Slashdot Mirror
Ubuntu Disputes 'Ads In MOTD' Claims (twitter.com)
Thursday Lproven (Slashdot reader #6030) wrote:
It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."
Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Kirkland describes the design of the feature as follows:
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."
Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Kirkland describes the design of the feature as follows:
- Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"
- It sources 3 admin-editable config variables in /etc/default/motd-news. The defaults are: ENABLED=1, URLS="https://motd.ubuntu.com", WAIT="5"
- The admin can disable it entirely (ENABLED=0), change or add other MOTD news sources (your corporate IT team could run its own), and change the wait time in seconds
- If it's enabled, that systemd timer job will loop over each of the URLS (note, that it's important that these should be https with valid SSL certificates), trim them to 80 characters per line, and a maximum of 10 lines, and concatenate them to a cache file in /var/cache/motd-news
- Every ~12 hours thereafter (with a little bit of random timer fuzzing), this systemd timer job will re-run and update the /var/cache/motd-news
- Upon login, the contents of /var/cache/motd-news is just printed to screen.
Kirkland notes the message can be customized by local IT administrators, or used to deliver warnings about serious vulnerabilities like Shellshock or Heartbleed. And he also describes the dynamic motd as a Ubuntu feature since adopted by other distros (including Debian) as "a flexible framework that enables distro packages or administrators to add executable scripts in /etc/update-motd.d/* to generate informative, interesting messages displayed at login... for almost 40 years of Linux/UNIX, the 'Message of the Day' was anything but that... It was a message that was created at one point in time, when the distro released, and that's about it. And we managed to change that."
Tech industry robber barons have finally destroyed the last vestige of Unix freedom.
The message of the day is for local news to local users.
MOTD is off limits to vendors, you money grubbing assholes!
You damn kids, get off my box!
When Microsoft places ads in the form of recommended apps in Windows 10, it's denounced as evil. When Ubuntu places ads in the MOTD, it's somehow okay and completely acceptable. It's not unlike Ubuntu sending searches to the internet by default to retrieve recommendations for the user. Of course, this was also tolerated and considered acceptable. There's a double standard in which Microsoft is criticized for the very things open source also does. Now, I'll surely get censored by aggressive moderators who would prefer rather to mod me down to -1 rather than discuss the hypocrisy in what is otherwise an open source echo chamber.
Whether the MOTD updates are advertisements or not is almost entirely irrelevant (although it's good for creating extra outrage).
The problem is that such a monumentally retarded mechanism exists *at all*. In fact, it's even a potential security issue. Sending arbitrary byte sequences to someone's terminal can do some very nasty things, unless they were smart enough to at least restrict it to printable ASCII. It's also an obvious vector for information leakage of various kinds.
Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"
It seems like it would be a trivial matter to update that script so its output is mailed to pr@canonical.com .
#DeleteChrome
platform="$(uname -o)/$(uname -r)/$(uname -m)" /proc/cpuinfo | sed -e "s/.*: //" -e "s:\s\+:/:g")"
arch="$(uname -m)"
cpu="$(grep -m1 "^model name"
# Piece together the user agent
USER_AGENT="curl/$curl_ver $lsb $platform $cpu $uptime"
Nothing really damning. However, there is an advantage to gathering this info, even if it is (mostly) anonymous.
EG, how long people leave their machines up, how long between a kernel security announcement, and an reboot after that fact, what types of machines the userbase has, and on and on.
Couple that with advertising (and yes, telling people about yourself is advertising, it's called "brand awareness"), and you get definite value for Ubuntu.
I think it's silly, and even realistically a stupid feature -- but, it is something you can disable. And, all did was go to the package page for base-files, and download it, extract, and examine the script.
So, it's hard for me to get extremely upset.
There was a time when free software meant people didn't try to sell you shit. Those days are fucking gone.
Now every motherfucker is on the fucking grift. Even Linux motherfuckers.
Linux is also shit because EVERYTHING IS SHIT.
And, of course, there aren't, like, 50 other Linux distros that don't pull this kind of stunt for you to choose from.
You need to learn the difference between "is a subset of" and "equals".
Il n'y a pas de Planet B.
1. phone-home shit like this is evil and companies like ubuntu should just STOP. FUCKING. DOING. IT.
2. it's a bit fucking rich for hackernoon to complain about this when you can't even view their web site without enabling javascript from at least 6 different sites. They should just stop fucking doing that shit too.