but is not compatible with the current snapd implementation. As a result I have removed the contents here to avoid further confusion."
See, no self hosting possible anymore.
But this is the opposite of the principles Linux has been built on. How can Canonical hope Snap gains popularity if the very software powering up the Snapstore is closed?
I don't care since i don't use *buntu. But they are not what i would call an OpenSource Company...lots of closesource-selfmade software like Juju and Snapstore.
> but I have to manually update it each time a new release comes out because the version that's installed is a canonical-controlled version that stays 'stuck' on a old version and doesn't have an auto-update mechanism.

How so? I use the default Firefox on Ubuntu 20.04 and it's updated through apt like almost all other applications/libs I've installed and it stays pretty up-to-date. E.g. Firefox started offering version 88.0 on the general release channel three days and there ISN'T YET a corresponding update to the package repo, however I expect it'll most likely pop up there within the week.

Firefox in Linux distributions is updated by the distributions, not by an app-specific updater. It may take few days after official release - distributions can start building after Mozilla announces release, they cannot prebuild it few days in advance - but it will be updated.
I know it's not for everyone, but building your own Firefox binaries isn't hard.
Or the binary tar-ball from Mozilla included the auto-update. (I'm using Nightly so that's the best option for that)
> I think it's great that Firefox is bundled with Ubuntu, but I have to manually update Firefox each time a new release comes out because the version that's installed is a canonical-controlled version that stays 'stuck' on a old version and doesn't have an auto-update mechanism.

This is par for the course on some distros. Fedora, for example, has its own repository for Firefox that is sometimes behind the mainline release of Firefox (although in my experience it's usually only a few days).

The advantage of the process is that the Fedora Firefox repo actually has its own QA testing, so they occasionally catch some things that might impact Fedora users specifically, that otherwise might go unnoticed if I were to switch to the Firefox flatpak.

> but I have to manually update Firefox each time a new release comes out because the version that's installed is a canonical-controlled version that stays 'stuck' on a old version and doesn't have an auto-update mechanism.

What? It is updated just like any other software by using the package manager

https://packages.ubuntu.com/focal/firefox

I actively don't want random app-specific auto-updaters; I want one package manager.

Thank you to Canonical for keeping Ubuntu a free and open source operating system with long term support! With the death of CentOS (replaced by an unstable upstream of RHEL) it means a lot to the Linux community.
Amen! Ubuntu is amazing! And keeps getting better every release! Big props to the Ubuntu team! My gratitude is endless for not having to use either Windows or Mac and still enjoy the desktop computer experience!
Why was the above comment downvoted?
My guess is that it was downvoted because it violates two of the comment guidelines:

> Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.

The parent comment is neither thoughtful nor substantive, merely agreeing with the grandparent -- a verbose equivalent of a "This!" comment. A better comment might include the commenter's reasoning, their experiences with other platforms and their pros and cons, or how they have used Ubuntu personally or professionally, for example.

> Eschew flamebait. Avoid unrelated controversies and generic tangents.

The parent's implicit dismissal of Windows or Mac desktop platforms as un-enjoyable could be interpreted as flamebait, since choice of operating system can be a common point of contention.

Hopefully this explanation helps. Since the comment was low-quality but not flagrantly bad, I assume it will pick up one or two downvotes but not a flag, and will sink naturally down the discussion as higher-quality posts supersede it.

Being grateful theres additional options for a well supported desktop experience besides the two dominant parties is flame bait?

Subjective interpretation is now a basis for downvoting and being labelled flamebait.

Meanwhile the most upvoted comment is about the graphic looking like hairy testicles(which it does).

It looked like bad sarcasm to me when I first read it. Perhaps other people thought the same.
I LOVE Ubuntu.

I don't think people realize how important a well supported DESKTOP experience is for open source adoption by the mainstream users.

The mainstream doesn't care about zshell or fish shell or vim.

All they see is the graphical desktop experience, for their email or browser.

If that market can be brought into the open source world away from the giant companies that would be a huge win for open source.

And Ubuntu is currently the only real game in town, and having used it myself since v11 or something it's come a long long way, to the point where my grandmother can use it.

That's clear! It's just that many of us have been conditioned by internet snark to read comments like the GP cynically, unless they contain disambiguating information (as your comment here does). You did nothing wrong, but I have a hunch that ambiguity may have been the source of some downvotes.
Good point. It does have kind of a hyperbolic snark about it if one didn't know that I was a little bit of a fanatic for Ubuntu. :)

I kind of get the downvotes.

I fail to see how moving to a rolling release strategy results in any kind of "death", seems like FUD to me. Rolling release, trying to stick to upstream releases as closely as possible, works well with Arch Linux, I'm glad CentOS learned from Arch Linux success. DISCLAMER: I'm not even a CentOS user, but I just like what RH does and has done for "the Linux community" as you call it (I would just call it "society" but whatever).

“It’s a curious thing about our industry: not only do we not learn from our mistakes, we also don’t learn from our successes.” – Keith Braithwaite

CentOS is doing nothing like Arch.

CentOS rolling release will still be so slow that itll lag a lot behind Fedora.

Its just that CentOS will now be afew months ahead of RHEL instead of afew months behind RHEL.

eh, honestly centos is one of the few distros where you can get fairly recent compilers even on old versions, much more easily than ubuntus / debians. e.g. even on centos 7 (released in 2009)
For many, the reason to use CentOS was that it was stable and supported for 10 years. They killed that and personally I agree with the GP that they have probably killed CentOS along with it. CentOS Stream is "positioned as a midstream between Fedora Linux and RHEL". I'm not sure who this will appeal to but it's not the same group as before.
Exactly midstream between Fedora and RHEL. Who is this target audience exactly ... agree completely was not the same audience that used CentOS.
CentOS Stream is getting the exact same types of updates that it got before, just incrementally rather than bundled up into minor releases every 6 months.

The chart looks more like this:

Fedora ---------------------------------------------------------------------> CentOS Stream --> RHEL

It's definitely not "exactly midstream".

Stable, supported and didn't cost anything
It's semantically correct. CentOS is the name of a Linux distribution, and that Linux distribution is dead. CentOS 8 is the last ever version of CentOS, and it's supported for for 8 more months.

There's a new Linux distribution called CentOS Stream, but it's not the same distribution as CentOS, and it doesn't have the same goals of CentOS. It would be correct to say that CentOS is being replaced by CentOS Stream, but that means that CentOS is no more.

You may argue that this is pedantic though, and that the phrase "the death of CentOS" is intended to communicate something which isn't accurate. And, yeah, that might be the case.

Hey: Please read the answer to this comment first. It contains some very important clarifications. Leaving the comment up for completeness, context and admittance of error. Happy reading.

---

Disclaimer: We use CentOS on almost all of our servers at production level for 10+ years.

The main problem with CentOS is not moving into a rolling release schedule, but change of its place in the ecosystem.

Before, CentOS was the last tier. Fedora was testing ideas, RedHat was implementing them, and CentOS was following the trail by porting them later. There was an unwritten agreement that RedHat didn't prevent CentOS' development, and CentOS didn't port everything at day 1, so they were in a mutualistic state. Moreover, CentOS enjoyed a ~10 year support on every release, so it was the soul-successor of the original RedHat from the olden times.

Now, CentOS moved to pre-RH position. So Fedora experiments, CentOS makes the Beta & RC testing and RedHat gets more thoroughly tested patches and, that's it. CentOS is moving to a Debian Testing meets Arch Linux position. It's neither stable as Debian Testing, Nor supported like Arch and lacks any official support and possibly no security patch support.

This is problematic for many places since CentOS was the RPM Equivalent of Debian Stable. Now, there's no RedHat based free and community-driven and community-supported distro. People who can't use CentOS in its future state will either migrate to RedHat or to Ubuntu or Debian Stable.

For us, and for other data centers which do the same thing as us, current situation is a very big let's wait and see game.

For the health of the ecosystem, we need another fully free (as in beer & as in speech) and fully supported distribution. Hope Rocky can fill that void.

I'll continue to use Debian on my personal systems, for foreseeable future.

Why don't people make the effort to just move to Debian Stable? If you don't want to pay any money, relying on Redhat's goodwill always seemed precarious.
Because there's a big software stack from drivers to scientific software which is being developed for 10+ years (or even longer) for RH based distributions, or for CentOS/ScientificLinux specifically

Software development and verification is huge in scientific computing. It's not just "Meh, let's port it in a weekend and be done with it".

> It's not just "Meh, let's port it in a weekend and be done with it"

maybe time to get on with it.

I'm not sure that you understand the size of the task and the number of people and software packages involved.

Nevertheless, I'll try to call around to see who can start shortly. :)

I think this applies to the whole community. For many years we just assumed we could runt CentOS forever. When RH bought them there was an initial shock but they quickly clarified CentOS is not going anywhere so we were happy. Now that it's gone I kind of regret I didn't insisted or at least kindly asked some vendors for Debian compatibility. I didn't because I didn't have to, an now we're all screwed.
> they quickly clarified CentOS is not going anywhere so we were happy. Now that it's gone ...

not to rub salt into the wound but relying on a single vendor could be considered technical debt.

Disclaimer: I work for Red Hat

>CentOS makes the Beta & RC testing and RedHat gets more thoroughly tested patches and, that's it. CentOS is moving to a Debian Testing meets Arch Linux position. It's neither stable as Debian Testing, Nor supported like Arch and lacks any official support and possibly no security patch support.

This isn't correct.

Debian Testing is a true rolling release distribution for the next "major" version of Debian. If you install Debian testing, what you're getting is a hybrid between Debian N and Debian N+1, with package versions that at any point in time may or may not be similar to those in _either_ Debian N or Debian N+1, since they get continually updated up until the stabilization phase.

That is not what CentOS Stream is.

CentOS Stream is a rolling release for the next minor (_not_ major) release of RHEL, and follows the same development process, including the exact same CI and testing scrutiny that was required to update a package in RHEL internally. It's basically taking the development process which used to be internal, and opening it up to everyone else.

Unlike Debian Testing, CentOS Stream is _not_ a hybrid between major releases of RHEL (say, RHEL 8 and RHEL 9). It's frozen to a major release. So CentOS Stream 8 will track the development of RHEL 8.3, 8.4, 8.5 and so on, and CentOS Stream 9 will track the development of RHEL 9.1, 9.2, 9.3 and so on. And like both RHEL and current CentOS, that means that the updates will only fall into the categories of backported bugfixes, security fixes, support for new hardware, and on very rare occasions individual backported features.

This is more significantly stable than Debian Testing - it is less "Debian Testing meets Arch" but rather "old CentOS meets Debian Testing".

Where did you hear that CentOS Stream didn't receive security patches? That is not true...

Daniel, thanks for the comment and clarifications in (Googled your twitter account for your first name, hope that's OK).

Actually, the initial communication of this issue was so vague from our perspective, so this is what I and my colleagues understood.

Again, thanks for clarifying, because I personally don't want to bash CentOS, but want to understand what's happening and continue to use it. Maybe it would be beneficial to disseminate this in a more visible and more understandable way.

> And further - where did you hear that CentOS Stream didn't receive security patches? That false...

I didn't hear, but as I said, CentOS Stream was presented as a proving-grounds distribution and, I understood that it'll receive security updates in a best-effort basis.

The news came in a crashing way and the initial roadmap didn't communicated well to the outside world in the beginning. To be frank, a lot of people felt betrayed by IBM/RH. When a company announces a big paradigm shift and cuts the support for the latest release at the end of the year without further explanation besides marketing speak, thinking otherwise is pretty hard.

Hope you understand the frustration.

Cheers

You don't actually have to use someone's personal info just because you have it BTW. Just saying thanks is enough.
I just wanted to be kind, sincere, and asked his permission explicitly in my comment I presume. At least it was my intention.

If he wanted me to remove it, I would have happily done so.

Also, I just pasted his nick to Google and it came on top. So I presume he didn’t try to hide his name. If I have sensed the contrary, I would not dig one step further.

"Asking for permission", while simultaneously doing the thing you're asking permission for, without waiting for a response, is not actually asking for permission.
(comment deleted)
> where did you hear that CentOS Stream didn't receive security patches? That is false...

It's not false under the context of long term support which is why I highlighted so in the OP. How long will each CentOS Stream release be supported? How long with each CentOS Stream release receive security patches?

5 to 5.5 years - the same as RHEL "full support" phase.
5 years is half of the Ubuntu LTS and the previous CentOS Linux lifecycle. This is why many consider CentOS Stream to be a significant departure from CentOS Linux. Not saying it is a bad OS but it is no longer a free Linux operating system with long term support.
>5 years is half of the Ubuntu LTS

No it isn't. Ubuntu LTS is supported for 5 years.

https://ubuntu.com/blog/what-is-an-ubuntu-lts-release

>An Ubuntu LTS is a commitment from Canonical to support and maintain a version of Ubuntu for five years.

---

>Not saying it is a bad OS but it is no longer a free Linux operating system with long term support.

Ubuntu LTS is suppored for 5 years, Debian Stable is supported for 5 years, and OpenSUSE Leap is supported 5 years (as far as I can tell - the only documentation I found said "up to" 60 months).

CentOS Stream absolutely provides "long term" support.

Ubuntu LTS has an additional 5 years of security support through Extended Security Maintenance thus giving LTS releases a full 10 year lifecycle. https://ubuntu.com/about/release-cycle
Which you have to pay for, just like RHEL.

>ESM is available through an Ubuntu Advantage for Infrastructure subscription for physical servers, virtual machines, containers and desktops, and is free for personal use.

https://ubuntu.com/security/esm

Note that if you click through "personal use" means "up to 3 machines" and obviously doesn't apply to infrastructure. RHEL has free "personal use" subscriptions too, except they apply to up to 16 machines.

And also:

> Initially, free subscription is available for Ubuntu 14.04 LTS only.

The fact is if someone wants to run a Linux host for 10 years with security patches they can with Ubuntu. They cannot with CentOS Stream. Yes, they could switch to RHEL and pay for security patches but RHEL is a different OS than CentOS Stream.
(comment deleted)
(comment deleted)
> Unlike Debian Testing, CentOS Stream is _not_ a hybrid between major releases of RHEL (say, RHEL 8 and RHEL 9). It's frozen to a major release.

Thanks, I recognized it first! It should be more clearly advertised.

> soul-successor

I think you just made a new malapropism by getting the "sole" in "sole successor" mixed up with the homophone "soul" and then relating it to "spiritual successor"

Both "sole successor" and "spiritual successor" are accurate descriptions in this case, so it works beautifully.

Heh, thanks!

Being tired and having a different mother tongue has its perks, it seems. :)

The move is pretty transparent to me, when CentOS was effectively "free RHEL" many people who didn't feel they needed support just ran CentOS in lieu of RHEL knowing that they'd get near-100% compatibility without paying a dime.

The fact that it's a rolling release is not really the problem per-se, it's more that you can no longer expect that CentOS n == RHEL n. It's not a drop-in replacement. You can't expect that something that works in RHEL will work in CentOS and vice-versa.

For people who ran CentOS because they liked it over the competition it may not be a deal breaker. For people like me who only used it because it was "free RHEL" the new rolling version is effectively useless. And I'm 100% certain that it's exactly what RedHat/IBM counted on: no more free candy, just buy a license.

> And I'm 100% certain that it's exactly what RedHat/IBM counted on: no more free candy, just buy a license.

Do you mean that it's not 100% Open Source anymore? That you can't build your RHEL anymore?

> And I'm 100% certain that it's exactly what RedHat/IBM counted on: no more free candy, just buy a license.

One thing I don't understand is why they vehemently deny it was the reason.

Centos was mainly used as a "free but otherwise identical" alternative to RHEL. Centos typically attracted an incredibly conservative and stability-focussed crowd. People who wanted all the benefits of a stable enterprise distro but who didn't want to pay and who didn't need support.

Whatever your personal preferences are, it's obvious that this change doesn't fit well with that crowd.

Red Hat has every right do do that change, but we shouldn't pretend that this is a good fit for the traditional centos crowd.

I tried Wayland on 20.10 a few month ago and concluded it wasn't ready for daily use. The worst thing is that it would RANDOMLY cause Gnome to restart while closing all my applications. Also the cursor was jumpy and laggy sometimes (especially when opening context menus). Is anyone aware if these issues still happen?
>The worst thing is that it would RANDOMLY cause Gnome to restart while closing all my applications.

Question: Is this a GNOME architecture issue? I hope KDE could avoid this issues, atm on Xorg I can restart the window manager and the desktop shell without losing any data.

I don't have a firm answer, but considering how much Wayland pushes off on the compositor (seemingly everything, nothing is ever Wayland's fault or responsibility) I'd expect that the compositor (every desktop environment or WM also needs to be a compositor, now) crashing is identical to all of Xorg crashing, not just the DE or WM under Xorg crashing.
You are right. The compositor crashing is equivalent to X crashing: everything goes boom. In the X world, if gnome-session dies another one gets automatically started and you may not even realize what happened.
So KDE will have same issues ? I am wondering if they can architect it somehow where you put minimal code in the compositor and move the window management, and the complex effects (like zoom and animation) into a different process.

If Linux would have decided to use Mir would have at least shared same "server" code and probably also get around this issues but is hard to promote quality when Gnome and RedHat has a different idea.

In fact, KDE might have entirely different issues that cause the same problems. The frustrating thing about Wayland's design is that every single WM/DE now gets to have its own, unique set of "crash the world" stability bugs.
(I'm not denying that possibility, and I'm only one datapoint, but) In practice I have only ever seen one DE (GNOME) with these "crash the world" stability bugs, and they also happen on X, which makes me think the problems are not with Wayland.
GNOME crashes a lot probably because of how people are forced to patch the DE with extensions or maybe even the bad quality of their code, but I have crashes of KWin or Plasma hangs sometimes on X , so KDE is not perfect and if I would use wayland on my NVIDIA system I would be hit with work losing crashes. KWin and Plasma are pretty complex so there will always be bugs , this is why I am wondering if there can be soem kind of refactoring to a safer architecture.
> (seemingly everything, nothing is ever Wayland's fault or responsibility)

That's because there is no such thing as "wayland" actually running on your machine -- it's simply a protocol for compositors and applications to talk to each other.

> That's because there is no such thing as "wayland" actually running on your machine -- it's simply a protocol for compositors and applications to talk to each other.

"Wayland" is also an implementation. The protocol and implementation share a name. By the look of things, Gnome does indeed require it (that is, various "libwayland" packages) on Ubuntu.

(I'm not the one who downvoted you, so have an upvote, but) I think they renamed their reference implementation to "Weston" to differentiate it from the Wayland spec/interface. Gnome implements its own, as does KDE, as does Sway. But I'm a simple person, and in my eyes even bare Weston is "good enough" in that "startx" sort of way...
They have a compositor named Weston, yes, but then what is libwayland, on which Gnome (and others) depend?

Wikipedia:

> Wayland is a communication protocol that specifies the communication between a display server and its clients, as well as a C library implementation of that protocol.

That's the C library also named Wayland and made by the people guiding the Wayland spec on which Gnome depends, no? Or are there three things going by the name Wayland, one of them not actually associated with the Wayland project?

They could have perhaps done better to differentiate All The Things, but libwayland is just a C implementation of speaking the Wayland protocol...?

AFAIUI, e.g. KDE doesn't actually use any of that. (I could be wrong, I honestly don't care that much about the minutiae.)

You could blame the architecture on Wayland. But I am sure in 15 years when Wayland(implementations) will have similar features and stability as Xorg it will be obsolete. I have the feeling that Wayland architecture is like it is because of incompetence and moving the problems into extensions and implementations.
> Is this a GNOME architecture issue?

Yes. And always has been since like forever ago. I'm all for choice and diversity, but I've personally never understood all the love and excitement and attention that GNOME has gotten ever since Canonical got behind it and dropped Unity.

I'm certainly not it's target audience - running XFCE, LXDE/LXQT, and i3/Sway over the years - but it really gobsmacks me to hear the cheerleading over what seem like really basic fixes, like "now the single-threaded shell crashes to login less often! Horray!"

What's surprised me about modern Gnome is how much heavier and worse-performing it is than... KDE. What a reversal compared with the Gnome2 days.
Agreed - I should clarify that my Gnome gripes are mainly about how they failed to "get it right" with Gnome3. I don't really have any specific criticism of the old Gnome2 - Both it and KDE were too heavy for me in those days.
One of the best things about Linux desktop for me is that fortunately we're not forced to use Gnome3. Actually Gnome2 wasn't that bad and I'm very happy it was revived as Mate. I assume most people run Gnome3 because it was the default DE in their distro, but honestly, they should do themselves a favor and at least test some popular alternatives.
Yes. Someone decided that having one process be the display server (which in the x11 world is separate) and the desktop shell, and have said desktop shell be able to run basically arbitrary js code, is going to work well. And it mostly does, as long as you are foregoing the js extensibility part; otherwise (at least in my personal experience) it's a complete disaster.
I haven't really tried 20.10 or 21.04 - but have been running Wayland on 20.04 for at 6 months (I've run 20.04 a year, not sure when I switched to Wayland). Lenovo latitude laptop with Intel graphics, two external screens, one HD, one 2k with fractional scaling. Works well. Gnome desktop.
Regarding jumpy mouse, try it with an another one. I suspect some higher end or gaming mice work badly with Ubuntu for some reason. Very jerky motion and missed button presses.

Cheap basic mice seemed to work well.

I actually do have a gaming mouse I really like using. Not sure if I want to downgrade for that. It has to be Gnome issue, I've used Sway (Wayland) where everything was super smooth.
There was an article here a few months ago about TPM backed full disk encryption in Ubuntu 21.04:

https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-2...

Anybody know what happened to that idea? It's been a long time desire of mine to have a secure Linux laptop without needing to enter my password twice during startup and I was hoping to get it with this release, but when I tried the beta the installer did not allow it.

Easy LDAP/AD support and TPM encryption were the two showstoppers whenever I asked IT departments at previous workplaces to provide me with a Linux laptop, as their engineers did not know how to set them up but they had compliance check-boxes they needed to fill in regardless of utility (antivirus being a third one but it turns out these days AV companies actually provide Linux builds). Now that the LDAP/AD stuff is sorted out, fingers crossed for TPM encryption.

> "It's been a long time desire of mine to have a secure Linux laptop without needing to enter my password twice during startup"

Only with regards to that sentence (as I don't know much about TPM): You can simply opt for full disk encryption during install, and then you can also select "automatically log me in on boot" (not exact wording) when creating your user. So you enter the encryption password and that's it. Not sure why you would _need_ to enter password twice with encryption?

That's how I handle it. Screen lock, or returning from suspend still prompts for user password as usual.

Can anyone comment on how/if VST GUIs work properly? VST2 doesn't make many guarantees but the VST3 spec implies that Wayland is not supported at all.

Ubuntu/Ubuntu Studio is a decent enough distro for audio production, so it would be sad if this was broken.

How's Wayland + Gnome working for fractional scaling in HiDPI screens? Last time I tried some applications like Chrome, Firefox and others would be all blurry.
Somewhat related: I’ve been using GNOME 40 on my Arch-based desktop and it’s really slick. It’s making the switch from macOS a little less painful. Looks like it didn’t make into this release.

Completely unrelated: I just discovered Rofi (extensible Spotlight-ish launcher for Linux) and it’s lovely, especially when bound to Super+Space.

Same here, switched from dmenu to rofi a couple weeks ago, it's neat!
I mean gnome 40 came out weeks ago. Not going to be in Ubuntu for a while. (Ubuntu does tend to lag on the Gnome front, which does give a chance for theme and extension devs to catch up)
(comment deleted)
What is "super" ? Do you have some special keyboard?
It’s the generic term for the Windows or Command key.
I wonder if there's a significant alternative to the current audio system in Ubuntu 20.04 -- PulseAudio+ALSA are awful? For a year now, I've suffered with the most frustrating breakdowns getting sound to pump out of the right interface without causing my machine to burn 200 watts to "compute" something. I love Linux, I love Ubuntu, I use it everywhere, but this little daily-frustration quietly drives me back to my increasingly closed macbook.
PipeWire looks like it's shaping up to be an excellent spiritual successor to (and unification of) both PulseAudio and JACK:

https://pipewire.org/

https://wiki.archlinux.org/index.php/PipeWire

This got me reading. I didn't realize how quickly this change to PulseAudio might be. It looks like Fedora 34 is actively moving to PipeWire as it's new default. I wonder what's preventing Ubuntu from making a bigger change. More downstream dependencies? https://wiki.debian.org/PipeWire
My ten second search shows 20.04 is too old for Pipewire to work well, but it works on 20.10 and presumably 21.04. It supposedly fixes the CPU usage issue you have, so relief may be available.
If you don't use bluetooth headsets you could use raw ALSA. Pipewire is the more mainstream (but new) alternative, as Pulseaudio replacement.
Yay! Linux controlled by Active Directory by default!
I still can't reconcile zfs in the installer. There's no warnings or information upfront about how you will make your filesystem into a nice brick if you upgrade your linux kernel and forget that your filesystem has to be manually upgraded with that kernel version.

Distros should not include filesystems that aren't in the kernel in their official installer. Fedora made the right decisions with btrfs. If users want zfs they don't need the official installer for it.

I disagree. Part of what I love about the Linux culture is that it gives me the freedom to tinker. The Ubuntu installer makes it absolutely clear that ZFS is still experimental, but it still lets me play with it. Granted, I swiftly broke my OS and moved away from ZFS when I tried it, but I like that it let me do that.
1. You won't get a kernel update that doesn't contain zfs support, as the distro contains this. 2. Even if you install a manual kernel from outside of ubuntu you wont' brick it.. you'd just have to boot the old kernel.

btrfs and zfs are.. not comparable.

It does and did, tested on 20.10. Similar stories: https://reddit.com/r/zfs/comments/hasfax/how_do_you_update_l...

It's supposedly meant to "just work" but out of the box it did not. Which is a very common story with ubuntu sadly.

That link is about Debian. Debian doesn't ship zfs module and it needs to be compiled separately for each kernel version.

Ubuntu ships ZFS module in kernel package and it works without having to be compiled nor it needs header package.

What? They ship prebuilt zfs modules along with the kernel.

  # dpkg -L "linux-modules-$(uname -r)" | grep zfs.ko
  /lib/modules/5.4.0-70-generic/kernel/zfs/zfs.ko
In case of Ubuntu 21.04 it seems that DKMS magic takes care of rebuilding ZFS support whenever I install a new kernel package (yes, even one that I've built myself from mainline git---currently running 5.12-rc7). Yes, it can require manual work, if zfs-dkms does not have support for the kernel one is running. This failure should be quite visible: installation of the kernel package will end in an error.

But more importantly, missing ZFS support should not brick the filesystem. The new kernel just can't mount it, which can be overcome by rebooting to an older kernel. And then addressing whatever the issue is.

Also pretty sure Ubuntu keeps a few old versions of Linux. And GRUB uses it's own ZFS module.
As much as I love ZFS, I also recently hit this issue and it was an exercise in frustration to get a running system again.
This is just anti ZFS FUD and completely incorrect. Ubuntu has been shipping binary modules for ZFS for several years now. I've been running servers and laptops for a couple of years with ZFS root (laptop with native ZFS encryption). The only issue I've had is Canonical breaking GRUB hooks for encrypted ZFS root - solved via systemd-boot and EFI for me.

If you use DKMS, then you might have issues, but there's no need with Ubuntu (and other distros like Manjaro) anyway.

Btrfs is probably never the right decision - use the FS that's right for you and your workload.

Have they fixed the numerous snappy issues in this release? Namely snappy being slow, and desktop snaps being buggy?
I put the beta on an AMD Lenovo Yoga Slim 7 yesterday. The thing's slick as hell. As far as I can tell so far, everything just works.

Apropos of which, does anyone know why trackpad interfaces are an area of active change? It really surprised me when the trackpad got disabled by closing and opening the lid on 20.10. I naively think of trackpad hardware as mostly a solved problem.

you would be surprised, I'm sorry for this poor comments, I have to get back to work.

But last time I checked a year ago, some poor lone soul was trying to gofundme his effort to provide better drivers/firmware.

Trackpad and sleep-mode are the two things I miss from windows/OSX. It's just more polished over there, specially OSX.

iOS has a pretty good Trackpad too.
Are there any known surprises coming from 19.10?
Why 19.10? (I mean, why not 20.04 lts?)
Because I'm running it of course.
I don't run Ubuntu. If I did, your question has convinced me I would be happiest on an LTS version. 5 years of not changing much is more in line with my level of interest in puttering around my OS settings than every 9 months.

https://ubuntu.com/about/release-cycle

The 19.10 bump was to get some fresh base libraries to build something as I recall. I think it might have for Remmina. Otherwise totally agree with you, LTS is always preferable
Are you aware that you've been running a version that hasn't been getting updates since July of last year? If not, then having your OS actually get updates again might be a surprise. You'll have to update to 20.04 first, though, and then 20.10 before you can update that to 21.04. There's no direct update path (another known surprise, one might say). If you don't want to update every six months, just stick to the long-term support version (LTS, currently 20.04).
The bootloader was broken for this laptop model in 19.10 and I've been deferring going through the same pain upgrading to 20.04. Totally aware of the support situation and upgrade sequence, but an unsupported machine sure beats a bricked machine
You should definitely go to the pain of upgrading to 21.04, since xx.04 releases get updates for 5 years instead of 6 months.
Even if my machine won't boot afterwards?
You'll never have to upgrade it again!
21.04 is not an LTS with 5 years of support. The latest LTS is 20.04.
True:

Ubuntu 21.04 will be supported for 9 months until January 2022. If you need Long Term Support, it is recommended you use Ubuntu 20.04 LTS instead.

Only every second xx.04, to the best of my knowledge. 20.04 was an LTS release, the next LTS will be 22.04. 21.04 is a standard release supported for 6 months.

Edit: Ninja'd by jpace121, should have refreshed before commenting.

Not too many, as it has been EOL since July 2020.
I've been using it with an AMD RX580 driving a 32" 4K monitor for a couple of years now and it just about works perfectly for my needs, including playing a few games through Steam. The only issue I have is that for some reason I occasionally cant alt-tab to the keepassxc window under gnome after I start it up. If you use Linux on the desktop and don't otherwise require an nvidia card (cuda, etc) it is worth while to switch to an AMD card or to spec one for a new build.
> Firefox, OBS Studio and many applications built with Electron and Flutter

Many applications built with Flutter? Such as?

The full sentence is about them being able to take advantage of Wayland automatically.

It appears to me that you've clipped the quote to change the meaning.

This is the full quote:

> Firefox, OBS Studio and many applications built with Electron and Flutter take advantage of Wayland automatically, for smoother graphics and better fractional scaling.

It implies that there are already many application built with Electron and Flutter.

My question is simply: what Flutter applications?