Ubuntu Disputes 'Ads In MOTD' Claims

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Kirkland describes the design of the feature as follows:

• Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"
• It sources 3 admin-editable config variables in /etc/default/motd-news. The defaults are: ENABLED=1, URLS="https://motd.ubuntu.com", WAIT="5"
• The admin can disable it entirely (ENABLED=0), change or add other MOTD news sources (your corporate IT team could run its own), and change the wait time in seconds
• If it's enabled, that systemd timer job will loop over each of the URLS (note, that it's important that these should be https with valid SSL certificates), trim them to 80 characters per line, and a maximum of 10 lines, and concatenate them to a cache file in /var/cache/motd-news
• Every ~12 hours thereafter (with a little bit of random timer fuzzing), this systemd timer job will re-run and update the /var/cache/motd-news
• Upon login, the contents of /var/cache/motd-news is just printed to screen.

Kirkland notes the message can be customized by local IT administrators, or used to deliver warnings about serious vulnerabilities like Shellshock or Heartbleed. And he also describes the dynamic motd as a Ubuntu feature since adopted by other distros (including Debian) as "a flexible framework that enables distro packages or administrators to add executable scripts in /etc/update-motd.d/* to generate informative, interesting messages displayed at login... for almost 40 years of Linux/UNIX, the 'Message of the Day' was anything but that... It was a message that was created at one point in time, when the distro released, and that's about it. And we managed to change that."

Totally missing the point

Whether the MOTD updates are advertisements or not is almost entirely irrelevant (although it's good for creating extra outrage).

The problem is that such a monumentally retarded mechanism exists *at all*. In fact, it's even a potential security issue. Sending arbitrary byte sequences to someone's terminal can do some very nasty things, unless they were smart enough to at least restrict it to printable ASCII. It's also an obvious vector for information leakage of various kinds.