
Ubuntu displays advertising in /etc/motd - 0x0
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1701068
======
stinos
_Instead,[https://motd.ubuntu.com](https://motd.ubuntu.com) should show
relevant items to those that use Ubuntu Server (relevant security issues,
etc), instead of items for desktop users._

Shouldn't that be more like "Instead, Ubuntu should not fetch the motd from
the internet by default, but have this feature as opt-in"?

~~~
wdfx
Reading the bug report, this did lead me to wonder what happens when one tries
to log in to an Ubuntu server which is behind a firewall and without internet
access. Does this nonsense cause a timeout delay in getting into the box ?

~~~
dustinkirkland
Howdy! I'm the author of the code in question, a bug in said code, and the fix
to the bug in the code :-)

By design:

\- Asynchronously, about 60 seconds after boot, a systemd timer fires which
runs "/etc/update-motd.d/50-motd-news --force"

\- It sources 3 admin-editable config variables in /etc/default/motd-news. The
defaults are: ENABLED=1,
URLS="[https://motd.ubuntu.com"](https://motd.ubuntu.com"), WAIT="5"

\- The admin can disable it entirely (ENABLED=0), change or add other MOTD
news sources (your corporate IT team could run its own), and change the wait
time in seconds

\- If it's enabled, that systemd timer job will loop over each of the URLS
(note, that it's important that these should be https with valid SSL
certificates), trim them to 80 characters per line, and a maximum of 10 lines,
and concatenate them to a cache file in /var/cache/motd-news

\- Every ~12 hours thereafter (with a little bit of random timer fuzzing),
this systemd timer job will re-run and update the /var/cache/motd-news

\- Upon login, the contents of /var/cache/motd-news is just printed to screen.
There was a bug (fixed now, working its way through the Ubuntu update
process), in that an empty cache file was not getting, if the fetch failed, so
the fetch was retried every time (and failed every time, with the $WAIT delay
of 5 seconds). Obviously, it was a simple fix.

As I am generally responsible for this feature in Ubuntu (as the Ubuntu
Product Manager for the design, and the Ubuntu Core Developer for the
implementation) I'll also respond to the discussion about this feature being
included in Ubuntu at all...

\- Back in 2009, Ubuntu was the first distribution to add the concept of a
"dynamic MOTD", by introducing the /etc/update-motd.d/* structure of scripts.
I originally implemented it for Landscape (a commercial package management
system by Canonical), but it has since also been adopted by Debian, Amazon
Linux, and others.

\- It's a flexible framework that enables distro packages or administrators to
add executable scripts in /etc/update-motd.d/* to generate informative,
interesting messages displayed at login.

\- This was quite interesting, in that for almost 40 years of Linux/UNIX, the
"Message of the Day" was anything but that... It was a message that was
created at one point in time, when the distro released, and that's about it.
And we managed to change that.

\- If you look in your Ubuntu's /etc/update-motd.d/, you'll see a set of
scripts. One prints the generic "welcome" banner. The next one prints 3 links,
as to where to find help. You'll also find one that counts and displays the
number of package updates available for the local system. Another tells you if
a reboot is required.

\- All of these are locally generated, based on local information available on
the system.

\- In Ubuntu 17.04, we added /etc/update-motd.d/50-motd-news. This is the
script who's design is described above. The motivation is threefold:

* Sometimes, there's critical information that either we, the distro, or perhaps even the local IT administrator of a fleet of systems needs to communicate to users at login. Think, "ShellShock", "Heartbleed", "StackClash". This seems to happen every few months, in the current state of the world.

* Other times, we need to communicate something about the distribution. EoL messages, new feature availability, etc.

* And sometimes, it's just a matter of presenting a fun fact. News from the world of Ubuntu. Or even your own IT department. Such was the case with the Silicon Valley / HBO message. It was just an interesting tidbit of potpourri from the world of Ubuntu. Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on.

\- There is a team of engineering managers at Canonical (the ~ubuntu-motd team
in Launchpad), all of who have shared write access to the source code
repository (lp:ubuntu-motd in Launchpad). Going forward, we're going to review
one another's proposed message merges. In fact, that's an open source
repository. You're welcome to propose your own messages for merging, if you
have a well formatted, informative message for Ubuntu users. We'll be happy to
review and include them in the future.

As always, I'm impressed with the critical analysis of the HackerNews
community. We, the Ubuntu ecosystem, are held by the HN community to a very
high standard, and we're quite humbled by that. Thank you for the continued
feedback and response.

Cheers, Dustin

~~~
revmoo
A couple thoughts:

\- Why did you copy/paste this on the bug tracker
([https://bugs.launchpad.net/ubuntu/+source/base-
files/+bug/17...](https://bugs.launchpad.net/ubuntu/+source/base-
files/+bug/1701068/comments/11)) and find/replace 'Ubuntu Community' with
'HackerNews community'? Doesn't that seem a little bit patronising to both
parties

\- Why didn't you actually address the issue? You said a lot of words but at
no point did you say whether or not you would be removing this "feature" OR
keeping it.

------
matt4077
Good for them. Ubuntu does lots of good work that benefit the whole community,
and if this allows them to stay in business, and pay people well to write
open-source software, I'm not complaining.

Considering the example shown (which I also get logging in) is about HBO's use
of Tensorflow, this also happens to be the best-targeted ad I've seen in a
while. At that level, advertising actually does become something that's
valuable/interesting for the recipient.

And if not, it takes about 10 seconds to disable.

~~~
ckastner
I don't think that the advertisement itself is the issue, but rather the
medium chosen for it.

Speaking for myself, I expect /etc/motd to contain information deemed relevant
to me by the responsible sysadmin. I feel like this is the hi-jacking of a
well-established communications channel, for ads no less.

------
smacktoward
This is a _serious_ reach.

The item linked in the MOTD isn't an ad, it's a _news story_ about a
relatively high-profile project that turns out to have been built with Ubuntu.
The story isn't written by Canonical; in fact, in the relatively long list of
people thanked for their help at the end, Canonical isn't even included. It
doesn't make a sales pitch, and only mentions the word "Ubuntu" _one time._

The only way to interpret it as "advertising" is if you believe literally
anything that mentions Ubuntu is an ad, which would be stretching the meaning
of the word far beyond the breaking point.

If Canonical wants to use /etc/motd to spotlight interesting projects people
are doing with Ubuntu, as a user of Ubuntu desktop & server I personally don't
see a problem with that.

------
stephenr
It still baffles me why people choose Ubuntu for a server.

Canonical has a history of doing weird things: how many times have they
diverged from upstream with some in-house solution that never quite works out.

The 6 monthly releases aren't realistic for business, who use LTS, at which
point you may as well use Debian and back ports/vendor repos for software you
need more updated versions of.

~~~
gldalmaso
There are people who need to operate linux servers without great familiarity
with any of them, Ubuntu just seems to have a much greater available knowledge
base.

You can just basically search for "how to do x in ubuntu xx.xx" and get very
helpful results, including solutions for Ubuntu desktop that are relevant to
the server version.

Results may vary immensely with "how to do x in y", y being any other distro.

~~~
rf15
You should not operate a linux server without great familiarity. (well, at
least not one commercial success/survival depends on)

~~~
amclennon
Everyone has to start somewhere...

~~~
s_kilk
But preferably not in production.

------
bubblethink
Off Topic. I find it funny that you would have a hard time watching "HBO's
Silicon Valley" on an Ubuntu machine legally. HBO still uses flash based DRM.

~~~
kurtisc
Can't Chrome's built-in Flash overcome that?

~~~
bubblethink
No, chrome's flash doesn't do DRM on regular linux distros. It does it only on
ChromeOS.

------
captainmuon
But is it advertizing? I wonder if Canonical recieved money for this. I think
it is just an interesting story that they linked to.

~~~
bubblethink
That's not the only form of advertising. They are advertising themselves. More
like marketing.

------
sandstrom
As long as security info etc. is present and prominent I don't mind if it's
accompanied by entertaining tidbits.

~~~
gargravarr
At the same time, it's considered poor practise to give servers open internet
access. The only outgoing connections that should be allowed are to update
servers. I'd second disabling this 'feature' on a server - it seems very
unnecessary to get a MOTD from the internet in the first place, let alone if
there's going to be advertising in it.

~~~
dingaling
And updates are ideally pulled from a local cache so that only one server in
the DMZ needs to connect to Ubuntu's server.

It's disappointing that in 2017 no Linux vendor ships with a default-denial
Internet firewall configuration but I suppose stories like this explain why.

~~~
cyphar
> It's disappointing that in 2017 no Linux vendor ships with a default-denial
> Internet firewall configuration but I suppose stories like this explain why.

I don't believe that's accurate. On openSUSE and SLE you have SuSEFirewall2
which has such a configuration (from memory) and I would be surprised if RHEL
doesn't have such a configuration.

------
joosters
TL;DR : edit /etc/default/motd-news and change ENABLED to 0

~~~
du_bing
That's crazy, how do you find that?

~~~
kyledrake
find /etc | grep motd

------
justinclift
Canonical, the Microsoft of Linux. ;)

(for anyone wondering, that's a comment on ethics)

------
zzzcpan
Ubuntu should advertise in updates. User is waiting for it to finish either
way, connected to the internet and won't get annoyed.

------
mr_overalls
I've been running Ubuntu on my laptop for a while, working as a software dev.
Maybe it's time to switch.

What other distro is a competitor in this space? (I.e., not a minimalist
distro, easy to use, with plenty of available software?) Fedora? Mint?

~~~
romanovcode
Arch

~~~
sk1pper
I haven't used Arch in years, but I'm pretty sure it qualifies as a minimalist
distro.

~~~
romanovcode
But isn't that what OP was asking for?

------
kronos29296
Now this is either poor marketing or poor taste. They tried with desktop with
Amazon applets now /etc/motd for server guys. This is really bad for ubuntu

------
krzrak
Really disappointing.

------
yuhong
I wonder how many use the terminal in the first place for such an ad to be
actually profitable anyway.

------
throwanem
Who leaves the default motd in place after an install?

~~~
mort96
I do?

~~~
thinkMOAR
Then you apparently don't work on PCI grade machines. Many particular industry
security standards dictate you put a 'if you are not authorised disconnect
now' message in the motd.

~~~
nsebban
I wish there was a way to know how many evil-doers cancelled their evil plans
after reading that kind of MOTD.

~~~
detaro
AFAIK the theory is that it helps with prosecution - if they got this prompt
they clearly were told where they are and that they are not welcome and can't
try to excuse themselves through some mistake or not knowing that they
shouldn't access.

