On Sunday evening, after a hard day’s work on Project X, I decided to poke around the Ubuntu web site a bit.
The new version wasn’t scheduled for release for another half-week, and I knew from experience that I wouldn’t be able to download it for several days after that, due to web site congestion. Last time, I tried to get it via the BitTorrent method, but apparently my ISP throttles torrents very heavily; it succeeded, but it took close to 24 hours to get the whole thing. I had some idea that grabbing a pre-release version instead might speed things up.
On the Ubuntu 9.04 page, I saw an interesting note: people with 8.10 already installed could use the update-manager -d command to upgrade. I figured that it was preliminary documentation that wouldn’t work until after the release, but I tried it anyway. Lo and behold, it worked! I closed the files I had open, made a quick backup, then let it rip. After about half an hour of downloading (at much higher speeds than I usually see), and 45 minutes of mumbling to itself, the system rebooted and it was ready!
Sort of.
I have a love/hate relationship with upgrades of any sort. I love to see what improvements have been made, but every upgrade (of anything) inevitably causes some kind of problem that I have to find a way to fix. This one was no exception.
9.04 shaved a good third off of the time it takes to boot this machine into Linux, from a minute and five seconds down to something like 43 seconds. The chronic (though visual-only) problems that plagued the title bars of windows, where they would get screwy colors or vanish altogether until I moved the mouse over them, seems to be gone. The new notification stuff is nicer too. But my encrypted home directory would no longer mount.
Irritating, but not completely unexpected — it had happened on previous upgrades, and 9.04 is supposed to have built-in encryption for the home directory that would obviate my work-arounds.
Except that it doesn’t. That was apparently removed late in the alphas, due to problems that people had encountered with it.
Well, no big deal, I can just set up the same system I had on 8.10 and earlier versions, using dm-crypt, right?
Wrong. For reasons I don’t understand, that method no longer works. I spent several hours trying to figure out what was going wrong, to no avail.
So what now? I could just use an unencrypted home directory like everybody else, but if the laptop ever got stolen, all my data would be available to the thief — unacceptable. Or I could set up a TrueCrypt-encrypted partition for my critical data and move everything else to the (now-unencrypted) home directory, but that would be inconvenient because I’d have to manually re-mount the drive after each reboot… not too high a price to pay for the boot-speed and other improvements, but I’d prefer a more automated solution. So I went hunting for a third option.
It seems that the encrypted home directory stuff that 9.04 was supposed to provide is based on a system called eCryptfs. I hadn’t heard of that one before; last time I took a serious look at encryption technology in Linux, Loop-AES was just giving way to dm-crypt.
eCryptfs seems to be superior to both of those. This page describes how to use it in detail, and it’s far simpler to set up than the dm-crypt solution I was using previously. The only bad part is that it doesn’t (presently) encrypt the home directory itself; instead it creates a Private directory under your existing home directory. Any data you want to have encrypted has to be stored in this Private directory (though through the magic of soft-links, it’s easy to make it look like it’s wherever you need it to be). I spent some time moving all my important data into the Private directory and making links, then tested it out every way I could think to… and it worked!
So, despite the rocky start, things seem to be working fine now. Unless something else comes up, I’m happy with this version.
UPDATE
I’ve discovered why the encrypted home directory was dropped from this version of Ubuntu, and it’s not due to problems. From this page…
[…] also changed in the Ubiquity installer is the home encryption support, which has been removed unless you pre-seed the option to Ubiquity. This option has been temporarily dropped since there is no encrypted SWAP support, which reduces the security benefit of an encrypted home directory.
In other words, it’s still there, but not immediately visible. Once they build in an encrypted swap system, it’ll be back.
(I don’t use a swap partition at all, since I’ve got 4GB of memory on this system, so that doesn’t affect me.)
I upgraded my Dell mini 9 using the update-manager -d method. It’s amazing how smooth it was. Linux is such a well-engineered system sometimes, they tend to get the underpinnings right, especially in Debian-based systems. 🙂
Yes, I’ve been fairly happy with Ubuntu so far. I’ve only really seen one problem so far, a version mismatch error with a component of
gnucashthat started in Ubuntu 8.10. I still haven’t figured that one out; it has to be something specific to my system, because you can’t even install thegnucashpackage with it, and I know a lot of other people are using it.Now that I’m using an officially-endorsed encryption system, I don’t think I’ll have any trouble with that in future upgrades either. I’m much happier with this method too; it’s a lot easier to set up, and feels a lot less fragile than my previous system. And it works a lot better with backup software too; if I didn’t already have an encrypted backup system set up, I could use this to store the already-encrypted files on an unencrypted backup with no security concerns.
Yeah, Apple’s OS X major updates (as opposed to patches) usually consists of “now you’ve upgraded and half your apps are flaky, maybe you should wipe and install fresh”. Of course, each of those major versions is a lot more different than a typical six-month version upgrade in Ubuntu is since they’ve had the upgrade system in upgrade-manager in place. This is really a patch version, and those go relatively smoothly with Apple, as long as you don’t have the wrong setup somehow and are of the minority who experience any problems.
(Some people always do combo updates because that minority isn’t as small as one would like, since I have good backups, thanks to Time Machine (though older OS X can use the free Carbon Copy Cloner for any update for a very safe and even better-than-Time Machine backup since the backup itself is bootable!) I chose to live on the edge and use the regular update system, which so far has given me no problems; other than bugs that everyone experiences I guess but I don’t deal with, like the Perl CPAN mess-up; but Fedora had a Perl CPAN mess-up, and these sorts of things happen not infrequently in unstable and bleeding edge distros of course, it’s not unusual considering that CPAN amounts to another repository, and everyone knows having more than one repository updating things is dangerous in Linux or any OS that uses package management and patching of any kind.
Ubuntu has of course a system where everything is frozen and thawed every six months, which seems to work well for the Linux desktop since GNOME and KDE are on a release schedule too (if you want to see how this gets ironed out, which is not as smooth as the final or near-final product, run an Ubuntu alpha; which are significantly more broken, and liable to have fatal breakage, than Debian Unstable, for example, so it’s a case of throwing everything into a state of chaos and seeing what sticks on a cyclical basis, which now somehow works a lot more independantly from Debian than it used to…), I wish Apple would learn something about upgrading from Ubuntu, and Ubuntu from having everything work in the GUI tools that is implemented, and a lot of it being implemented; since opening a terminal isn’t easy for a lot of users who didn’t use computers prior to the GUI.)
My “major update” I mean something like Tiger to Leopard.
Thanks, but I’ll stick with Release Candidate or later versions of the OS. 🙂 My development work is enough of a thrill, I don’t need to augment it with a risky OS too.
I never ran Ubuntu alphas even during my distro-swapping days when I did occasionally run some bleeding edge distros. Having things Just Work is important to me. 🙂