Built For A Hostile Internet: Canonical Vp Of Engineering On Ubuntu 26.04 Lts

Jon Seager, Canonical VP of Engineering 

Canonical/ZDNET

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• The latest semipermanent support version of Ubuntu 26.04 is here. 
• This type is safer and faster than ever.
• It includes superior AI instrumentality improvements. 

Canonical's caller Ubuntu 26.04 Long Term Support (LTS), which arrives connected April 23, 2026, isn't trying to beryllium flashy for its ain sake. This type is trying to beryllium difficult to break, easy to trust, and modern capable to matter for nan adjacent decade and a half. At a media briefing up of nan launch, Jon Seager, Canonical's VP of engineering for Ubuntu Linux, framed this merchandise astir a azygous word: resilience.

He could person called it safer aliases much reliable, he said, but that wasn't enough. "I deliberation resilience conveys a bully connotation of a strategy that is unafraid and reliable, but besides durable, successful a sense, for illustration durable to nan sorts of conditions that a instrumentality whitethorn beryllium exposed to connected nan net these days, wherever a batch of our machines reside," Seager explained. That theme, surviving a dispute net while staying useful, runs done nan full release.

Also: 98% of IT leaders want integer sovereignty: Now SUSE is operationalizing it

With 26.04, Canonical wants Ubuntu to beryllium a showcase for nan champion of upstream, moreover erstwhile it's still "as yet unproven" -- pinch a batch much engineering and auditing to make it fresh for premier time.

At nan aforesaid time, though, Seager is adamant that this merchandise isn't conscionable for hyperscale customers. Sure, he said, Ubuntu is now thing "the biggest enterprises successful nan world trust upon," but it still has to activity for educators, students, mom‑and‑pop shops, and startups. "I firmly judge that we tin fulfill some ends of that spectrum pinch Ubuntu."

Better toolchains for everyone

The astir arguable and eager alteration lands heavy successful personification space: Ubuntu now includes Rust rewrites of respective halfway utilities. Over nan past 18 months, Canonical has helped thrust sudo-rs and Rust coreutils to nan constituent wherever they're now fresh for default usage successful an LTS.

Why? Because Seager said, "More than 90% of nan world's information vulnerabilities, factually, are related to representation safety, and truthful by replacing halfway parts of nan operating strategy pinch a connection that makes it very difficult to constitute those representation information vulnerabilities, it is beneficial to america from a financial perspective. We are successful nan business of trading information maintenance," he said. 

But beyond Canonical's equilibrium sheet, Seager noted that Ubuntu runs successful powerfulness stations, satellites, and different captious infrastructure, truthful "by dramatically reducing nan onslaught aboveground successful Ubuntu, I consciousness for illustration that is simply a nett good."

Also: The caller rules for AI-assisted codification successful nan Linux kernel: What each dev needs to know

The sudo-rs rollout, he said, was "a rip‑roaring success," and he praised nan Trifecta/Prossimo foundation arsenic "a complete delight to activity with." The Rust coreutils group will vessel "99% there," pinch only 2 aliases 3 utilities still falling backmost to classical GNU coreutils. 

Seager explained: "We've done 2 rounds of soul information audits pinch nan Canonical information team, and besides funded 2 rounds of an outer information auditor… There were 3 outstanding [CVEs] that aren't critical, but because it's an LTS and rather sensitive, we decided to conscionable not make 3 of nan utilities default. It's really 1 hole that affects each 3 utilities. We conscionable didn't rather onshore nan hole successful time."

He was keen to accent this attack isn't astir discrediting nan aged tools. Canonical has already pushed archiving fixes backmost into GNU coreutils based connected Rust work, and location are cases wherever GNU still outperforms Rust and vice versa. The point, he said, is that some toolchains are improving: "The devices are each getting amended for everyone."

Also: I tried a command-line-only distro that tin earnestly amended your Linux skills

Next connected his Rust deed database was ntpd-rs, which he said will supply "the first azygous root of truth for doing NTP, LTS, and PTP each successful 1 place, each successful 1 inferior pinch representation safety," turning what is presently a scar‑inducing workout into thing that's "an absolute delight." Canonical is besides moving pinch Rustls to present "browser‑grade PKI information primitives to Linux" astatine nan strategy level.

Under nan hood

Ubuntu 26.04 LTS ships a Linux 7.0 kernel. The merchandise besides has an aggressively existent connection stack: OpenJDK 25 LTS, Kotlin 2.0.4, updated Go, and .NET 10. There's besides a preview of nan Zig connection toolchain for you to cheque out. This concatenation is already utilized successful Ubuntu 26.04 to package Ghostty, "Mitchell Hashimoto's very shiny caller terminal emulator," for x86‑64 and ARM64. Support for architectures for illustration s390x and ppc64el will travel arsenic Canonical and nan Zig organization activity done nan missing pieces.

However, nan title for developers is connected nan GPU side. Seager declared, "We now person nan correct to vessel Nvidia's CUDA and AMD ROCm successful nan archive pinch our long‑term support commitment. So this removes nan request to struggle to fig retired which versions of CUDA, Nvidia drivers, and PyTorch you need. It should each conscionable beryllium an apt instal away," for each your Nvidia-hardware-based AI work. 

Also: The erstwhile beloved PCLinuxOS is backmost - and it's still a awesome Windows escape

The instrumentality and virtualization stack besides person a argumentation change. Instead of perpetually rolling Docker, containerd, libvirt, and QEMU wrong an LTS, 26.04 ships a fixed stack by default, pinch an opt‑in rolling way for those who request nan latest features. Seager compared it to Ubuntu's HWE kernel model: you tin enactment stable, aliases you tin pursuit caller functionality, but you choose

On nan desktop, Ubuntu moves to GNOME 50, swaps Totem for a caller video subordinate called Showtime, and continues its dependable march toward Wayland‑only graphics sessions. Seager suggested this 2nd effort astatine Wayland has gone "a spot better" than nan ill‑fated 2017 experiment, acknowledgment to amended drivers, a much mature app ecosystem, and a stronger narration pinch Nvidia. "I deliberation it is nan only way guardant astatine nan extremity of nan day… In my individual opinion, it's overdue."

Still can't guidelines nan thought of utilizing Wayland? Seager was unapologetic astir drafting a difficult statement astatine this LTS boundary. Ubuntu can't support each bequest graphics setup forever, he argued, and 24.04 will still get 15 years of updates. If you genuinely can't unrecorded without X11, you're not "high and dry."

More instantly visible for astir users will beryllium Android/iOS‑style permissions prompts for snapped applications. This setup required plumbing from nan kernel and AppArmor up done snapd, GNOME, and GDM, but nan consequence is simple: "This is what allows your machine to show a punctual for illustration you would person go accustomed to connected Android aliases iOS… 'This app would for illustration to usage your camera. Would you for illustration it to?" Seager said. Initially, this attack covers filesystem and camera access, pinch experimental microphone support and much interfaces coming now that nan wiring is successful place.

Also: This is my favourite Linux distro of each clip - and I've tried them all

On nan information side, TPM‑backed full‑disk encryption is now GA connected nan desktop, giving Ubuntu users a BitLocker/FileVault‑like acquisition without double passphrase prompts. Enterprises tin escrow betterment keys successful Canonical Landscape, and server support will travel erstwhile Canonical has nailed nan much analyzable retention and web footwear scenarios successful that environment.

Canonical is besides leaning harder connected modern personality guidance done AuthD. This authentication attack enables users to log successful pinch Azure AD, Google Cloud, aliases immoderate OpenID Connect (OIDC) provider, pinch quality‑of‑life improvements for illustration shorter usernames, automatic keyring unlock, and TPM‑backed token storage. The aforesaid mechanisms are being pushed into nan unreality images. Seager said Ubuntu usage connected WSL is "absolutely rocketing", making it an progressively important portion of nan portfolio.

AI and more

This activity was each done using AI tools. He said AI devices are now portion of normal engineering practice, but Canonical is avoiding nan "one level to norm them all" story. Teams are encouraged to adopt nan devices that make consciousness for them, arsenic agelong arsenic they prime thing consistently astatine nan squad level. The institution arsenic a full is leaning toward open‑source harnesses and open‑weight models that amended fresh Ubuntu's values. There are nary quotas connected tokens aliases AI‑generated code. Instead, engineers are expected to amended themselves and usage nan devices pinch judgment.

Besides AI, Seager shared that location is now "significantly much automation than location was 2 years ago" and "much, overmuch lower" quality involution successful getting each nan correct bits into place. Core processes for illustration main inclusion reappraisal and nan Stable Release Update machinery person been tightened up, and nan developer rank committee is pushing much contributors done nan pipeline.

On nan regulatory side, pinch California‑style age‑verification bills spreading and a US‑wide connection successful nan works, Seager said Canonical is taking a wait-and-see approach. Canonical has "no contiguous plans to make immoderate technological changes to Ubuntu" successful 26.04. He flatly rejected nan thought of rushing third‑party verification services into nan OS and warned against "very shallow" measures that don't execute their goals while exposing personification data. If Canonical does person to move, it will apt commencement pinch property ratings successful nan Snap Store and light‑touch enforcement successful snapd, and it will talk to users publically earlier it flips immoderate switches.

Asked really his first LTS arsenic VP of engineering feels, Seager was measured but positive. The merchandise teams' practices now consciousness "a batch much polished… a batch much modern," and they "move pinch a batch much purpose," he said. When he arrived, immoderate engineers looked astatine his plans "like I was an alien"; now they're bringing him ideas. There's much automation still to do, but "we are successful a importantly amended spot than we were 18 months ago," successful his view.

Ubuntu 26.04 LTS, successful different words, isn't conscionable different constituent connected Canonical's calendar. It's nan first existent impervious that Seager's "engineering Ubuntu for nan adjacent 20 years" schedule is landing -- not conscionable successful Rust and Wayland, but successful really Ubuntu itself gets built and shipped.

Me? I've conscionable started to footwear nan caller Ubuntu's tires, but truthful acold I for illustration what I spot a lot. You'll beryllium capable to spot for yourself now arsenic nan last bits are readied for download.