Canonical has decided to try a new approach to the Linux desktop with next year's Long-Term Support (LTS) Ubuntu Linux 24.04 release. This new release will use an immutable Linux system with additional software provided by Snaps.
Canonical software engineer Oliver Grawert let the cat out of the bag in a reply to a post about Ubuntu's plans to ship the CUPS printing stack as a snap. Grawert wrote, "An immutable version exists since 2015, called Ubuntu Core... there will be a desktop release of it with the next LTS." This will be optional, though, the classic desktop won't be going away.
Oliver Smith, Canonical's Ubuntu Desktop project manager, confirmed this new Ubuntu model in an official Ubuntu blog post. Smith wouldn't give an exact date. Instead, he wrote, "In due course, when we think the entire system can be delivered this way, we will be excited to offer a version of the Ubuntu Desktop which has these new capabilities."
Now you may be asking at this point: " An immutable what?" An immutable operating system is one where some, or all, of the operating system file systems are read-only, and cannot be changed. You do this because they are inherently more secure. Many attacks and exploits rely on writing or changing files. If you can't modify the files, hackers can't damage your work or computer.
Immutable operating systems are often used in Internet of Things (IoT) devices. For example, in Canonical's case, the company has offered Ubuntu Core, an IoT platform, since 2014.
Built on the same kernel container technology that powers Docker and LXC, Ubuntu Core employs a comprehensive sandboxing approach to ensure each system component's security and independence. This approach not only allows apps to function within their own data management confines but also offers the flexibility to use newer versions of apps on older versions of Linux.
Specifically, immutable operating systems have the following common features:
Read-only: The primary characteristic of an immutable OS is that users or applications cannot directly modify the running system.
Atomic updates: Updates are applied atomically, meaning they're successfully applied all at once or not at all.
Predictable: Because the core operating system doesn't change, its behavior is predictable across devices.
Isolated Applications: Applications are isolated from the core operating system and from each other, usually through containerization. This ensures that changes made by an application don't affect the core system or other applications.
If this idea is so great, why haven't you heard of it before? Well, actually, you have. You just didn't know that Chromebooks with ChromeOS have been using immutable, sandboxed technologies since they first appeared in 2011.
The difference between ChromeOS and other operating systems is that while ChromeOS is a Linux distribution, it's also a highly restricted one. As Smith observed, "Desktop software is in many ways trickier to containerize than server or IoT software, because we want our desktop apps to work well together. That tight integration also makes it more difficult to define the sandbox boundaries between applications and system components in a way that is both secure and easy to use."
Canonical isn't the first to tackle this problem. Besides Chrome OS, Fedora Silverblue with OSTree and openSUSE Aeon are already shipping immutable Linux desktops. But, if you're an Ubuntu fan, who wants a stable, secure, immutable Linux desktop, this is the release you'll want to see.
In addition, unlike these distributions, Ubuntu Core takes a more granular approach to the operating system. It divides the OS into discrete components, each encapsulated within a snap. The four primary snaps -- Gadget, Kernel, Base, and Snapd -- form the Ubuntu Core's foundation. Additional OS snaps can be layered onto this image to enable other elements of the operating system, such as a desktop environment.
This composable approach allows users to assemble streamlined Ubuntu Core images with only the necessary components needed to run single-purpose applications. This reduces both the operating system footprint and potential attack surface. Moreover, you can update each snap at your own pace. This significantly minimizes the need for device reboots.
Behind the scenes, Canonical has been contemplating Ubuntu Core's potential benefits for developers and daily users. Properties inherent to Ubuntu Core, like secure boot, recovery states, and hardware-backed encryption, will bolster a user's PC security posture significantly.
Moreover, the modularity of Ubuntu Core enables users to experiment with alternative desktop environment snaps while sticking to a highly stable, signed, and secure LTS base. The use of snap channels also allows for the concept of rolling certain elements of the distribution, enhancing the user experience.
Each snap of an application or component has four standard channels: Stable, candidate, beta, and edge. These channels allow users to choose how cutting-edge they want their software to be. The stable channel is the most tested and reliable, while the edge channel includes the latest changes.
So, for example, gamers, said Smith, "might opt-in to a kernel channel that ships the latest NVIDIA drivers as soon as they are available, in the same way the Ubuntu Desktop team did for Mesa as part of our work on the Steam snap."
While this approach will appeal to users who want stability and security, developers and old-school Linux users who want the maximum control of their system won't find it interesting. For them, however, the traditional Ubuntu desktop will still be around.
Still, many users dislike Canonical Snaps. Immutable operating systems also have their problems. They're not as flexible as ordinary operating systems, and not all applications and services work well with containerized environments.
All that said, this new Ubuntu Linux desktop may yet prove to be popular. And, who knows, just as Chromebooks became popular, perhaps in 2024, dedicated Ubuntu laptops will find a wide audience as well.