Ubuntu Developers Say Linux Mint is Insecure

Discussion in 'all things UNIX' started by dogbite, May 26, 2015.

  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
  2. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    this is an old debate.
    Basically linux mint has levels 4 and 5 disabled at default in the update manager.Mint gives the user the choice as to what updates to install.

    Ubuntu however installs all updates without the choice being given.On mint there is a warning on how installing levels 4 and 5 updates may cause instability.
     
  3. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    You can enable levels 4 & 5 just for security updates.

    BTW that story was from November, 30, 2013
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Or you can just not care about any of that.
    Mrk
     
  5. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    And considering the knowledge level of most of Mint's users: most of them are in fact less secure than in other distros in regards to updates that actually matter, no matter if they're locally or remotely exploited.

    I think the Ubuntu developer gets it right, but he's also wrong. Updates CAN cause bugs and break things, but this mostly happens in Ubuntu due to the fact that Ubuntu devs don't care much about stability, they don't test packages as much as they should and I don't doubt that their updates will eventually break things. In Ubuntu 12.10 I was presented with tty1 after installing the NVIDIA Drivers and rebooting, just because the Ubuntu developers didn't mark the Kernel Headers to be installed by default (which is the default on all other distros I tested). So much for a "newbie-friendly" distro. And this kind of breakage will happen again in the future, it's just a matter of time.

    Mint developer got it wrong. If they test the updates for stability than it most likely won't cause critical problems. Look at how Debian is daily pushing updates to numerous important packages without breaking things, and yes I'm talking about the Stable branch.

    After all, I wouldn't use Ubuntu/Mint for any purpose, both are handled in ways that defies my logic.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    It's also a matter of default configuration. Services like SSH and Samba running, and the firewall not configured by default.

    To be fair, unneeded services are an old issue, and found on a lot of the desktop distros (going back to the early 2000s). But Mint, from what I've seen, is especially bad about this. It just has everything and the kitchen sink running.

    I shouldn't need to point out that this is a bad design philosophy. Most end users will never need Samba and SSH, and those who do will know how to enable and configure them. IMO there's just no reason to run such network services by default; the "ease of use" improvement just covers corner cases, where the user should be reading up on those services anyway.
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    Does Mint have SSH and Samba enabled by default?
     
  8. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    That sounds a lot like Windows. Are there any distros that don't follow that philosophy, are privacy oriented, and are reasonably friendly to a new user? Still looking for alternatives for the unskilled Windows users.
     
  10. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @noone_particular

    Not sure. To be honest, the first thing I do on most desktop distros is start up the firewall and disable a bunch of services. Sad how similar the situation is to Windows, in that way.
     
  11. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    What's wrong with Ubuntu and its lighter derivatives?

    There's also Debian and Manjaro (although they include Flash and Steam which I'm not a fan of), how easy those are depends on what you're doing and your perspective. Straight Debian is extremely minimalistic, LXDE uses only ~65mb of RAM on boot.
     
  12. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I just installed Ubuntu 14 LTS dual booting with Windows 7. It is much lighter than Windows 7. It does fine in a 16gb partition and the download was around 1gb. I haven't tested it extensively but I did find it privacy friendly. There is one control panel applet that covers a lot of ground in disabling list keeping of opened files and documents and it has built in VPN functionality. That being said, it took some tweaking and installing a couple of packages to actually get the VPN connection to work.

    Compared to the distros I tried 10 years ago, I found it pretty slick. I actually got hibernation to work. That took some work but I could never do that with what was out there 10 years ago.
     
  13. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    There is Parabola, which is Arch-based. It's privacy friendly and doesn't have any services allowed by default.

    There is also Trisquel, but is based off of Ubuntu and thus I never tested it.

    Honestly? Their bad release cycles, poor software management done by Canonical's developers, not a stable distro, etc.

    That is not true in regards to Debian. Debian, by it's Core (Main) repos, is fully GNU compatible. It doesn't come with Flash or Steam, or any proprietary software such as Kernel Blobs.

    Not true either, unless you do a minimal install.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    This thread is a good example of why linux can't compete with Windows for the desktop. Windows managed to turn system files into DLL hell. Linux has taken that many steps farther with the packages and distributions. Between the distributions, forks, forks of forks, with different versions and packages for each, they've created a huge mess that should be called distro hell. One calls another insecure. The other responds that the first is unstable, etc, etc. There's no consistency or consensus in any of it. For a Windows user looking for an alternative, it's complete confusion. Unlike Windows, the names of the distributions, packages, and most of the software tell the user nothing. Even among linux users, there's no agreement on what constitutes lightweight, minimal, stable, privacy oriented, etc. Instead of creating more forks and more distros, some of those developers should try writing tutorials in plain language on how to choose what is necessary to build a system that fills your needs, one that explains what the components are for and how to decide if you need them. The names and alphabet soup in most of the descriptions don't tell a Windows user anything. It's like Linux and Windows are on 2 separate islands with a bottomless canyon between them. Linux isn't going to get the Windows user until they build a bridge between the two that a Windows user can understand.
     
  15. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @noone_particular

    Pretty much agreed. Linux has problems with bad end user documentation, and also with duplication of effort on pretty much every level. I can think of a number of reasons this happens, all of them very difficult to solve.

    Mind, though, the gap works both ways: as a long-time Linux user, I find Windows very annoying and inconvenient to work with. Once you're used to thinking one way, it's hard to think differently.
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Very much so. I imagine that Windows or DOS command line can try a linux users patience just like the linux terminal did mine. After years of DOS, linux syntax seems backwards. I imagine a linux user feels much the same way.
     
  17. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    The LTS releases are very stable and well made in my experience, I don't know what exactly your problems were. I personally don't use a release until a few months after it comes out which takes care of most of the bugs.


    65mb of RAM on boot seems minimalistic to me but ok...
     
  18. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Fair points. Ubuntu and Mint devs are doing their best to be that bridge, and when I switched over about two years ago from Win7 I didn't find it overly difficult or confusing. As a new user, various forums were more helpful to me than tutorials.

    I think a lot of the problem is not in the actual distributions, but in Linux purists who tell you to use some obscure distro like Parabola or whatever for largely ideological but impractical reasons, which is going to confuse a lot of people who don't understand everything they mean.
     
  19. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    I've had more problems in using Ubuntu for 2 days than I had using Arch for 2 years. System-related bugs were common, configuration problems after installing drivers or programs, the system not booting after a Kernel upgrade... I just gave up on it after a while, and moved to better systems.

    That depends on what you consider to be minimalistic. I consider having tons of apps installed not to be minimalistic, irregardless of the RAM usage. BTW, I'd love to see Debian running with 64 MB of RAM :)
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    That's interesting.. I've had the exact opposite experience. In fact, the Ubuntu LTS releases have always been trouble-free compared to most other distros. I would guess that most of the millions of others using Ubuntu have had the same experience as I else they wouldn't be using it.
     
  21. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    Really? :p Then why aren't they developing Debian instead of creating their own little toys? Ubuntu came from Debian, and Mint from Ubuntu, those are at least 2 times more effort in maintaining pretty much the same thing, only with a few modifications. Now Cinnamon is on Debian, and I guarantee you can get Unity there too, if that's your thing.

    I suppose you didn't see that I recommended Parabola because it fits onto the privacy category? He asked: "Are there any distros that don't follow that philosophy, are privacy oriented, and are reasonably friendly to a new user? Still looking for alternatives for the unskilled Windows users". Parabola is like Arch, doesn't have any services running by default, and is privacy-oriented, though is for advanced users. Nothing purist there, he just asked and I replied with what I have in hands. Looks like I'm not the purist here.
     
  22. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,969
    Location:
    Brasil
    That's hard to tell, but yeah I agree that it's possible that the majority of users haven't experienced many issues.
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The term "Windows user" covers a lot of ground. For some of them, a browser is "that thing opens Facebook." What sort of Windows user does Mint or Ubuntu target? I'm guessing that they target Windows users by acting or feeling a lot like Windows does. What version of Windows would they be most similar to in appearance and user observable behavior? Does anyone know of a web page or site that gives a comparison of KDE, LXDE, Gnome, Unity, Cinnamon, XFCE, etc, in terms that have meaning for a Windows user?
     
  24. Balthazar

    Balthazar Registered Member

    Joined:
    Nov 8, 2013
    Posts:
    137
    Location:
    Earth
    Exactly! To quote a line from a famous movie:
    Like you said, I don't think there's the Windows user. There may be things one does not want to do without but a lot of people will have a hard time telling you because it is just a way of doing things. For example, double click or one click? What happens when I click the right mouse button in my file manager? Some file managers have „everything (what is that?)“ you need already, others don't but could easily be modified for the individual's need.

    In my experience the main reason a lot of people are (at first) unhappy with a certain Linux distro or desktop environment (or both) is that man is a creature of habit often accompanied with impatience. Once you think about the differnces and give it a little time it will be like with almost everything in life. You'll get used to it.

    There's nothing wrong with trying out a lot of things and checking out how it feels in everyday use. That's when most people can tell you what they are missing and what they like.

    A start for a quick comparison could be this Wikipedia article. You can take a look at all the links and get a good first impression of what you're dealing with. There are lots of other websites regarding this subject:
    http://www.nuxified.org/article/comparing_window_managers_which_best_you
    https://renewablepcs.wordpress.com/about-linux/kde-gnome-or-xfce/
     
    Last edited by a moderator: Jun 14, 2015
  25. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Because Ubuntu has a distinctly different target audience and goals than Debian. Mint is just a different DE for Ubuntu, I agree that it's a bit pointless since Canonical could do the same thing...

    I don't recommend Parabola because it's not very realistic to assume that a new Linux user migrating from XP or 7 is going to have a good time with it. Since it's 100% open source, you have the issue of hardware compatibility, and Arch-based distros are significantly more troublesome than Ubuntu from my experience and from consensus. Ubuntu and Mint and Debian and pretty much every Linux distro there is are very privacy friendly compared to XP, using Parabola and Trisquel is marginally more private if at all. I'm not concerned about some driver having a backdoor.
     
Loading...