Canonical has released a new version of the embedded OS Ubuntu Core, otherwise known as Snappy.
Ubuntu Core is a bare bones version of the Ubuntu Linux operating system designed for IoT uses such as top-of-rack switches, industrial gateways, home gateways, radio access networks, smart city digital signs, robots and drones.
Canonical CEO Mark Shuttleworth explained during a press call that the key difference between Core 16 and Core 15, which came out 18 months ago, is that with Core 15 on installation the individual files were spread out all over the disk, as happens with a desktop OS.
This makes it impossible to validate the individual signatures of all the component files and uses more disk space than if they are left compressed.
"In Ubuntu Core 16 we keep all of the software as compressed and signed files. Hackers can't modify that software on the disk, and the software on the device can always be validated," Shuttleworth explained.
The files exist as read-only, immutable compressed squashFS blobs on disk, meaning that devices can store different versions and automatically choose the update that is the best fit, and automatically roll back if things don't go as planned.
"There is a much cleaner roll back so developers can be much more confident they can make changes, which in turn encourages them to add new functionality and to fix issues," said Shuttleworth.
"We have a lower footprint requirement on disk and we've done a huge amount of work to enable the onboarding process so that devices are secure by default. It's now possible to have a device that is extremely difficult to attack over the network unless you get physical access to the device itself.
"Ubuntu Core 16 is much more secure, more product ready and the developer experiences much the same. But the operating experience is a fulfilment of several years of design and engineering."
Snappy's software packages, or snaps, are containerised application images digitally signed to confirm their integrity. Instructions such as when to update the system can be written into the documents so that policies can be easily configured and automated, potentially eliminating human involvement.
Snaps are also compatible with desktop and server version of Ubuntu, meaning that applications packaged using the snap format can run on multiple platforms.
The entire operating system, including the kernel, major applications and libraries, is delivered as snaps, extending the ability to automatically roll back to the OS itself. Canonical said that any device running Ubuntu Core will receive free, regular and reliable OS security updates.
The updates for the system and application snaps are delivered as xdelta diffs, meaning that only code that has changed gets updated, and the updates are compressed before being delivered over the air to reduce bandwidth use.
Canonical claimed that making updates easier to deploy addresses major security concerns about the IoT.
Also on the call was Jason Shepherd, director of strategy and partnerships for IoT at Dell.
"Dell has been working with Canonical on Ubuntu Core for over a year, and our Dell Edge Gateways are fully certified for Ubuntu Core 16. This enables Dell to offer the long-term support and security that IoT use cases such as factory and building automation demand," he said.
"The embedded space is very fragmented with many different OSs and versions. As a company that builds for scale we have to make bets. We're all about being open but have picked a few choices we feel have the right reach and foundation. We're using Snappy, also WindRiver's distro and Windows 10 IoT."
Shepherd added that the security and functionality of the IoT is mostly about the software, making it important to attract developers.
"Our customers in the industrial and commercial space value stability and trust, so in terms of winning over ISVs and OEMs you pick tools that are solid and you invest in them, and build out ecosystems around them," he said.
Mark Vartanyan was working for Norwegian e-healthcare firm Dignio when he was arrested
Samsung can't see a way to profitably compete against Amazon and Google
Fix being rushed out - but not quite as quickly as an ambulance to an emergency
Massive miner Rio Tinto claims 20 per cent of pit-to-port train kilometres in Australia are now driverless
Rio Tinto today, TfL tomorrow?